TechSpot

Computer started crashing after clicking a link on the net

Solved
By Pete26
Oct 19, 2012
  1. It seems my computes get infected while surfing a free movies site last week while I had Norton 360 activated on the machine. As soon as I clicked on the link the computer shut down and restarted by itself. After retstarting I ran a google search for smeothing, when I clicked on any of the search results it took me an entirely different advertisement page. Soon after that the machine started crashing and restarting on a perpetual basis. It will restart go to a blue screen, I think generally called BSOD, and then shut off and restart again. I can hardly read the whole message on the blue screen but it says something "disable bios memory options such as caching or shadowing". I tried to run Norton 360 scan in normal mode but could not, then did in Safe mode but nothing was found. I ran Malwarebytes in safe mode by storing in a usb drive and then running on the infected computer, which shows to find Trojan.Agent which was deleted and computer restarted by Malwarebytes scan but it would repeat the infected behavior again in normal mode - show the blue screen and shut off and restart again. When Malwarebytes is run again in safe mode, Trojan.Agent threat is detected again, but it would not go away even though I did quick scan about 5-6 times and full scan once and threat was removed everytime.
    I ran Kaspersky Malware removal and Norton Power Eraser also, but no threats were found.

    Please help!! I am not sure what to do...

    I am using window IE and windows 7 ultimate os 64 bit.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  3. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2012
    Ran by SYSTEM at 19-10-2012 20:34:39
    Running from M:\
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
    HKLM-x32\...\Run: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage.exe /preload [1466144 2011-05-10] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [Nuance OmniPage 18-reminder] "C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini" [385 2012-10-17] ()
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" [144784 2008-06-10] (Sun Microsystems, Inc.)
    HKU\Pradeep\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-04-22] (Google Inc.)
    HKU\Pradeep\...\Run: [Google Update] "C:\Users\Pradeep\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-22] (Google Inc.)
    HKU\Pradeep\...\Run: [OpAgent] "OpAgent.exe" /agent [x]
    HKU\Pradeep\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
    HKU\Pradeep\...\Run: [AdobeBridge] [x]
    HKU\Pradeep\...\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3532224 2012-09-27] (Tonec Inc.)
    HKU\Pradeep\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-05-21] (SUPERAntiSpyware.com)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-29] (Malwarebytes Corporation)
    HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
    Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 208.67.220.222
    ==================== Services (Whitelisted) ===================
    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
    2 N360; "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
    ==================== Drivers (Whitelisted) =====================
    1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)
    1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-10-11] (Symantec Corporation)
    1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121013.001\IDSvia64.sys [513184 2012-10-10] (Symantec Corporation)
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121015.017\ENG64.SYS [126112 2012-10-15] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121015.017\EX64.SYS [2084000 2012-10-15] (Symantec Corporation)
    2 npf; C:\Windows\System32\Drivers\npf.sys [35344 2011-07-28] (CACE Technologies, Inc.)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
    1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\drivers\N360x64\0604000.009\SYMDS64.SYS [451192 2012-03-28] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\drivers\N360x64\0604000.009\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
    3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-06-30] (Symantec Corporation)
    1 SymIRON; C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [190072 2012-03-28] (Symantec Corporation)
    1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [405624 2012-03-28] (Symantec Corporation)
    3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
    3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-10-19 20:34 - 2012-10-19 20:34 - 00000000 ____D C:\FRST
    2012-10-18 20:05 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-10-18 20:04 - 2012-10-18 20:04 - 00272176 ____A C:\Windows\Minidump\101812-97313-01.dmp
    2012-10-18 18:47 - 2012-10-18 18:47 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-10-18 18:47 - 2012-10-18 18:47 - 00000000 ____D C:\Users\Pradeep\AppData\Roaming\SUPERAntiSpyware.com
    2012-10-18 18:47 - 2012-10-18 18:47 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-10-18 18:47 - 2012-10-18 18:47 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-10-18 18:42 - 2012-10-18 18:42 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
    2012-10-18 18:41 - 2012-09-27 21:32 - 62968832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-10-17 21:03 - 2012-10-17 21:03 - 00272176 ____A C:\Windows\Minidump\101812-89076-01.dmp
    2012-10-17 20:34 - 2012-10-17 20:34 - 00272176 ____A C:\Windows\Minidump\101712-97609-01.dmp
    2012-10-17 20:05 - 2012-10-17 20:06 - 00272176 ____A C:\Windows\Minidump\101712-102648-01.dmp
    2012-10-17 19:25 - 2012-10-17 19:25 - 00272176 ____A C:\Windows\Minidump\101712-100495-01.dmp
    2012-10-17 19:06 - 2012-10-18 20:03 - 270669620 ____A C:\Windows\MEMORY.DMP
    2012-10-17 19:06 - 2012-10-17 19:06 - 00272176 ____A C:\Windows\Minidump\101712-37268-01.dmp
    2012-10-17 19:02 - 2012-10-18 19:59 - 00000392 ____A C:\Windows\setupact.log
    2012-10-17 19:02 - 2012-10-17 19:02 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-17 18:37 - 2012-10-17 18:37 - 00000000 ____D C:\Users\Pradeep\AppData\Roaming\Malwarebytes
    2012-10-17 18:36 - 2012-10-17 19:17 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-17 18:36 - 2012-10-17 19:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-17 18:36 - 2012-10-17 18:36 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-10-17 18:36 - 2012-09-29 16:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-10-16 18:57 - 2012-10-16 19:14 - 00000000 ____D C:\Users\Pradeep\AppData\Local\NPE
    2012-10-10 19:05 - 2012-10-10 19:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-10-10 18:55 - 2012-10-18 20:04 - 00000000 ____D C:\Windows\Minidump
    2012-10-10 05:08 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-10 05:08 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-10 05:08 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-10 05:08 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-10 05:08 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-10 05:08 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-10 05:08 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-10 05:08 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-10 05:08 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-10 05:08 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-10 05:08 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-10 05:08 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-10 05:08 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-10 05:08 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-10 05:08 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-10 05:08 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 05:08 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 05:07 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-10 05:07 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-10 05:07 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-10 05:07 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-10 05:07 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-10 05:07 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-10 05:07 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-10 05:07 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-10 05:07 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-10 05:07 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-10 05:07 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-10 05:07 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-08 18:39 - 2012-10-08 18:39 - 00000000 ____D C:\Users\Pradeep\AppData\Local\CrashDumps
    2012-10-08 05:43 - 2012-10-08 17:06 - 00000000 ____D C:\w
    2012-10-08 05:43 - 2012-10-08 05:43 - 00000000 ____D C:\skins
    2012-10-08 05:43 - 2012-10-08 05:43 - 00000000 ____D C:\Cache
    2012-10-06 17:01 - 2012-10-06 17:01 - 00000000 ____D C:\Users\Pradeep\AppData\Roaming\Media Player Classic
    2012-10-06 14:29 - 2012-10-06 14:29 - 00023396 ____A C:\Users\Pradeep\Downloads\hindi_movie_omg_oh_my_god_watch_online.html
    2012-10-06 14:26 - 2012-10-15 16:58 - 00000000 ____D C:\Users\Pradeep\AppData\Roaming\DMCache
    2012-10-06 14:26 - 2012-10-07 09:02 - 00000000 ____D C:\Users\Pradeep\Downloads\Video
    2012-10-06 14:26 - 2012-10-06 17:47 - 00000000 ____D C:\Users\Pradeep\AppData\Roaming\IDM
    2012-10-06 14:26 - 2012-10-06 14:26 - 00000000 ____D C:\Users\Pradeep\Downloads\Compressed
    2012-10-06 14:26 - 2012-10-06 14:26 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
    2012-10-06 13:26 - 2012-10-06 13:26 - 00000000 ____D C:\Users\Pradeep\AppData\Local\Ilivid Player
    2012-10-06 13:25 - 2012-10-06 13:25 - 00000957 ____A C:\Users\Public\Desktop\iLivid Download Manager.lnk
    2012-10-06 13:25 - 2012-10-06 13:25 - 00000000 __HDC C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}
    2012-10-06 13:25 - 2012-10-06 13:25 - 00000000 ____D C:\Program Files (x86)\iLivid
    2012-10-06 13:24 - 2012-10-06 13:24 - 00000000 ____D C:\Users\Pradeep\AppData\Local\PackageAware
    2012-10-03 11:21 - 2012-10-03 11:21 - 00000380 ____A C:\edu.bmp
    2012-10-03 11:21 - 2012-10-03 11:21 - 00000304 ____A C:\dir.bmp
    2012-10-02 19:14 - 2012-10-02 19:14 - 00000000 ____D C:\Windows\Sun
    2012-10-01 20:21 - 2012-10-01 20:21 - 00002008 ____A C:\Users\Pradeep\Desktop\Yahoo! SiteBuilder.lnk
    2012-10-01 20:20 - 2008-06-09 23:32 - 00139264 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-10-01 20:20 - 2008-06-09 22:21 - 00135168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-10-01 20:20 - 2008-06-09 22:21 - 00135168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-10-01 20:19 - 2012-10-01 20:20 - 00000000 ____D C:\Program Files (x86)\Java
    2012-10-01 19:12 - 2012-10-03 19:58 - 00000000 ____D C:\Program Files (x86)\Yahoo SiteBuilder
    2012-10-01 19:04 - 2012-10-01 19:04 - 00000000 ____D C:\Users\Pradeep\Desktop\sites
    2012-10-01 18:26 - 2012-10-01 18:32 - 00000000 ____D C:\Users\Pradeep\Desktop\Website Thumbnails
    2012-09-30 18:22 - 2012-09-30 18:22 - 00080167 ____A C:\Users\Pradeep\Downloads\Vacuole Stuff.pptx
    2012-09-27 07:08 - 2012-09-27 10:07 - 00160992 ____A (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys
    2012-09-25 10:59 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-09-23 00:02 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-23 00:02 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-23 00:02 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-23 00:02 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-23 00:02 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-23 00:02 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-23 00:02 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-23 00:02 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-23 00:02 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-23 00:02 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-23 00:02 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-23 00:02 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-23 00:02 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-23 00:02 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-23 00:02 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-23 00:02 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-23 00:02 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-23 00:02 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-23 00:02 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-23 00:02 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-23 00:02 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-23 00:02 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-23 00:02 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-23 00:02 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-23 00:02 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-23 00:02 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-23 00:02 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-23 00:02 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-23 00:02 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-23 00:02 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-23 00:02 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-23 00:02 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-20 15:32 - 2012-09-23 12:35 - 00225280 ____A C:\Users\Pradeep\Desktop\interest-only-loan.xls
    ==================== 3 Months Modified Files ==================
    2012-10-18 20:04 - 2012-10-18 20:04 - 00272176 ____A C:\Windows\Minidump\101812-97313-01.dmp
    2012-10-18 20:03 - 2012-10-17 19:06 - 270669620 ____A C:\Windows\MEMORY.DMP
    2012-10-18 20:00 - 2012-04-22 16:33 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-18 20:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-18 19:59 - 2012-10-17 19:02 - 00000392 ____A C:\Windows\setupact.log
    2012-10-18 18:47 - 2012-10-18 18:47 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-10-18 18:43 - 2009-07-13 21:13 - 00782922 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-17 21:03 - 2012-10-17 21:03 - 00272176 ____A C:\Windows\Minidump\101812-89076-01.dmp
    2012-10-17 20:34 - 2012-10-17 20:34 - 00272176 ____A C:\Windows\Minidump\101712-97609-01.dmp
    2012-10-17 20:06 - 2012-10-17 20:05 - 00272176 ____A C:\Windows\Minidump\101712-102648-01.dmp
    2012-10-17 19:51 - 2010-11-20 19:47 - 00553406 ____A C:\Windows\PFRO.log
    2012-10-17 19:25 - 2012-10-17 19:25 - 00272176 ____A C:\Windows\Minidump\101712-100495-01.dmp
    2012-10-17 19:22 - 2012-04-22 13:56 - 01737558 ____A C:\Windows\WindowsUpdate.log
    2012-10-17 19:17 - 2012-10-17 18:36 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-17 19:06 - 2012-10-17 19:06 - 00272176 ____A C:\Windows\Minidump\101712-37268-01.dmp
    2012-10-17 19:02 - 2012-10-17 19:02 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-15 17:46 - 2012-04-23 18:11 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2262249602-3662098830-2808129073-1000UA.job
    2012-10-15 17:45 - 2012-04-22 16:33 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-15 17:22 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-15 17:22 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-13 00:00 - 2012-04-23 18:11 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2262249602-3662098830-2808129073-1000Core.job
    2012-10-11 07:50 - 2012-04-23 18:12 - 00002504 ____A C:\Users\Pradeep\Desktop\Google Chrome.lnk
    2012-10-06 14:29 - 2012-10-06 14:29 - 00023396 ____A C:\Users\Pradeep\Downloads\hindi_movie_omg_oh_my_god_watch_online.html
    2012-10-06 13:25 - 2012-10-06 13:25 - 00000957 ____A C:\Users\Public\Desktop\iLivid Download Manager.lnk
    2012-10-05 07:09 - 2012-04-25 15:31 - 00795928 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-10-03 11:21 - 2012-10-03 11:21 - 00000380 ____A C:\edu.bmp
    2012-10-03 11:21 - 2012-10-03 11:21 - 00000304 ____A C:\dir.bmp
    2012-10-02 17:28 - 2012-06-30 09:55 - 00002264 ____A C:\Users\Public\Desktop\Norton 360.lnk
    2012-10-01 20:21 - 2012-10-01 20:21 - 00002008 ____A C:\Users\Pradeep\Desktop\Yahoo! SiteBuilder.lnk
    2012-10-01 20:20 - 2012-08-05 09:13 - 00006541 ____A C:\Windows\SysWOW64\jupdate-1.6.0_07-b06.log
    2012-09-30 18:22 - 2012-09-30 18:22 - 00080167 ____A C:\Users\Pradeep\Downloads\Vacuole Stuff.pptx
    2012-09-29 16:54 - 2012-10-17 18:36 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-27 21:32 - 2012-10-18 18:41 - 62968832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-09-27 10:07 - 2012-09-27 07:08 - 00160992 ____A (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys
    2012-09-23 12:35 - 2012-09-20 15:32 - 00225280 ____A C:\Users\Pradeep\Desktop\interest-only-loan.xls
    2012-09-14 11:19 - 2012-10-10 05:07 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 10:28 - 2012-10-10 05:07 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-08-31 10:19 - 2012-10-10 05:08 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-25 14:00 - 2012-08-25 14:00 - 00001456 ____A C:\Users\Pradeep\AppData\Local\Adobe Save for Web 13.0 Prefs
    2012-08-24 10:05 - 2012-10-10 05:07 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 08:57 - 2012-10-10 05:07 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-09-23 00:02 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-23 00:02 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-23 00:02 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-23 00:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-23 00:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-23 00:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-23 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-23 00:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-23 00:02 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-23 00:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-23 00:02 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-23 00:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-23 00:02 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-23 00:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-23 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-23 00:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-23 00:02 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-23 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-23 00:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-23 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-23 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-23 00:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-23 00:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-23 00:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-23 00:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-23 00:02 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-23 00:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-23 00:02 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-23 00:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-23 00:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-23 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-23 00:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 10:12 - 2012-09-12 04:02 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-12 04:02 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-12 04:02 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-12 04:02 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 13:01 - 2012-09-25 10:59 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-20 10:48 - 2012-10-10 05:08 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 10:48 - 2012-10-10 05:08 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 10:48 - 2012-10-10 05:08 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 10:48 - 2012-10-10 05:08 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 10:48 - 2012-10-10 05:08 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 10:48 - 2012-10-10 05:08 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 10:48 - 2012-10-10 05:08 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 10:46 - 2012-10-10 05:08 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 10:38 - 2012-10-10 05:08 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 09:40 - 2012-10-10 05:08 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 09:38 - 2012-10-10 05:08 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 09:37 - 2012-10-10 05:08 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 09:37 - 2012-10-10 05:08 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 09:37 - 2012-10-10 05:08 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 08:47 - 2012-07-30 19:07 - 00001112 ____A C:\Users\Pradeep\Desktop\Adobe Premiere Pro CS6.lnk
    2012-08-20 08:47 - 2012-07-30 19:07 - 00001109 ____A C:\Users\Pradeep\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
    2012-08-20 07:38 - 2012-10-10 05:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 07:38 - 2012-10-10 05:08 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 07:33 - 2012-10-10 05:08 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-10 05:08 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-10 05:08 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-10 05:08 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-19 08:00 - 2009-07-13 20:45 - 05168344 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-12 10:31 - 2012-08-12 10:31 - 00001198 ____A C:\Users\Pradeep\Desktop\IsoBuster.lnk
    2012-08-10 16:56 - 2012-10-10 05:07 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 15:56 - 2012-10-10 05:07 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-07 19:12 - 2012-08-07 19:12 - 11531944 ____A C:\Users\Pradeep\Desktop\visualslideshow.zip
    2012-08-06 17:29 - 2012-08-06 17:29 - 00000000 ____A C:\Users\Pradeep\Downloads\THUNDER.partial
    2012-08-05 10:33 - 2012-08-05 10:33 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-08-02 09:58 - 2012-09-12 04:02 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 08:57 - 2012-09-12 04:02 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-07-29 13:42 - 2012-07-29 13:41 - 14062292 ____A C:\Users\Pradeep\Downloads\vsi5257m.zip
    ATTENTION: ========> Check for possible partition/boot infection:
    C:\Windows\svchost.exe
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    TDL4: custom:26000022 <===== ATTENTION!
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-06-28 12:13:09
    Restore point made on: 2012-06-28 15:51:08
    Restore point made on: 2012-07-05 19:09:29
    Restore point made on: 2012-07-10 20:13:15
    Restore point made on: 2012-07-22 15:51:30
    Restore point made on: 2012-08-04 12:27:05
    Restore point made on: 2012-08-05 09:12:08
    Restore point made on: 2012-08-12 12:30:57
    Restore point made on: 2012-08-16 19:37:21
    Restore point made on: 2012-08-26 16:10:45
    Restore point made on: 2012-09-03 15:26:16
    Restore point made on: 2012-09-11 13:55:01
    Restore point made on: 2012-09-13 00:00:55
    Restore point made on: 2012-09-20 13:10:37
    Restore point made on: 2012-09-23 00:01:39
    Restore point made on: 2012-09-25 20:25:55
    Restore point made on: 2012-10-01 19:06:40
    Restore point made on: 2012-10-01 19:10:10
    Restore point made on: 2012-10-01 20:14:57
    Restore point made on: 2012-10-01 20:19:15
    Restore point made on: 2012-10-09 07:34:03
    Restore point made on: 2012-10-10 18:49:58
    Restore point made on: 2012-10-11 19:29:53
    Restore point made on: 2012-10-13 00:02:13
    Restore point made on: 2012-10-14 00:01:15
    Restore point made on: 2012-10-15 00:00:36
    Restore point made on: 2012-10-15 16:59:08
    ==================== Memory info ===========================
    Percentage of memory in use: 22%
    Total physical RAM: 2046.45 MB
    Available physical RAM: 1577 MB
    Total Pagefile: 2046.45 MB
    Available Pagefile: 1562.98 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions =============================
    1 Drive c: (HP) (Fixed) (Total:226.4 GB) (Free:133.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (NEW_VOLUME) (Fixed) (Total:232.88 GB) (Free:209.72 GB) NTFS
    3 Drive e: (Recovery) (Fixed) (Total:6.48 GB) (Free:0.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    11 Drive m: () (Removable) (Total:0.98 GB) (Free:0.63 GB) FAT
    12 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 1024 KB
    Disk 1 Online 232 GB 1024 KB
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B
    Disk 7 Online 1004 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 226 GB 31 KB
    Partition 2 Primary 6636 MB 226 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C HP NTFS Partition 226 GB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 6636 MB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 232 GB 31 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D NEW_VOLUME NTFS Partition 232 GB Healthy
    =========================================================
    Partitions of Disk 7:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1004 MB 16 KB
    ==================================================================================
    Disk: 7
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 10 M FAT Removable 1004 MB Healthy
    =========================================================
    Last Boot: 2012-10-06 18:45
    ==================== End Of Log =============================
     
