TechSpot

Website redirects and hidden files in folders

Solved
By Brockr11
Oct 4, 2012
  1. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.04.11

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.18005
    brock :: BROCK-PC [administrator]

    10/4/2012 6:29:26 PM
    mbam-log-2012-10-04 (18-45-30).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 236820
    Time elapsed: 15 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 4
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E596DF5F-4239-4D40-8367-EBADF0165917} (Rogue.Installer) -> No action taken.
    HKCU\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> No action taken.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSWUpdate (Trojan.Agent) -> Data: "C:\Users\brock\AppData\Roaming\lsass.exe" -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  2. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-10-04 19:15:24
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST332082 rev.3.AH
    Running: s2j02fly.exe; Driver: C:\Users\brock\AppData\Local\Temp\uwloqpog.sys
    ---- System - GMER 1.0.15 ----
    Code \SystemRoot\System32\Drivers\aswSP.SYS ZwCreateProcessEx [0x96923966]
    Code \SystemRoot\System32\Drivers\aswSP.SYS ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS ObMakeTemporaryObject
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS
    AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.7.2
    Run by brock at 19:20:30 on 2012-10-04
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.937 [GMT -4:00]
    .
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\LEXBCES.EXE
    C:\Windows\System32\LEXPPS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Windows\system32\lxczcoms.exe
    C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Real\realplayer\Update\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\brock\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\svchost.exe -k wdisvc
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.3.0.14\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.3.0.14\ips\IPSBHO.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.3.0.14\coIEPlg.dll
    uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Google Update] "c:\users\brock\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [<NO NAME>]
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: AOL &Dictionary Search - file:///c:\program files\common files\aol\AOLSearch/AOLDictionary.htm
    IE: AOL &Thesaurus Search - file:///c:\program files\common files\aol\AOLSearch/AOLThesauras.htm
    IE: AOL &Video Search - file:///c:\program files\common files\aol\AOLSearch/AOLVideo.htm
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{BC1206EB-AE85-4833-901F-16AFF14E1757} : DhcpNameServer = 75.75.75.75 75.75.76.76
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\brock\appdata\roaming\mozilla\firefox\profiles\etr2fqqs.default\
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\brock\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0603000.00e\symds.sys [2012-9-30 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0603000.00e\symefa.sys [2012-9-30 924320]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]
    R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0603000.00e\ccsetx86.sys [2012-9-30 132768]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\ipsdefs\20121003.001\IDSvix86.sys [2012-10-3 386720]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0603000.00e\ironx86.sys [2012-9-30 149624]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0603000.00e\symtdiv.sys [2012-9-30 345208]
    R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-3 21504]
    R2 N360;Norton 360;c:\program files\norton 360\engine\6.3.0.14\ccsvchst.exe [2012-9-30 138272]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-26 24652]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
    RUnknown aswFsBlk;aswFsBlk; [x]
    RUnknown aswMonFlt;aswMonFlt; [x]
    RUnknown aswSnx;aswSnx; [x]
    RUnknown aswSP;aswSP; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250568]
    S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-10-04 22:28:32--------d-----w-c:\users\brock\appdata\roaming\Malwarebytes
    2012-10-04 22:28:296980552----a-w-c:\programdata\microsoft\windows defender\definition updates\{98c8f7f7-a1f1-4d62-ad3c-ad26171fffb8}\mpengine.dll
    2012-10-04 22:27:36--------d-----w-c:\programdata\Malwarebytes