  4. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    Farbar Recovery Scan Tool (x64) Version: 16-10-2012
    Ran by SYSTEM at 2012-10-19 20:38:06
    Running from M:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
     
  5. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     

    Attached Files:

  6. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    Atttached below the FRST Fix Log

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2012
    Ran by SYSTEM at 2012-10-20 15:39:24 Run:1
    Running from M:\
    ==============================================

    The operation completed successfully.
    The operation completed successfully.
    C:\Windows\svchost.exe moved successfully.
    ==== End of Fixlog ====
     
  7. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    Tried to run the machine in normal mode three times after running FRST Fix, but BSOD showed up all times and machine will shut off and restart.
    Then ran the machine in safe mode and tried to download TDSSkiller, but machine froz and did not work. Saved the TDSSkiller in the flash drive and extarcted it on the desktop of infected machine and ran it successfully. The report is attached below. TDSSKiller displayed Reboot message and good news is that after it rebooted, the blue screen did not appear in normal mode and machine did not shut off.

    18:02:38.0300 2468 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    18:02:38.0846 2468 ============================================================
    18:02:38.0846 2468 Current date / time: 2012/10/20 18:02:38.0846
    18:02:38.0846 2468 SystemInfo:
    18:02:38.0846 2468
    18:02:38.0846 2468 OS Version: 6.1.7601 ServicePack: 1.0
    18:02:38.0846 2468 Product type: Workstation
    18:02:38.0846 2468 ComputerName: PRADEEPS-PC
    18:02:38.0846 2468 UserName: Pradeep
    18:02:38.0846 2468 Windows directory: C:\Windows
    18:02:38.0846 2468 System windows directory: C:\Windows
    18:02:38.0846 2468 Running under WOW64
    18:02:38.0846 2468 Processor architecture: Intel x64
    18:02:38.0846 2468 Number of processors: 2
    18:02:38.0846 2468 Page size: 0x1000
    18:02:38.0846 2468 Boot type: Normal boot
    18:02:38.0846 2468 ============================================================
    18:02:40.0156 2468 BG loaded
    18:02:40.0468 2468 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:02:40.0468 2468 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:02:40.0499 2468 Drive \Device\Harddisk7\DR7 - Size: 0x3EC80000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:02:40.0499 2468 ============================================================
    18:02:40.0499 2468 \Device\Harddisk0\DR0:
    18:02:40.0499 2468 MBR partitions:
    18:02:40.0499 2468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C4CE374
    18:02:40.0499 2468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C4CE3B3, BlocksNum 0xCF61CE
    18:02:40.0499 2468 \Device\Harddisk1\DR1:
    18:02:40.0499 2468 MBR partitions:
    18:02:40.0499 2468 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
    18:02:40.0499 2468 \Device\Harddisk7\DR7:
    18:02:40.0499 2468 MBR partitions:
    18:02:40.0499 2468 \Device\Harddisk7\DR7\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F63E0
    18:02:40.0499 2468 ============================================================
    18:02:40.0515 2468 C: <-> \Device\Harddisk0\DR0\Partition1
    18:02:40.0515 2468 D: <-> \Device\Harddisk1\DR1\Partition1
    18:02:40.0562 2468 E: <-> \Device\Harddisk0\DR0\Partition2
    18:02:40.0562 2468 ============================================================
    18:02:40.0562 2468 Initialize success
    18:02:40.0562 2468 ============================================================
     
  8. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Very good but TDSSKiller log is incomplete.
    Please post a whole log.
     
  9. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    Sorry, earlier posted the log from TDDSKiller Report section.

    Attached below are the three logs that were created at C: location.

    18:02:38.0300 2468 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    18:02:38.0846 2468 ============================================================
    18:02:38.0846 2468 Current date / time: 2012/10/20 18:02:38.0846
    18:02:38.0846 2468 SystemInfo:
    18:02:38.0846 2468
    18:02:38.0846 2468 OS Version: 6.1.7601 ServicePack: 1.0
    18:02:38.0846 2468 Product type: Workstation
    18:02:38.0846 2468 ComputerName: PRADEEPS-PC
    18:02:38.0846 2468 UserName: Pradeep
    18:02:38.0846 2468 Windows directory: C:\Windows
    18:02:38.0846 2468 System windows directory: C:\Windows
    18:02:38.0846 2468 Running under WOW64
    18:02:38.0846 2468 Processor architecture: Intel x64
    18:02:38.0846 2468 Number of processors: 2
    18:02:38.0846 2468 Page size: 0x1000
    18:02:38.0846 2468 Boot type: Normal boot
    18:02:38.0846 2468 ============================================================
    18:02:40.0156 2468 BG loaded
    18:02:40.0468 2468 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:02:40.0468 2468 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:02:40.0499 2468 Drive \Device\Harddisk7\DR7 - Size: 0x3EC80000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:02:40.0499 2468 ============================================================
    18:02:40.0499 2468 \Device\Harddisk0\DR0:
    18:02:40.0499 2468 MBR partitions:
    18:02:40.0499 2468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C4CE374
    18:02:40.0499 2468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C4CE3B3, BlocksNum 0xCF61CE
    18:02:40.0499 2468 \Device\Harddisk1\DR1:
    18:02:40.0499 2468 MBR partitions:
    18:02:40.0499 2468 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
    18:02:40.0499 2468 \Device\Harddisk7\DR7:
    18:02:40.0499 2468 MBR partitions:
    18:02:40.0499 2468 \Device\Harddisk7\DR7\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F63E0
    18:02:40.0499 2468 ============================================================
    18:02:40.0515 2468 C: <-> \Device\Harddisk0\DR0\Partition1
    18:02:40.0515 2468 D: <-> \Device\Harddisk1\DR1\Partition1
    18:02:40.0562 2468 E: <-> \Device\Harddisk0\DR0\Partition2
    18:02:40.0562 2468 ============================================================
    18:02:40.0562 2468 Initialize success
    18:02:40.0562 2468 ============================================================
     
  10. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    18:00:55.0062 2796 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    18:00:55.0561 2796 ============================================================
    18:00:55.0561 2796 Current date / time: 2012/10/20 18:00:55.0561
    18:00:55.0561 2796 SystemInfo:
    18:00:55.0561 2796
    18:00:55.0561 2796 OS Version: 6.1.7601 ServicePack: 1.0
    18:00:55.0561 2796 Product type: Workstation
    18:00:55.0561 2796 ComputerName: PRADEEPS-PC
    18:00:55.0561 2796 UserName: Pradeep
    18:00:55.0561 2796 Windows directory: C:\Windows
    18:00:55.0561 2796 System windows directory: C:\Windows
    18:00:55.0561 2796 Running under WOW64
    18:00:55.0561 2796 Processor architecture: Intel x64
    18:00:55.0561 2796 Number of processors: 2
    18:00:55.0561 2796 Page size: 0x1000
    18:00:55.0561 2796 Boot type: Normal boot
    18:00:55.0561 2796 ============================================================
    18:00:57.0371 2796 BG loaded
    18:00:58.0229 2796 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:00:58.0276 2796 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:00:58.0307 2796 Drive \Device\Harddisk7\DR7 - Size: 0x3EC80000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:00:58.0307 2796 ============================================================
    18:00:58.0307 2796 \Device\Harddisk0\DR0:
    18:00:58.0322 2796 MBR partitions:
    18:00:58.0322 2796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C4CE374
    18:00:58.0322 2796 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C4CE3B3, BlocksNum 0xCF61CE
    18:00:58.0322 2796 \Device\Harddisk1\DR1:
    18:00:58.0322 2796 MBR partitions:
    18:00:58.0322 2796 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
    18:00:58.0322 2796 \Device\Harddisk7\DR7:
    18:00:58.0322 2796 MBR partitions:
    18:00:58.0322 2796 \Device\Harddisk7\DR7\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F63E0
    18:00:58.0322 2796 ============================================================
    18:00:58.0369 2796 C: <-> \Device\Harddisk0\DR0\Partition1
    18:00:58.0369 2796 D: <-> \Device\Harddisk1\DR1\Partition1
    18:00:58.0416 2796 E: <-> \Device\Harddisk0\DR0\Partition2
    18:00:58.0416 2796 ============================================================
    18:00:58.0416 2796 Initialize success
    18:00:58.0416 2796 ============================================================
    18:01:59.0347 2452 Deinitialize success
     
  11. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    This is still not a full log.
    If that's all you have re-run the tool.
     
     
  12. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    17:56:14.0291 1204 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    17:56:15.0401 1204 ============================================================
    17:56:15.0401 1204 Current date / time: 2012/10/20 17:56:15.0401
    17:56:15.0401 1204 SystemInfo:
    17:56:15.0401 1204
    17:56:15.0401 1204 OS Version: 6.1.7601 ServicePack: 1.0
    17:56:15.0401 1204 Product type: Workstation
    17:56:15.0401 1204 ComputerName: PRADEEPS-PC
    17:56:15.0401 1204 UserName: Pradeep
    17:56:15.0401 1204 Windows directory: C:\Windows
    17:56:15.0401 1204 System windows directory: C:\Windows
    17:56:15.0401 1204 Running under WOW64
    17:56:15.0401 1204 Processor architecture: Intel x64
    17:56:15.0401 1204 Number of processors: 2
    17:56:15.0401 1204 Page size: 0x1000
    17:56:15.0401 1204 Boot type: Safe boot with network
    17:56:15.0401 1204 ============================================================
    17:56:22.0989 1204 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:56:22.0989 1204 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:56:23.0002 1204 Drive \Device\Harddisk6\DR9 - Size: 0x3EC80000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    17:56:23.0020 1204 ============================================================
    17:56:23.0020 1204 \Device\Harddisk0\DR0:
    17:56:23.0020 1204 MBR partitions:
    17:56:23.0020 1204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C4CE374
    17:56:23.0020 1204 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C4CE3B3, BlocksNum 0xCF61CE
    17:56:23.0020 1204 \Device\Harddisk1\DR1:
    17:56:23.0021 1204 MBR partitions:
    17:56:23.0021 1204 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
    17:56:23.0021 1204 \Device\Harddisk6\DR9:
    17:56:23.0021 1204 MBR partitions:
    17:56:23.0021 1204 \Device\Harddisk6\DR9\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F63E0
    17:56:23.0021 1204 ============================================================
    17:56:23.0045 1204 C: <-> \Device\Harddisk0\DR0\Partition1
    17:56:23.0047 1204 D: <-> \Device\Harddisk1\DR1\Partition1
    17:56:23.0096 1204 E: <-> \Device\Harddisk0\DR0\Partition2
    17:56:23.0096 1204 ============================================================
    17:56:23.0096 1204 Initialize success
    17:56:23.0096 1204 ============================================================
    17:56:39.0778 2136 ============================================================
    17:56:39.0778 2136 Scan started
    17:56:39.0778 2136 Mode: Manual;
    17:56:39.0778 2136 ============================================================
    17:56:41.0655 2136 ================ Scan system memory ========================
    17:56:41.0655 2136 System memory - ok
    17:56:41.0655 2136 ================ Scan services =============================
    17:56:41.0762 2136 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    17:56:41.0764 2136 !SASCORE - ok
    17:56:42.0014 2136 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    17:56:42.0017 2136 1394ohci - ok
    17:56:42.0075 2136 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    17:56:42.0082 2136 ACPI - ok
    17:56:42.0116 2136 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    17:56:42.0117 2136 AcpiPmi - ok
    17:56:42.0292 2136 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:56:42.0294 2136 AdobeARMservice - ok
    17:56:42.0354 2136 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    17:56:42.0372 2136 adp94xx - ok
    17:56:42.0394 2136 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    17:56:42.0409 2136 adpahci - ok
    17:56:42.0424 2136 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    17:56:42.0427 2136 adpu320 - ok
    17:56:42.0471 2136 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    17:56:42.0480 2136 AeLookupSvc - ok
    17:56:42.0578 2136 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    17:56:42.0595 2136 AFD - ok
    17:56:42.0653 2136 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    17:56:42.0655 2136 agp440 - ok
    17:56:42.0702 2136 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    17:56:42.0704 2136 ALG - ok
    17:56:42.0754 2136 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    17:56:42.0755 2136 aliide - ok
    17:56:42.0794 2136 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    17:56:42.0795 2136 amdide - ok
    17:56:42.0837 2136 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    17:56:42.0838 2136 AmdK8 - ok
    17:56:42.0865 2136 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    17:56:42.0867 2136 AmdPPM - ok
    17:56:42.0929 2136 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    17:56:42.0931 2136 amdsata - ok
    17:56:42.0978 2136 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    17:56:42.0981 2136 amdsbs - ok
    17:56:42.0999 2136 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    17:56:43.0000 2136 amdxata - ok
    17:56:43.0082 2136 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    17:56:43.0083 2136 AppID - ok
    17:56:43.0128 2136 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    17:56:43.0129 2136 AppIDSvc - ok
    17:56:43.0146 2136 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    17:56:43.0148 2136 Appinfo - ok
    17:56:43.0263 2136 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:56:43.0265 2136 Apple Mobile Device - ok
    17:56:43.0347 2136 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    17:56:43.0350 2136 AppMgmt - ok
    17:56:43.0374 2136 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    17:56:43.0375 2136 arc - ok
    17:56:43.0410 2136 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    17:56:43.0412 2136 arcsas - ok
    17:56:43.0599 2136 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    17:56:43.0672 2136 aspnet_state - ok
    17:56:43.0714 2136 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    17:56:43.0715 2136 AsyncMac - ok
    17:56:43.0770 2136 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    17:56:43.0771 2136 atapi - ok
    17:56:43.0873 2136 [ 8C56E93749BA53A4B645963D3439E01E ] athr C:\Windows\system32\DRIVERS\athrx.sys
    17:56:43.0916 2136 athr - ok
    17:56:43.0982 2136 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    17:56:44.0010 2136 AudioEndpointBuilder - ok
    17:56:44.0028 2136 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    17:56:44.0032 2136 AudioSrv - ok
    17:56:44.0103 2136 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    17:56:44.0105 2136 AxInstSV - ok
    17:56:44.0186 2136 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    17:56:44.0203 2136 b06bdrv - ok
    17:56:44.0277 2136 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:56:44.0281 2136 b57nd60a - ok
    17:56:44.0308 2136 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    17:56:44.0312 2136 BDESVC - ok
    17:56:44.0379 2136 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    17:56:44.0380 2136 Beep - ok
    17:56:44.0453 2136 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    17:56:44.0490 2136 BFE - ok
    17:56:44.0792 2136 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
    17:56:44.0838 2136 BHDrvx64 - ok
    17:56:44.0918 2136 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    17:56:45.0061 2136 BITS - ok
    17:56:45.0138 2136 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    17:56:45.0139 2136 blbdrive - ok
    17:56:45.0230 2136 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    17:56:45.0247 2136 Bonjour Service - ok
    17:56:45.0334 2136 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    17:56:45.0336 2136 bowser - ok
    17:56:45.0398 2136 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    17:56:45.0399 2136 BrFiltLo - ok
    17:56:45.0433 2136 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    17:56:45.0434 2136 BrFiltUp - ok
    17:56:45.0478 2136 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    17:56:45.0481 2136 Browser - ok
    17:56:45.0514 2136 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    17:56:45.0518 2136 Brserid - ok
    17:56:45.0532 2136 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    17:56:45.0533 2136 BrSerWdm - ok
    17:56:45.0549 2136 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:56:45.0549 2136 BrUsbMdm - ok
    17:56:45.0583 2136 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    17:56:45.0584 2136 BrUsbSer - ok
    17:56:45.0635 2136 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    17:56:45.0636 2136 BTHMODEM - ok
    17:56:45.0695 2136 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    17:56:45.0696 2136 bthserv - ok
    17:56:45.0802 2136 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
    17:56:45.0804 2136 ccSet_N360 - ok
    17:56:45.0862 2136 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    17:56:45.0864 2136 cdfs - ok
    17:56:45.0914 2136 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    17:56:45.0917 2136 cdrom - ok
    17:56:45.0980 2136 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    17:56:45.0982 2136 CertPropSvc - ok
    17:56:46.0021 2136 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    17:56:46.0022 2136 circlass - ok
    17:56:46.0057 2136 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    17:56:46.0071 2136 CLFS - ok
    17:56:46.0171 2136 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:56:46.0175 2136 clr_optimization_v2.0.50727_32 - ok
    17:56:46.0235 2136 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:56:46.0238 2136 clr_optimization_v2.0.50727_64 - ok
    17:56:46.0363 2136 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:56:46.0481 2136 clr_optimization_v4.0.30319_32 - ok
    17:56:46.0528 2136 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:56:46.0560 2136 clr_optimization_v4.0.30319_64 - ok
    17:56:46.0593 2136 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    17:56:46.0593 2136 CmBatt - ok
    17:56:46.0608 2136 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    17:56:46.0609 2136 cmdide - ok
    17:56:46.0672 2136 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    17:56:46.0680 2136 CNG - ok
    17:56:46.0733 2136 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    17:56:46.0734 2136 Compbatt - ok
    17:56:46.0778 2136 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    17:56:46.0779 2136 CompositeBus - ok
    17:56:46.0812 2136 COMSysApp - ok
    17:56:46.0830 2136 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    17:56:46.0831 2136 crcdisk - ok
    17:56:46.0897 2136 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    17:56:46.0900 2136 CryptSvc - ok
    17:56:46.0961 2136 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    17:56:46.0978 2136 CSC - ok
    17:56:47.0047 2136 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    17:56:47.0085 2136 CscService - ok
    17:56:47.0145 2136 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    17:56:47.0179 2136 DcomLaunch - ok
    17:56:47.0259 2136 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    17:56:47.0267 2136 defragsvc - ok
    17:56:47.0326 2136 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    17:56:47.0328 2136 DfsC - ok
    17:56:47.0388 2136 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    17:56:47.0395 2136 Dhcp - ok
    17:56:47.0443 2136 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    17:56:47.0443 2136 discache - ok
    17:56:47.0496 2136 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    17:56:47.0497 2136 Disk - ok
    17:56:47.0540 2136 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
    17:56:47.0542 2136 dmvsc - ok
    17:56:47.0595 2136 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    17:56:47.0598 2136 Dnscache - ok
    17:56:47.0652 2136 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    17:56:47.0656 2136 dot3svc - ok
    17:56:47.0675 2136 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    17:56:47.0678 2136 DPS - ok
    17:56:47.0746 2136 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    17:56:47.0747 2136 drmkaud - ok
    17:56:47.0786 2136 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    17:56:47.0818 2136 DXGKrnl - ok
    17:56:47.0895 2136 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
    17:56:47.0899 2136 e1express - ok
    17:56:47.0944 2136 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    17:56:47.0946 2136 EapHost - ok
    17:56:48.0043 2136 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    17:56:48.0133 2136 ebdrv - ok
    17:56:48.0222 2136 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    17:56:48.0238 2136 eeCtrl - ok
    17:56:48.0280 2136 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    17:56:48.0282 2136 EFS - ok
    17:56:48.0377 2136 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    17:56:48.0403 2136 ehRecvr - ok
    17:56:48.0448 2136 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    17:56:48.0483 2136 ehSched - ok
    17:56:48.0540 2136 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    17:56:48.0558 2136 elxstor - ok
    17:56:48.0656 2136 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    17:56:48.0657 2136 EraserUtilRebootDrv - ok
    17:56:48.0720 2136 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    17:56:48.0721 2136 ErrDev - ok
    17:56:48.0807 2136 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    17:56:48.0841 2136 EventSystem - ok
    17:56:48.0875 2136 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    17:56:48.0878 2136 exfat - ok
    17:56:48.0908 2136 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    17:56:48.0911 2136 fastfat - ok
    17:56:48.0989 2136 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    17:56:49.0016 2136 Fax - ok
    17:56:49.0064 2136 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    17:56:49.0066 2136 fdc - ok
    17:56:49.0114 2136 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    17:56:49.0116 2136 fdPHost - ok
    17:56:49.0128 2136 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    17:56:49.0130 2136 FDResPub - ok
    17:56:49.0143 2136 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    17:56:49.0144 2136 FileInfo - ok
    17:56:49.0156 2136 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    17:56:49.0157 2136 Filetrace - ok
    17:56:49.0254 2136 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    17:56:49.0280 2136 FLEXnet Licensing Service - ok
    17:56:49.0345 2136 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    17:56:49.0346 2136 flpydisk - ok
    17:56:49.0364 2136 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    17:56:49.0367 2136 FltMgr - ok
    17:56:49.0440 2136 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    17:56:49.0480 2136 FontCache - ok
    17:56:49.0552 2136 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:56:49.0554 2136 FontCache3.0.0.0 - ok
    17:56:49.0569 2136 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    17:56:49.0570 2136 FsDepends - ok
    17:56:49.0615 2136 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    17:56:49.0616 2136 Fs_Rec - ok
    17:56:49.0670 2136 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    17:56:49.0673 2136 fvevol - ok
    17:56:49.0701 2136 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    17:56:49.0703 2136 gagp30kx - ok
    17:56:49.0761 2136 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:56:49.0762 2136 GEARAspiWDM - ok
    17:56:49.0820 2136 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    17:56:49.0846 2136 gpsvc - ok
    17:56:49.0935 2136 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:56:49.0938 2136 gupdate - ok
    17:56:49.0943 2136 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:56:49.0944 2136 gupdatem - ok
    17:56:50.0016 2136 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    17:56:50.0020 2136 gusvc - ok
    17:56:50.0061 2136 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    17:56:50.0062 2136 hcw85cir - ok
    17:56:50.0127 2136 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    17:56:50.0134 2136 HdAudAddService - ok
    17:56:50.0181 2136 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:56:50.0183 2136 HDAudBus - ok
    17:56:50.0225 2136 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    17:56:50.0226 2136 HidBatt - ok
    17:56:50.0258 2136 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    17:56:50.0260 2136 HidBth - ok
    17:56:50.0300 2136 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    17:56:50.0301 2136 HidIr - ok
    17:56:50.0330 2136 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    17:56:50.0332 2136 hidserv - ok
    17:56:50.0390 2136 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    17:56:50.0391 2136 HidUsb - ok
    17:56:50.0441 2136 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    17:56:50.0443 2136 hkmsvc - ok
    17:56:50.0471 2136 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    17:56:50.0475 2136 HomeGroupListener - ok
    17:56:50.0532 2136 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    17:56:50.0536 2136 HomeGroupProvider - ok
    17:56:50.0569 2136 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    17:56:50.0571 2136 HpSAMD - ok
    17:56:50.0639 2136 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    17:56:50.0665 2136 HTTP - ok
    17:56:50.0684 2136 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    17:56:50.0685 2136 hwpolicy - ok
    17:56:50.0725 2136 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    17:56:50.0726 2136 i8042prt - ok
    17:56:50.0793 2136 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    17:56:50.0796 2136 iaStorV - ok
    17:56:50.0875 2136 [ 6F37465EAF6E043A20B432228FED2BF5 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
    17:56:50.0878 2136 IDMWFP - ok
    17:56:50.0983 2136 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:56:51.0017 2136 idsvc - ok
    17:56:51.0178 2136 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121019.001\IDSvia64.sys
    17:56:51.0196 2136 IDSVia64 - ok
    17:56:51.0240 2136 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    17:56:51.0241 2136 iirsp - ok
    17:56:51.0299 2136 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    17:56:51.0333 2136 IKEEXT - ok
    17:56:51.0378 2136 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    17:56:51.0379 2136 intelide - ok
    17:56:51.0432 2136 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    17:56:51.0434 2136 intelppm - ok
    17:56:51.0450 2136 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    17:56:51.0452 2136 IPBusEnum - ok
    17:56:51.0488 2136 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:56:51.0489 2136 IpFilterDriver - ok
    17:56:51.0529 2136 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    17:56:51.0547 2136 iphlpsvc - ok
    17:56:51.0557 2136 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    17:56:51.0559 2136 IPMIDRV - ok
    17:56:51.0594 2136 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    17:56:51.0596 2136 IPNAT - ok
    17:56:51.0694 2136 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    17:56:51.0720 2136 iPod Service - ok
    17:56:51.0803 2136 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    17:56:51.0843 2136 IRENUM - ok
    17:56:51.0857 2136 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    17:56:51.0859 2136 isapnp - ok
    17:56:51.0915 2136 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    17:56:51.0919 2136 iScsiPrt - ok
    17:56:51.0929 2136 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    17:56:51.0930 2136 kbdclass - ok
    17:56:51.0970 2136 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    17:56:51.0971 2136 kbdhid - ok
    17:56:51.0979 2136 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    17:56:51.0980 2136 KeyIso - ok
    17:56:52.0027 2136 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    17:56:52.0029 2136 KSecDD - ok
    17:56:52.0082 2136 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    17:56:52.0085 2136 KSecPkg - ok
    17:56:52.0137 2136 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    17:56:52.0138 2136 ksthunk - ok
    17:56:52.0190 2136 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    17:56:52.0206 2136 KtmRm - ok
    17:56:52.0278 2136 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    17:56:52.0286 2136 LanmanServer - ok
    17:56:52.0329 2136 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    17:56:52.0350 2136 LanmanWorkstation - ok
    17:56:52.0418 2136 [ 71C6A95A5F0CCC87298C4DD0F2C3635A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    17:56:52.0420 2136 LightScribeService - ok
    17:56:52.0471 2136 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    17:56:52.0473 2136 lltdio - ok
    17:56:52.0526 2136 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    17:56:52.0540 2136 lltdsvc - ok
    17:56:52.0585 2136 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    17:56:52.0586 2136 lmhosts - ok
    17:56:52.0656 2136 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    17:56:52.0658 2136 LSI_FC - ok
    17:56:52.0673 2136 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    17:56:52.0675 2136 LSI_SAS - ok
    17:56:52.0691 2136 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    17:56:52.0693 2136 LSI_SAS2 - ok
    17:56:52.0708 2136 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    17:56:52.0710 2136 LSI_SCSI - ok
    17:56:52.0738 2136 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    17:56:52.0739 2136 luafv - ok
    17:56:52.0786 2136 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    17:56:52.0788 2136 Mcx2Svc - ok
    17:56:52.0830 2136 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    17:56:52.0841 2136 megasas - ok
    17:56:52.0871 2136 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    17:56:52.0875 2136 MegaSR - ok
    17:56:52.0918 2136 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    17:56:52.0920 2136 MMCSS - ok
    17:56:52.0928 2136 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    17:56:52.0929 2136 Modem - ok
    17:56:52.0980 2136 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    17:56:52.0980 2136 monitor - ok
    17:56:53.0026 2136 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    17:56:53.0027 2136 mouclass - ok
    17:56:53.0074 2136 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    17:56:53.0104 2136 mouhid - ok
    17:56:53.0135 2136 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    17:56:53.0136 2136 mountmgr - ok
    17:56:53.0163 2136 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    17:56:53.0165 2136 mpio - ok
    17:56:53.0188 2136 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    17:56:53.0189 2136 mpsdrv - ok
    17:56:53.0227 2136 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    17:56:53.0252 2136 MpsSvc - ok
    17:56:53.0272 2136 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    17:56:53.0274 2136 MRxDAV - ok
    17:56:53.0324 2136 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:56:53.0340 2136 mrxsmb - ok
    17:56:53.0356 2136 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:56:53.0362 2136 mrxsmb10 - ok
    17:56:53.0406 2136 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:56:53.0412 2136 mrxsmb20 - ok
    17:56:53.0430 2136 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    17:56:53.0431 2136 msahci - ok
    17:56:53.0459 2136 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    17:56:53.0461 2136 msdsm - ok
    17:56:53.0500 2136 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    17:56:53.0503 2136 MSDTC - ok
    17:56:53.0556 2136 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    17:56:53.0557 2136 Msfs - ok
    17:56:53.0612 2136 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    17:56:53.0613 2136 mshidkmdf - ok
    17:56:53.0627 2136 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    17:56:53.0628 2136 msisadrv - ok
    17:56:53.0673 2136 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    17:56:53.0676 2136 MSiSCSI - ok
    17:56:53.0682 2136 msiserver - ok
    17:56:53.0713 2136 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    17:56:53.0737 2136 MSKSSRV - ok
    17:56:53.0805 2136 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    17:56:53.0805 2136 MSPCLOCK - ok
    17:56:53.0831 2136 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    17:56:53.0832 2136 MSPQM - ok
    17:56:53.0888 2136 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    17:56:53.0906 2136 MsRPC - ok
    17:56:53.0918 2136 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    17:56:53.0919 2136 mssmbios - ok
    17:56:53.0937 2136 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    17:56:53.0938 2136 MSTEE - ok
    17:56:53.0963 2136 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    17:56:53.0964 2136 MTConfig - ok
    17:56:53.0994 2136 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    17:56:53.0996 2136 Mup - ok
    17:56:54.0158 2136 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
    17:56:54.0162 2136 N360 - ok
    17:56:54.0219 2136 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    17:56:54.0237 2136 napagent - ok
    17:56:54.0318 2136 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    17:56:54.0325 2136 NativeWifiP - ok
    17:56:54.0480 2136 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121019.022\ENG64.SYS
    17:56:54.0482 2136 NAVENG - ok
    17:56:54.0569 2136 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121019.022\EX64.SYS
    17:56:54.0627 2136 NAVEX15 - ok
    17:56:54.0729 2136 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    17:56:54.0762 2136 NDIS - ok
    17:56:54.0855 2136 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    17:56:54.0856 2136 NdisCap - ok
    17:56:54.0909 2136 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    17:56:54.0910 2136 NdisTapi - ok
    17:56:54.0993 2136 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    17:56:54.0994 2136 Ndisuio - ok
    17:56:55.0036 2136 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    17:56:55.0039 2136 NdisWan - ok
    17:56:55.0058 2136 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    17:56:55.0059 2136 NDProxy - ok
    17:56:55.0120 2136 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    17:56:55.0121 2136 NetBIOS - ok
    17:56:55.0170 2136 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    17:56:55.0174 2136 NetBT - ok
    17:56:55.0219 2136 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    17:56:55.0220 2136 Netlogon - ok
    17:56:55.0287 2136 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    17:56:55.0303 2136 Netman - ok
    17:56:55.0371 2136 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:56:55.0466 2136 NetMsmqActivator - ok
    17:56:55.0484 2136 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:56:55.0485 2136 NetPipeActivator - ok
    17:56:55.0528 2136 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    17:56:55.0545 2136 netprofm - ok
    17:56:55.0556 2136 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
     