    2012-10-04 22:27:2722856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-10-04 22:27:27--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-10-04 16:23:23--------d-----w-c:\programdata\AVAST Software
    2012-10-04 16:23:23--------d-----w-c:\program files\AVAST Software
    2012-10-03 06:30:22--------d-----w-c:\program files\ESET
    2012-10-03 06:28:14--------d-----w-C:\TDSSKiller_Quarantine
    2012-10-02 00:39:16924320----a-w-c:\windows\system32\drivers\n360\0604000.009\symefa.sys
    2012-10-02 00:39:16574112----a-w-c:\windows\system32\drivers\n360\0604000.009\srtsp.sys
    2012-10-02 00:39:16345208----a-r-c:\windows\system32\drivers\n360\0604000.009\symtdiv.sys
    2012-10-02 00:39:16340088----a-r-c:\windows\system32\drivers\n360\0604000.009\symds.sys
    2012-10-02 00:39:1632928----a-w-c:\windows\system32\drivers\n360\0604000.009\srtspx.sys
    2012-10-02 00:39:16318584----a-r-c:\windows\system32\drivers\n360\0604000.009\symnets.sys
    2012-10-02 00:39:16149624----a-r-c:\windows\system32\drivers\n360\0604000.009\ironx86.sys
    2012-10-02 00:39:16132768----a-w-c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys
    2012-10-02 00:38:598942----a-w-c:\windows\system32\drivers\n360\0604000.009\symvtcer.dat
    2012-10-02 00:38:59--------d-----w-c:\windows\system32\drivers\n360\0604000.009
    2012-09-30 16:27:15--------d-----w-c:\windows\system32\N360_BACKUP
    2012-09-30 14:23:05924320----a-w-c:\windows\system32\drivers\n360\0603000.00e\symefa.sys
    2012-09-30 14:23:05574112----a-w-c:\windows\system32\drivers\n360\0603000.00e\srtsp.sys
    2012-09-30 14:23:05345208----a-r-c:\windows\system32\drivers\n360\0603000.00e\symtdiv.sys
    2012-09-30 14:23:05340088----a-r-c:\windows\system32\drivers\n360\0603000.00e\symds.sys
    2012-09-30 14:23:0532928----a-w-c:\windows\system32\drivers\n360\0603000.00e\srtspx.sys
    2012-09-30 14:23:05318584----a-r-c:\windows\system32\drivers\n360\0603000.00e\symnets.sys
    2012-09-30 14:23:05149624----a-r-c:\windows\system32\drivers\n360\0603000.00e\ironx86.sys
    2012-09-30 14:23:05132768----a-w-c:\windows\system32\drivers\n360\0603000.00e\ccsetx86.sys
    2012-09-30 14:22:13--------d-----w-c:\windows\system32\drivers\n360\0603000.00E
    2012-09-30 14:15:31141944----a-w-c:\windows\system32\drivers\SYMEVENT.SYS
    2012-09-30 14:15:31--------d-----w-c:\program files\Symantec
    2012-09-30 14:09:32--------d-----w-c:\windows\system32\drivers\N360
    2012-09-30 14:09:25--------d-----w-c:\program files\Norton 360
    2012-09-30 14:05:27--------d-----w-c:\programdata\NortonInstaller
    2012-09-30 14:05:27--------d-----w-c:\program files\NortonInstaller
    2012-09-27 15:26:32--------d-----w-c:\users\brock\appdata\local\Windows Live
    2012-09-27 15:26:32--------d-----w-c:\program files\common files\Windows Live
    2012-09-19 22:29:09--------d-----w-c:\program files\Jnes
    2012-09-14 05:05:2526840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-14 05:04:31--------d-----w-c:\program files\iPod
    2012-09-14 05:04:28--------d-----w-c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-14 05:04:28--------d-----w-c:\program files\iTunes
    2012-09-08 16:26:3593672----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2012-09-05 00:10:32--------d-----w-C:\IDEALDVDCOPY_TEMP
    2012-09-05 00:04:53--------d-----w-c:\program files\DVDFab
    2012-09-05 00:00:17--------d-----w-c:\programdata\dvdfab
    .
    ==================== Find3M ====================
    .
    2012-09-08 16:26:27821736----a-w-c:\windows\system32\npDeployJava1.dll
    2012-09-08 16:26:27746984----a-w-c:\windows\system32\deployJava1.dll
    2012-08-29 21:39:5973416----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-29 21:39:59696520----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-08-24 15:53:28834048----a-w-c:\windows\system32\wininet.dll
    2012-08-24 14:07:05389632----a-w-c:\windows\system32\html.iec
    2012-08-24 13:41:581383424----a-w-c:\windows\system32\mshtml.tlb
    2012-08-23 15:22:45499712----a-w-c:\windows\system32\msvcp71.dll
    2012-08-23 15:22:45348160----a-w-c:\windows\system32\msvcr71.dll
    2012-08-21 17:01:22106928----a-w-c:\windows\system32\GEARAspi.dll
    2012-07-09 17:42:564547984----a-w-c:\windows\system32\usbaaplrc.dll
    2012-07-09 17:42:5644032----a-w-c:\windows\system32\drivers\usbaapl.sys
    .
    ============= FINISH: 19:21:43.03 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/31/2007 8:37:51 PM
    System Uptime: 10/4/2012 6:57:45 PM (1 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | LEONITE