  13. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    17:56:55.0557 2136 NetTcpActivator - ok
    17:56:55.0566 2136 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:56:55.0567 2136 NetTcpPortSharing - ok
    17:56:55.0618 2136 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    17:56:55.0619 2136 nfrd960 - ok
    17:56:55.0698 2136 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    17:56:55.0705 2136 NlaSvc - ok
    17:56:55.0780 2136 [ 351533ACC2A069B94E80BBFC177E8FDF ] npf C:\Windows\system32\drivers\npf.sys
    17:56:55.0811 2136 npf - ok
    17:56:55.0886 2136 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    17:56:55.0887 2136 Npfs - ok
    17:56:55.0962 2136 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    17:56:55.0964 2136 nsi - ok
    17:56:56.0017 2136 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    17:56:56.0017 2136 nsiproxy - ok
    17:56:56.0119 2136 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    17:56:56.0200 2136 Ntfs - ok
    17:56:56.0236 2136 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    17:56:56.0236 2136 Null - ok
    17:56:56.0739 2136 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    17:56:57.0056 2136 nvlddmkm - ok
    17:56:57.0165 2136 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    17:56:57.0167 2136 nvraid - ok
    17:56:57.0241 2136 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    17:56:57.0244 2136 nvstor - ok
    17:56:57.0376 2136 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
    17:56:57.0380 2136 nvsvc - ok
    17:56:57.0439 2136 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    17:56:57.0441 2136 nv_agp - ok
    17:56:57.0525 2136 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    17:56:57.0525 2136 ohci1394 - ok
    17:56:57.0605 2136 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:56:57.0605 2136 ose - ok
    17:56:57.0675 2136 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    17:56:57.0705 2136 p2pimsvc - ok
    17:56:57.0785 2136 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    17:56:57.0805 2136 p2psvc - ok
    17:56:57.0845 2136 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    17:56:57.0855 2136 Parport - ok
    17:56:57.0925 2136 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    17:56:57.0925 2136 partmgr - ok
    17:56:57.0975 2136 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    17:56:57.0985 2136 PcaSvc - ok
    17:56:58.0035 2136 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    17:56:58.0045 2136 pci - ok
    17:56:58.0055 2136 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    17:56:58.0065 2136 pciide - ok
    17:56:58.0105 2136 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    17:56:58.0105 2136 pcmcia - ok
    17:56:58.0135 2136 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    17:56:58.0145 2136 pcw - ok
    17:56:58.0175 2136 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    17:56:58.0185 2136 PEAUTH - ok
    17:56:58.0355 2136 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    17:56:58.0385 2136 PeerDistSvc - ok
    17:56:58.0505 2136 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    17:56:58.0545 2136 PerfHost - ok
    17:56:58.0635 2136 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    17:56:58.0675 2136 pla - ok
    17:56:58.0775 2136 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    17:56:58.0805 2136 PlugPlay - ok
    17:56:58.0855 2136 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    17:56:58.0855 2136 PNRPAutoReg - ok
    17:56:58.0905 2136 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    17:56:58.0905 2136 PNRPsvc - ok
    17:56:59.0025 2136 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    17:56:59.0055 2136 PolicyAgent - ok
    17:56:59.0145 2136 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    17:56:59.0145 2136 Power - ok
    17:56:59.0235 2136 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    17:56:59.0235 2136 PptpMiniport - ok
    17:56:59.0295 2136 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    17:56:59.0295 2136 Processor - ok
    17:56:59.0335 2136 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    17:56:59.0345 2136 ProfSvc - ok
    17:56:59.0395 2136 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    17:56:59.0395 2136 ProtectedStorage - ok
    17:56:59.0415 2136 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    17:56:59.0415 2136 Psched - ok
    17:56:59.0515 2136 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    17:56:59.0515 2136 PxHlpa64 - ok
    17:56:59.0615 2136 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    17:56:59.0685 2136 ql2300 - ok
    17:56:59.0725 2136 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    17:56:59.0725 2136 ql40xx - ok
    17:56:59.0795 2136 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    17:56:59.0795 2136 QWAVE - ok
    17:56:59.0855 2136 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    17:56:59.0855 2136 QWAVEdrv - ok
    17:56:59.0875 2136 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    17:56:59.0875 2136 RasAcd - ok
    17:56:59.0965 2136 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:57:00.0005 2136 RasAgileVpn - ok
    17:57:00.0055 2136 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    17:57:00.0055 2136 RasAuto - ok
    17:57:00.0085 2136 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:57:00.0095 2136 Rasl2tp - ok
    17:57:00.0155 2136 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    17:57:00.0185 2136 RasMan - ok
    17:57:00.0255 2136 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    17:57:00.0255 2136 RasPppoe - ok
    17:57:00.0345 2136 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    17:57:00.0355 2136 RasSstp - ok
    17:57:00.0405 2136 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    17:57:00.0425 2136 rdbss - ok
    17:57:00.0475 2136 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    17:57:00.0475 2136 rdpbus - ok
    17:57:00.0495 2136 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:57:00.0495 2136 RDPCDD - ok
    17:57:00.0565 2136 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    17:57:00.0565 2136 RDPDR - ok
    17:57:00.0625 2136 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    17:57:00.0625 2136 RDPENCDD - ok
    17:57:00.0665 2136 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    17:57:00.0665 2136 RDPREFMP - ok
    17:57:00.0725 2136 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    17:57:00.0725 2136 RdpVideoMiniport - ok
    17:57:00.0775 2136 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    17:57:00.0775 2136 RDPWD - ok
    17:57:00.0855 2136 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    17:57:00.0885 2136 rdyboost - ok
    17:57:00.0955 2136 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    17:57:00.0955 2136 RemoteAccess - ok
    17:57:01.0025 2136 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    17:57:01.0025 2136 RemoteRegistry - ok
    17:57:01.0145 2136 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    17:57:01.0145 2136 RimUsb - ok
    17:57:01.0175 2136 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    17:57:01.0175 2136 RpcEptMapper - ok
    17:57:01.0235 2136 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    17:57:01.0235 2136 RpcLocator - ok
    17:57:01.0295 2136 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    17:57:01.0305 2136 RpcSs - ok
    17:57:01.0355 2136 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    17:57:01.0365 2136 rspndr - ok
    17:57:01.0425 2136 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    17:57:01.0425 2136 s3cap - ok
    17:57:01.0465 2136 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    17:57:01.0465 2136 SamSs - ok
    17:57:01.0555 2136 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    17:57:01.0555 2136 SASDIFSV - ok
    17:57:01.0625 2136 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    17:57:01.0625 2136 SASKUTIL - ok
    17:57:01.0675 2136 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    17:57:01.0675 2136 sbp2port - ok
    17:57:01.0725 2136 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    17:57:01.0725 2136 SCardSvr - ok
    17:57:01.0795 2136 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    17:57:01.0795 2136 scfilter - ok
    17:57:01.0875 2136 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    17:57:01.0905 2136 Schedule - ok
    17:57:01.0955 2136 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    17:57:01.0955 2136 SCPolicySvc - ok
    17:57:02.0015 2136 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    17:57:02.0015 2136 SDRSVC - ok
    17:57:02.0085 2136 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    17:57:02.0085 2136 secdrv - ok
    17:57:02.0155 2136 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    17:57:02.0185 2136 seclogon - ok
    17:57:02.0245 2136 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    17:57:02.0245 2136 SENS - ok
    17:57:02.0295 2136 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    17:57:02.0355 2136 SensrSvc - ok
    17:57:02.0395 2136 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    17:57:02.0395 2136 Serenum - ok
    17:57:02.0435 2136 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    17:57:02.0435 2136 Serial - ok
    17:57:02.0475 2136 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    17:57:02.0475 2136 sermouse - ok
    17:57:02.0525 2136 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    17:57:02.0535 2136 SessionEnv - ok
    17:57:02.0545 2136 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    17:57:02.0545 2136 sffdisk - ok
    17:57:02.0585 2136 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    17:57:02.0585 2136 sffp_mmc - ok
    17:57:02.0595 2136 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    17:57:02.0595 2136 sffp_sd - ok
    17:57:02.0665 2136 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    17:57:02.0675 2136 sfloppy - ok
    17:57:02.0745 2136 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    17:57:02.0755 2136 SharedAccess - ok
    17:57:02.0815 2136 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    17:57:02.0835 2136 ShellHWDetection - ok
    17:57:02.0895 2136 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    17:57:02.0895 2136 SiSRaid2 - ok
    17:57:02.0915 2136 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    17:57:02.0915 2136 SiSRaid4 - ok
    17:57:02.0945 2136 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    17:57:02.0945 2136 Smb - ok
    17:57:02.0985 2136 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    17:57:02.0995 2136 SNMPTRAP - ok
    17:57:03.0035 2136 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    17:57:03.0035 2136 spldr - ok
    17:57:03.0085 2136 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    17:57:03.0105 2136 Spooler - ok
    17:57:03.0265 2136 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    17:57:03.0385 2136 sppsvc - ok
    17:57:03.0445 2136 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    17:57:03.0485 2136 sppuinotify - ok
    17:57:03.0595 2136 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
    17:57:03.0625 2136 SRTSP - ok
    17:57:03.0675 2136 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
    17:57:03.0675 2136 SRTSPX - ok
    17:57:03.0725 2136 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    17:57:03.0745 2136 srv - ok
    17:57:03.0795 2136 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    17:57:03.0815 2136 srv2 - ok
    17:57:03.0885 2136 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    17:57:03.0885 2136 srvnet - ok
    17:57:03.0955 2136 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    17:57:03.0965 2136 SSDPSRV - ok
    17:57:04.0015 2136 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    17:57:04.0015 2136 SstpSvc - ok
    17:57:04.0065 2136 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    17:57:04.0065 2136 stexstor - ok
    17:57:04.0145 2136 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    17:57:04.0165 2136 stisvc - ok
    17:57:04.0245 2136 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    17:57:04.0245 2136 storflt - ok
    17:57:04.0265 2136 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    17:57:04.0265 2136 storvsc - ok
    17:57:04.0325 2136 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    17:57:04.0325 2136 swenum - ok
    17:57:04.0605 2136 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    17:57:04.0625 2136 SwitchBoard - ok
    17:57:04.0715 2136 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    17:57:04.0735 2136 swprv - ok
    17:57:04.0805 2136 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
    17:57:04.0825 2136 SymDS - ok
    17:57:04.0915 2136 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
    17:57:04.0945 2136 SymEFA - ok
    17:57:05.0015 2136 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    17:57:05.0025 2136 SymEvent - ok
    17:57:05.0085 2136 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
    17:57:05.0085 2136 SymIRON - ok
    17:57:05.0145 2136 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS
    17:57:05.0165 2136 SymNetS - ok
    17:57:05.0225 2136 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
    17:57:05.0235 2136 Synth3dVsc - ok
    17:57:05.0315 2136 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    17:57:05.0375 2136 SysMain - ok
    17:57:05.0385 2136 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    17:57:05.0395 2136 TabletInputService - ok
    17:57:05.0435 2136 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    17:57:05.0445 2136 TapiSrv - ok
    17:57:05.0495 2136 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    17:57:05.0525 2136 TBS - ok
    17:57:05.0625 2136 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    17:57:05.0725 2136 Tcpip - ok
    17:57:05.0825 2136 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    17:57:05.0835 2136 TCPIP6 - ok
    17:57:05.0885 2136 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    17:57:05.0895 2136 tcpipreg - ok
    17:57:05.0955 2136 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    17:57:05.0955 2136 TDPIPE - ok
    17:57:06.0015 2136 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    17:57:06.0025 2136 TDTCP - ok
    17:57:06.0055 2136 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    17:57:06.0055 2136 tdx - ok
    17:57:06.0105 2136 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    17:57:06.0105 2136 TermDD - ok
    17:57:06.0155 2136 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
    17:57:06.0155 2136 terminpt - ok
    17:57:06.0235 2136 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    17:57:06.0265 2136 TermService - ok
    17:57:06.0305 2136 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    17:57:06.0335 2136 Themes - ok
    17:57:06.0405 2136 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    17:57:06.0405 2136 THREADORDER - ok
    17:57:06.0465 2136 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    17:57:06.0475 2136 TrkWks - ok
    17:57:06.0545 2136 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    17:57:06.0565 2136 TrustedInstaller - ok
    17:57:06.0615 2136 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:57:06.0615 2136 tssecsrv - ok
    17:57:06.0675 2136 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    17:57:06.0685 2136 TsUsbFlt - ok
    17:57:06.0705 2136 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    17:57:06.0705 2136 TsUsbGD - ok
    17:57:06.0735 2136 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
    17:57:06.0745 2136 tsusbhub - ok
    17:57:06.0805 2136 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    17:57:06.0805 2136 tunnel - ok
    17:57:06.0815 2136 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    17:57:06.0825 2136 uagp35 - ok
    17:57:06.0855 2136 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    17:57:06.0865 2136 udfs - ok
    17:57:06.0935 2136 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    17:57:06.0935 2136 UI0Detect - ok
    17:57:06.0985 2136 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    17:57:06.0985 2136 uliagpkx - ok
    17:57:07.0045 2136 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    17:57:07.0045 2136 umbus - ok
    17:57:07.0075 2136 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    17:57:07.0075 2136 UmPass - ok
    17:57:07.0115 2136 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    17:57:07.0125 2136 UmRdpService - ok
    17:57:07.0185 2136 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    17:57:07.0195 2136 upnphost - ok
    17:57:07.0275 2136 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    17:57:07.0275 2136 USBAAPL64 - ok
    17:57:07.0305 2136 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    17:57:07.0315 2136 usbccgp - ok
    17:57:07.0385 2136 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    17:57:07.0385 2136 usbcir - ok
    17:57:07.0445 2136 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    17:57:07.0445 2136 usbehci - ok
    17:57:07.0515 2136 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    17:57:07.0535 2136 usbhub - ok
    17:57:07.0595 2136 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    17:57:07.0595 2136 usbohci - ok
    17:57:07.0645 2136 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    17:57:07.0645 2136 usbprint - ok
    17:57:07.0685 2136 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    17:57:07.0715 2136 usbscan - ok
    17:57:07.0765 2136 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:57:07.0775 2136 USBSTOR - ok
    17:57:07.0835 2136 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    17:57:07.0845 2136 usbuhci - ok
    17:57:07.0905 2136 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    17:57:07.0905 2136 UxSms - ok
    17:57:07.0915 2136 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    17:57:07.0915 2136 VaultSvc - ok
    17:57:07.0925 2136 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    17:57:07.0925 2136 vdrvroot - ok
    17:57:07.0995 2136 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    17:57:08.0005 2136 vds - ok
    17:57:08.0065 2136 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    17:57:08.0065 2136 vga - ok
    17:57:08.0085 2136 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    17:57:08.0085 2136 VgaSave - ok
    17:57:08.0085 2136 VGPU - ok
    17:57:08.0125 2136 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    17:57:08.0125 2136 vhdmp - ok
    17:57:08.0165 2136 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    17:57:08.0165 2136 viaide - ok
    17:57:08.0215 2136 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    17:57:08.0215 2136 vmbus - ok
    17:57:08.0255 2136 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    17:57:08.0265 2136 VMBusHID - ok
    17:57:08.0325 2136 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    17:57:08.0325 2136 volmgr - ok
    17:57:08.0395 2136 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    17:57:08.0405 2136 volmgrx - ok
    17:57:08.0455 2136 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    17:57:08.0455 2136 volsnap - ok
    17:57:08.0515 2136 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    17:57:08.0515 2136 vsmraid - ok
    17:57:08.0605 2136 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    17:57:08.0655 2136 VSS - ok
    17:57:08.0745 2136 [ 93132C69394A99D992095D8CFE464801 ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
    17:57:08.0765 2136 VST64HWBS2 - ok
    17:57:08.0835 2136 [ 02071D207A9858FBE3A48CBFD59C4A04 ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    17:57:08.0875 2136 VST64_DPV - ok
    17:57:08.0935 2136 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    17:57:08.0935 2136 vwifibus - ok
    17:57:08.0985 2136 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    17:57:08.0985 2136 vwififlt - ok
    17:57:09.0035 2136 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    17:57:09.0055 2136 W32Time - ok
    17:57:09.0115 2136 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    17:57:09.0115 2136 WacomPen - ok
    17:57:09.0165 2136 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    17:57:09.0165 2136 WANARP - ok
    17:57:09.0175 2136 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    17:57:09.0175 2136 Wanarpv6 - ok
    17:57:09.0305 2136 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    17:57:09.0335 2136 WatAdminSvc - ok
    17:57:09.0425 2136 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    17:57:09.0465 2136 wbengine - ok
    17:57:09.0515 2136 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    17:57:09.0515 2136 WbioSrvc - ok
    17:57:09.0575 2136 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    17:57:09.0595 2136 wcncsvc - ok
    17:57:09.0635 2136 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    17:57:09.0635 2136 WcsPlugInService - ok
    17:57:09.0655 2136 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    17:57:09.0655 2136 Wd - ok
    17:57:09.0715 2136 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    17:57:09.0735 2136 Wdf01000 - ok
    17:57:09.0785 2136 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    17:57:09.0785 2136 WdiServiceHost - ok
    17:57:09.0795 2136 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    17:57:09.0795 2136 WdiSystemHost - ok
    17:57:09.0845 2136 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    17:57:09.0845 2136 WebClient - ok
    17:57:09.0905 2136 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    17:57:09.0915 2136 Wecsvc - ok
    17:57:09.0965 2136 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    17:57:09.0965 2136 wercplsupport - ok
    17:57:10.0025 2136 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    17:57:10.0025 2136 WerSvc - ok
    17:57:10.0085 2136 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    17:57:10.0085 2136 WfpLwf - ok
    17:57:10.0135 2136 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    17:57:10.0135 2136 WIMMount - ok
    17:57:10.0195 2136 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    17:57:10.0215 2136 winachsf - ok
    17:57:10.0265 2136 WinDefend - ok
    17:57:10.0315 2136 WinHttpAutoProxySvc - ok
    17:57:10.0455 2136 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    17:57:10.0455 2136 Winmgmt - ok
    17:57:10.0555 2136 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    17:57:10.0655 2136 WinRM - ok
    17:57:10.0745 2136 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    17:57:10.0745 2136 WinUsb - ok
    17:57:10.0825 2136 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    17:57:10.0855 2136 Wlansvc - ok
    17:57:10.0905 2136 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    17:57:10.0905 2136 WmiAcpi - ok
    17:57:10.0975 2136 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    17:57:10.0975 2136 wmiApSrv - ok
    17:57:11.0025 2136 WMPNetworkSvc - ok
    17:57:11.0095 2136 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    17:57:11.0095 2136 WPCSvc - ok
    17:57:11.0115 2136 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    17:57:11.0115 2136 WPDBusEnum - ok
    17:57:11.0195 2136 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    17:57:11.0195 2136 ws2ifsl - ok
    17:57:11.0205 2136 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    17:57:11.0215 2136 wscsvc - ok
    17:57:11.0215 2136 WSearch - ok
    17:57:11.0335 2136 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    17:57:11.0455 2136 wuauserv - ok
    17:57:11.0495 2136 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    17:57:11.0505 2136 WudfPf - ok
    17:57:11.0555 2136 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:57:11.0565 2136 WUDFRd - ok
    17:57:11.0635 2136 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    17:57:11.0635 2136 wudfsvc - ok
    17:57:11.0695 2136 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    17:57:11.0705 2136 WwanSvc - ok
    17:57:11.0815 2136 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    17:57:11.0835 2136 YahooAUService - ok
    17:57:11.0875 2136 ================ Scan global ===============================
    17:57:11.0925 2136 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    17:57:11.0985 2136 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    17:57:11.0985 2136 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    17:57:12.0055 2136 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    17:57:12.0115 2136 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    17:57:12.0125 2136 [Global] - ok
    17:57:12.0125 2136 ================ Scan MBR ==================================
    17:57:12.0195 2136 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    17:57:12.0195 2136 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    17:57:12.0225 2136 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    17:57:12.0225 2136 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    17:57:12.0225 2136 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    17:57:12.0235 2136 \Device\Harddisk1\DR1 - ok
    17:57:12.0245 2136 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk6\DR9
    17:57:14.0915 2136 \Device\Harddisk6\DR9 - ok
    17:57:14.0915 2136 ================ Scan VBR ==================================
    17:57:14.0915 2136 [ 9D678453D2FB0ACCAB7E7767067B8844 ] \Device\Harddisk0\DR0\Partition1
    17:57:14.0925 2136 \Device\Harddisk0\DR0\Partition1 - ok
    17:57:14.0955 2136 [ 14AFDF5CFBC9359AF32DA62239DC0108 ] \Device\Harddisk0\DR0\Partition2
    17:57:14.0955 2136 \Device\Harddisk0\DR0\Partition2 - ok
    17:57:14.0955 2136 [ 22FC5DF176425465F2A735243C700C1F ] \Device\Harddisk1\DR1\Partition1
    17:57:14.0955 2136 \Device\Harddisk1\DR1\Partition1 - ok
    17:57:14.0965 2136 [ 8EBE0E0E0571413D5A0433F69B030010 ] \Device\Harddisk6\DR9\Partition1
    17:57:14.0965 2136 \Device\Harddisk6\DR9\Partition1 - ok
    17:57:14.0965 2136 ============================================================
    17:57:14.0965 2136 Scan finished
    17:57:14.0965 2136 ============================================================
    17:57:14.0975 2992 Detected object count: 1
    17:57:14.0975 2992 Actual detected object count: 1
    17:58:33.0357 2992 \Device\Harddisk0\DR0\# - copied to quarantine
    17:58:33.0358 2992 \Device\Harddisk0\DR0 - copied to quarantine
    17:58:33.0427 2992 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    17:58:33.0428 2992 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    17:58:33.0432 2992 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    17:58:33.0435 2992 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    17:58:33.0443 2992 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    17:58:33.0449 2992 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    17:58:33.0450 2992 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    17:58:33.0451 2992 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    17:58:33.0452 2992 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    17:58:33.0454 2992 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    17:58:33.0456 2992 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    17:58:33.0457 2992 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    17:58:33.0459 2992 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    17:58:33.0460 2992 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    17:58:33.0482 2992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    17:58:33.0483 2992 \Device\Harddisk0\DR0 - ok
    17:58:33.0841 2992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    17:58:43.0060 2200 Deinitialize success
     