    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Socket 775 | 1867/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 292 GiB total, 207.301 GiB free.
    D: is FIXED (NTFS) - 6 GiB total, 0.883 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) PRO/100 VE Network Connection
    Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_2A50103C&REV_01\4&33087CF&0&40F0
    Manufacturer: Intel
    Name: Intel(R) PRO/100 VE Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_2A50103C&REV_01\4&33087CF&0&40F0
    Service: E100B
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Adobe Acrobat 4.0
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 7.1.0
    Adobe Shockwave Player
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 4
    Bonjour
    Compatibility Pack for the 2007 Office system
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2
    DVDFab 8.0.8.5 (19/03/2011)
    DVDFab 8.2.0.8 (29/08/2012) Qt
    DVDFab Decrypter 3.0.8.0
    DVDFab Gold 4.0.6.2
    DVDFab HD Decrypter 4.0.6.2
    EA SPORTS online 2007
    Enhanced Multimedia Keyboard Solution
    ESET Online Scanner v3
    Google Chrome
    Hardware Diagnostic Tools
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Easy Setup - Core
    HP Easy Setup - Frontend
    HP Picasso Media Center Add-In
    HP Update
    Intel(R) Graphics Media Accelerator Driver
    Intel® Viiv™ Software
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java 7 Update 7
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 31
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    Java(TM) SE Runtime Environment 6 Update 1
    JavaFX 2.1.1
    Lexmark 1200 Series
    LightScribe 1.4.124.1
    LiveUpdate Notice (Symantec Corporation)
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office Excel Viewer
    Microsoft Office Excel Viewer 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MobileMe Control Panel
    Mozilla Firefox 15.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 5.0
    My HP Games
    Nikon Message Center
    Nikon Transfer
    Norton 360
    Norton Internet Security
    OcxSetup
    OGA Notifier 2.0.0048.0
    Python 2.4.3
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    RTC Client API v1.2
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Soft Data Fax Modem with SmartCP
    SUPERAntiSpyware Free Edition
    Tiger Woods PGA TOUR 07
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    USB Driver
    Viewpoint Media Player
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xvid 1.1.3 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/30/2012 9:59:36 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.137.142.0 Loading engine version: 1.1.8704.0
    9/30/2012 9:52:36 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
    9/30/2012 1:31:01 PM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
    9/27/2012 5:13:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.137.613.0).
    9/27/2012 5:12:39 PM, Error: Microsoft Antimalware [2003] -
    9/27/2012 11:46:47 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.137.603.0).
    10/4/2012 6:59:46 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/4/2012 6:44:06 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.
    10/4/2012 5:55:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
    10/4/2012 5:35:45 PM, Error: EventLog [6008] - The previous system shutdown at 5:33:14 PM on 10/4/2012 was unexpected.
    10/4/2012 3:06:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    10/4/2012 3:05:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    10/4/2012 12:52:34 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    10/4/2012 12:52:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    10/4/2012 12:49:16 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
    10/4/2012 12:42:48 PM, Error: EventLog [6008] - The previous system shutdown at 12:34:26 PM on 10/4/2012 was unexpected.
    10/4/2012 11:46:44 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.106 for the Network Card with network address 00112FFCBD4C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    10/4/2012 1:24:40 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050800d Error description: Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again. Signatures loading: Backup Loading signature version: 1.137.635.0 Loading engine version: 1.1.8800.0
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Your MBAM log says "No action taken".
    Re-run it, fix all issues and post new log.