  14. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    18:00:55.0062 2796 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    18:00:55.0561 2796 ============================================================
    18:00:55.0561 2796 Current date / time: 2012/10/20 18:00:55.0561
    18:00:55.0561 2796 SystemInfo:
    18:00:55.0561 2796
    18:00:55.0561 2796 OS Version: 6.1.7601 ServicePack: 1.0
    18:00:55.0561 2796 Product type: Workstation
    18:00:55.0561 2796 ComputerName: PRADEEPS-PC
    18:00:55.0561 2796 UserName: Pradeep
    18:00:55.0561 2796 Windows directory: C:\Windows
    18:00:55.0561 2796 System windows directory: C:\Windows
    18:00:55.0561 2796 Running under WOW64
    18:00:55.0561 2796 Processor architecture: Intel x64
    18:00:55.0561 2796 Number of processors: 2
    18:00:55.0561 2796 Page size: 0x1000
    18:00:55.0561 2796 Boot type: Normal boot
    18:00:55.0561 2796 ============================================================
    18:00:57.0371 2796 BG loaded
    18:00:58.0229 2796 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:00:58.0276 2796 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:00:58.0307 2796 Drive \Device\Harddisk7\DR7 - Size: 0x3EC80000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:00:58.0307 2796 ============================================================
    18:00:58.0307 2796 \Device\Harddisk0\DR0:
    18:00:58.0322 2796 MBR partitions:
    18:00:58.0322 2796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C4CE374
    18:00:58.0322 2796 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C4CE3B3, BlocksNum 0xCF61CE
    18:00:58.0322 2796 \Device\Harddisk1\DR1:
    18:00:58.0322 2796 MBR partitions:
    18:00:58.0322 2796 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
    18:00:58.0322 2796 \Device\Harddisk7\DR7:
    18:00:58.0322 2796 MBR partitions:
    18:00:58.0322 2796 \Device\Harddisk7\DR7\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F63E0
    18:00:58.0322 2796 ============================================================
    18:00:58.0369 2796 C: <-> \Device\Harddisk0\DR0\Partition1
    18:00:58.0369 2796 D: <-> \Device\Harddisk1\DR1\Partition1
    18:00:58.0416 2796 E: <-> \Device\Harddisk0\DR0\Partition2
    18:00:58.0416 2796 ============================================================
    18:00:58.0416 2796 Initialize success
    18:00:58.0416 2796 ============================================================
    18:01:59.0347 2452 Deinitialize success
     
  15. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    18:02:38.0300 2468 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    18:02:38.0846 2468 ============================================================
    18:02:38.0846 2468 Current date / time: 2012/10/20 18:02:38.0846
    18:02:38.0846 2468 SystemInfo:
    18:02:38.0846 2468
    18:02:38.0846 2468 OS Version: 6.1.7601 ServicePack: 1.0
    18:02:38.0846 2468 Product type: Workstation
    18:02:38.0846 2468 ComputerName: PRADEEPS-PC
    18:02:38.0846 2468 UserName: Pradeep
    18:02:38.0846 2468 Windows directory: C:\Windows
    18:02:38.0846 2468 System windows directory: C:\Windows
    18:02:38.0846 2468 Running under WOW64
    18:02:38.0846 2468 Processor architecture: Intel x64
    18:02:38.0846 2468 Number of processors: 2
    18:02:38.0846 2468 Page size: 0x1000
    18:02:38.0846 2468 Boot type: Normal boot
    18:02:38.0846 2468 ============================================================
    18:02:40.0156 2468 BG loaded
    18:02:40.0468 2468 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:02:40.0468 2468 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:02:40.0499 2468 Drive \Device\Harddisk7\DR7 - Size: 0x3EC80000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:02:40.0499 2468 ============================================================
    18:02:40.0499 2468 \Device\Harddisk0\DR0:
    18:02:40.0499 2468 MBR partitions:
    18:02:40.0499 2468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C4CE374
    18:02:40.0499 2468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C4CE3B3, BlocksNum 0xCF61CE
    18:02:40.0499 2468 \Device\Harddisk1\DR1:
    18:02:40.0499 2468 MBR partitions:
    18:02:40.0499 2468 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
    18:02:40.0499 2468 \Device\Harddisk7\DR7:
    18:02:40.0499 2468 MBR partitions:
    18:02:40.0499 2468 \Device\Harddisk7\DR7\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F63E0
    18:02:40.0499 2468 ============================================================
    18:02:40.0515 2468 C: <-> \Device\Harddisk0\DR0\Partition1
    18:02:40.0515 2468 D: <-> \Device\Harddisk1\DR1\Partition1
    18:02:40.0562 2468 E: <-> \Device\Harddisk0\DR0\Partition2
    18:02:40.0562 2468 ============================================================
    18:02:40.0562 2468 Initialize success
    18:02:40.0562 2468 ============================================================
     
  16. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Very good :)

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  17. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Pradeep [Admin rights]
    Mode : Remove -- Date : 10/20/2012 22:22:05
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [TASK][SUSP PATH] {BD022B09-C8D6-4009-B650-6BF8E4B6DC33} : C:\Windows\system32\pcalua.exe -a "C:\Users\Pradeep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZZEEK9A\yahoo_toolbar_install_helper[1].exe" -d C:\Users\Pradeep\Desktop -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD2500JS-60NCB1 +++++
    --- User ---
    [MBR] 3b718d5442bbd772df1404e597df77eb
    [BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231836 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 474801075 | Size: 6636 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: WDC WD2500JS-60NCB1 +++++
    --- User ---
    [MBR] 6ac237a7eeefc2fdb4fb5aa6a592afda
    [BSP] 286306c573c129d14883e8b0a731d479 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  18. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Pradeep [Admin rights]
    Mode : Scan -- Date : 10/20/2012 22:21:19
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 7 ¤¤¤
    [TASK][SUSP PATH] {BD022B09-C8D6-4009-B650-6BF8E4B6DC33} : C:\Windows\system32\pcalua.exe -a "C:\Users\Pradeep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZZEEK9A\yahoo_toolbar_install_helper[1].exe" -d C:\Users\Pradeep\Desktop -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD2500JS-60NCB1 +++++
    --- User ---
    [MBR] 3b718d5442bbd772df1404e597df77eb
    [BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231836 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 474801075 | Size: 6636 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: WDC WD2500JS-60NCB1 +++++
    --- User ---
    [MBR] 6ac237a7eeefc2fdb4fb5aa6a592afda
    [BSP] 286306c573c129d14883e8b0a731d479 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  19. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Pradeep [Admin rights]
    Mode : Remove -- Date : 10/20/2012 22:22:05
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [TASK][SUSP PATH] {BD022B09-C8D6-4009-B650-6BF8E4B6DC33} : C:\Windows\system32\pcalua.exe -a "C:\Users\Pradeep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZZEEK9A\yahoo_toolbar_install_helper[1].exe" -d C:\Users\Pradeep\Desktop -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD2500JS-60NCB1 +++++
    --- User ---
    [MBR] 3b718d5442bbd772df1404e597df77eb
    [BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231836 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 474801075 | Size: 6636 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: WDC WD2500JS-60NCB1 +++++
    --- User ---
    [MBR] 6ac237a7eeefc2fdb4fb5aa6a592afda
    [BSP] 286306c573c129d14883e8b0a731d479 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  20. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.10.21.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Pradeep :: PRADEEPS-PC [administrator]
    10/20/2012 10:25:46 PM
    mbam-log-2012-10-20 (22-25-46).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199615
    Time elapsed: 3 minute(s),
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    (end)
     
  21. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-20 22:38:16
    -----------------------------
    22:38:16.824 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:38:16.824 Number of processors: 2 586 0xF06
    22:38:16.824 ComputerName: PRADEEPS-PC UserName: Pradeep
    22:38:18.040 Initialize success
    22:39:43.397 AVAST engine defs: 12102001
    22:39:54.239 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
    22:39:54.255 Disk 0 Vendor: WDC_WD25 10.0 Size: 238475MB BusType: 8
    22:39:54.255 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
    22:39:54.255 Disk 1 Vendor: WDC_WD25 10.0 Size: 238475MB BusType: 8
    22:39:54.271 Disk 0 MBR read successfully
    22:39:54.286 Disk 0 MBR scan
    22:39:54.286 Disk 0 Windows 7 default MBR code
    22:39:54.286 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 231836 MB offset 63
    22:39:54.317 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6636 MB offset 474801075
    22:39:54.380 Disk 0 scanning C:\Windows\system32\drivers
    22:40:09.279 Service scanning
    22:40:43.561 Modules scanning
    22:40:43.561 Disk 0 trace - called modules:
    22:40:43.577 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
    22:40:43.577 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003374120]
    22:40:43.592 3 CLASSPNP.SYS[fffff88001ab643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8002e4f050]
    22:40:46.119 AVAST engine scan C:\Windows
    22:40:48.818 AVAST engine scan C:\Windows\system32
    22:44:23.314 AVAST engine scan C:\Windows\system32\drivers
    22:44:44.639 AVAST engine scan C:\Users\Pradeep
    22:45:07.337 Disk 0 MBR has been saved successfully to "C:\Users\Pradeep\Desktop\MBR.dat"
    22:45:07.353 The log file has been saved successfully to "C:\Users\Pradeep\Desktop\aswMBR.txt"
     
  22. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  23. Pete26

    Pete26 TS Rookie Topic Starter Posts: 30

    Ran the Combofix after installing it to the desktop of the infected machine. Combofix restarted the machine.
    But started facing another issue after the restart. I could not access " "C:\ComboFix.txt" for the log.
    Getting an error message "Illegal operation atttempted on a registry key that has been marked for deletion", when click on the windows explorer or IE.
    Attached below is the log that Combofix created and displayed in notepad before restarting the machine.

    ComboFix 12-10-21.02 - Pradeep 10/21/2012 11:13:17.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1196 [GMT -5:00]
    Running from: c:\users\Pradeep\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Pradeep\videos\iLividSetupV1.exe
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\wpcap.dll
    D:\install.exe
    .
    Infected copy of c:\windows\system32\Services.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_npf
    -------\Service_nvsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-21 16:22 . 2012-10-21 16:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-20 22:58 . 2012-10-20 22:58 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-20 04:34 . 2012-10-20 04:34 -------- d-----w- C:\FRST
    2012-10-20 02:35 . 2012-10-20 02:35 -------- d-----w- c:\programdata\NVIDIA
    2012-10-20 02:22 . 2012-10-20 02:22 -------- d-----w- c:\programdata\NVIDIA Corporation
    2012-10-20 02:21 . 2012-10-20 02:25 -------- d-----w- c:\program files\NVIDIA Corporation
    2012-10-19 02:47 . 2012-10-19 02:47 -------- d-----w- c:\users\Pradeep\AppData\Roaming\SUPERAntiSpyware.com
    2012-10-19 02:47 . 2012-10-19 02:47 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-10-19 02:47 . 2012-10-19 02:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-10-19 02:42 . 2012-10-19 02:42 -------- d-----w- c:\programdata\Kaspersky Lab
    2012-10-18 02:37 . 2012-10-18 02:37 -------- d-----w- c:\users\Pradeep\AppData\Roaming\Malwarebytes
    2012-10-18 02:36 . 2012-10-18 02:36 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-18 02:36 . 2012-10-18 03:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-18 02:36 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-17 23:14 . 2012-10-17 23:14 -------- d-----w- c:\users\Pradeep\AppData\Local\ElevatedDiagnostics
    2012-10-17 02:57 . 2012-10-17 03:14 -------- d-----w- c:\users\Pradeep\AppData\Local\NPE
    2012-10-11 03:05 . 2012-10-11 03:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-10-10 13:07 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
    2012-10-10 13:07 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-10-10 13:07 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-10-10 13:07 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-10-10 13:07 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
    2012-10-10 13:07 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
    2012-10-10 13:07 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-10 13:07 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-10 13:07 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-10 13:07 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 13:07 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-10-10 13:07 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-10-09 02:39 . 2012-10-09 02:39 -------- d-----w- c:\users\Pradeep\AppData\Local\CrashDumps
    2012-10-08 13:43 . 2012-10-09 01:06 -------- d-----w- C:\w
    2012-10-08 13:43 . 2012-10-08 13:43 -------- d-----w- C:\skins
    2012-10-08 13:43 . 2012-10-08 13:43 -------- d-----w- C:\Cache
    2012-10-07 01:01 . 2012-10-07 01:01 -------- d-----w- c:\users\Pradeep\AppData\Roaming\Media Player Classic
    2012-10-06 22:26 . 2012-10-07 01:47 -------- d-----w- c:\users\Pradeep\AppData\Roaming\IDM
    2012-10-06 22:26 . 2012-10-21 16:23 -------- d-----w- c:\users\Pradeep\AppData\Roaming\DMCache
    2012-10-06 22:26 . 2012-10-06 22:26 -------- d-----w- c:\program files (x86)\Internet Download Manager
    2012-10-06 21:26 . 2012-10-06 21:26 -------- d-----w- c:\users\Pradeep\AppData\Local\Ilivid Player
    2012-10-06 21:25 . 2012-10-20 04:14 -------- dc-h--w- c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}
    2012-10-06 21:24 . 2012-10-06 21:24 -------- d-----w- c:\users\Pradeep\AppData\Local\PackageAware
    2012-10-03 03:14 . 2012-10-03 03:14 -------- d-----w- c:\windows\Sun
    2012-10-02 04:19 . 2012-10-02 04:20 -------- d-----w- c:\program files (x86)\Java
    2012-10-02 04:19 . 2012-10-02 04:19 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-10-02 03:12 . 2012-10-04 03:58 -------- d-----w- c:\program files (x86)\Yahoo SiteBuilder
    2012-10-02 00:11 . 2012-10-16 01:51 -------- d-----w- c:\windows\system32\drivers\N360x64\0604000.009
    2012-09-27 15:08 . 2012-09-27 18:07 160992 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2012-09-25 18:59 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-22 18:12 . 2012-09-12 12:02 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 12:02 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 12:02 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 12:02 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-20 17:38 . 2012-10-10 13:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-02 17:58 . 2012-09-12 12:02 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 12:02 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-23 39408]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-09-27 3532224]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" [2010-05-21 324976]
    "OmniPage Preload"="c:\program files (x86)\Nuance\OmniPage18\OmniPage.exe" [2011-05-10 1466144]
    "Nuance OmniPage 18-reminder"="c:\program files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" [2010-10-27 333088]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 116648]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 116648]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-24 1255736]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2012-03-29 451192]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121019.001\IDSvia64.sys [2012-10-10 513184]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2012-03-29 190072]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2012-03-29 405624]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-12 138912]
    S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-06-20 20:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 00:33]
    .
    2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 00:33]
    .
    2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2262249602-3662098830-2808129073-1000Core.job
    - c:\users\Pradeep\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 00:33]
    .
    2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2262249602-3662098830-2808129073-1000UA.job
    - c:\users\Pradeep\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 00:33]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/?fr=fp-tyc8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.220.222
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-OpAgent - OpAgent.exe
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    SafeBoot-66171102.sys
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
    04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a9,5b,fd,8e,5f,ac,cd,01
    .
    [HKEY_USERS\S-1-5-21-2262249602-3662098830-2808129073-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):d4,c4,9a,40,2f,be,57,ac,2c,62,db,1b,d0,d5,68,6e,f8,a9,b1,30,7d,
    df,3a,74,41,88,2a,d0,1e,3e,df,ed,d4,0b,9f,f1,ce,df,b9,ce,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-2262249602-3662098830-2808129073-1000_Classes\Wow6432Node\CLSID\{c37861b1-326f-4c2b-90b9-dfc3b59b50e2}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000126
    "Therad"=dword:00000010
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
    @Denied: (A 2) (Everyone)
    @="FlashProp Class"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\ZillaTube\\Flash10u.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\ZillaTube\\Flash10u.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\ZillaTube\\Flash10u.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\ZillaTube\\Flash10u.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-21 11:33:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-21 16:33
    .
    Pre-Run: 145,174,585,344 bytes free
    Post-Run: 145,035,476,992 bytes free
    .
    - - End Of File - - CBF6BB2D8AC33698E029A5D707B71224
     
  24. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    How about reading my instructions carefully?
     
  25. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Combofix log looks good.

    Any current issues?

    ================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.