    Next...

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.
     
  4. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    Thanks Broni. Should I run a full scan?
     
  5. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Quick scan will be fine.
     
  6. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.04.11

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.18005
    brock :: BROCK-PC [administrator]

    10/4/2012 8:34:05 PM
    mbam-log-2012-10-04 (20-34-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 236626
    Time elapsed: 6 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  7. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    Unhide by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Unhide.exe can be found at this link:
    http://www.bleepingcomputer.com/forums/topic405109.html

    Program started at: 10/04/2012 08:48:50 PM
    Windows Version: Windows Vista

    Please be patient while your files are made visible again.

    Processing the C:\ drive
    Finished processing the C:\ drive. 253536 files processed.

    Processing the D:\ drive
    Finished processing the D:\ drive. 6098 files processed.

    Processing the F:\ drive
    Finished processing the F:\ drive. 0 files processed.

    Processing the G:\ drive
    Finished processing the G:\ drive. 0 files processed.

    Processing the H:\ drive
    Finished processing the H:\ drive. 0 files processed.

    Processing the I:\ drive
    Finished processing the I:\ drive. 0 files processed.

    The C:\Users\brock\AppData\Local\Temp\smtmp\ folder does not exist!!
    Unhide cannot restore your missing shortcuts!!
    Please see this topic in order to learn how to restore default
    Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

    Searching for Windows Registry changes made by FakeHDD rogues.
    - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    No registry changes detected.

    Restarting Explorer.exe in order to apply changes.

    Program finished at: 10/04/2012 09:00:20 PM
    Execution time: 0 hours(s), 11 minute(s), and 30 seconds(s)

    The pictures and music files seem to be back to normal.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Cool :)

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  9. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    21:57:50.0676 1492 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    21:57:52.0679 1492 ============================================================
    21:57:52.0679 1492 Current date / time: 2012/10/04 21:57:52.0679
    21:57:52.0679 1492 SystemInfo:
    21:57:52.0679 1492
    21:57:52.0679 1492 OS Version: 6.0.6002 ServicePack: 2.0
    21:57:52.0679 1492 Product type: Workstation
    21:57:52.0680 1492 ComputerName: BROCK-PC
    21:57:52.0680 1492 UserName: brock
    21:57:52.0680 1492 Windows directory: C:\Windows
    21:57:52.0680 1492 System windows directory: C:\Windows
    21:57:52.0680 1492 Processor architecture: Intel x86
    21:57:52.0680 1492 Number of processors: 2
    21:57:52.0680 1492 Page size: 0x1000
    21:57:52.0680 1492 Boot type: Normal boot
    21:57:52.0680 1492 ============================================================
    21:57:54.0418 1492 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    21:57:54.0531 1492 ============================================================
    21:57:54.0531 1492 \Device\Harddisk0\DR0:
    21:57:54.0532 1492 MBR partitions:
    21:57:54.0533 1492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x247A130F
    21:57:54.0533 1492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x247A134E, BlocksNum 0xC8C373
    21:57:54.0533 1492 ============================================================
    21:57:54.0673 1492 C: <-> \Device\Harddisk0\DR0\Partition1
    21:57:54.0821 1492 D: <-> \Device\Harddisk0\DR0\Partition2
    21:57:55.0092 1492 ============================================================
    21:57:55.0092 1492 Initialize success
    21:57:55.0092 1492 ============================================================
    21:58:00.0363 4644 ============================================================
    21:58:00.0363 4644 Scan started
    21:58:00.0363 4644 Mode: Manual;
    21:58:00.0363 4644 ============================================================
    21:58:00.0866 4644 ================ Scan system memory ========================
    21:58:00.0866 4644 System memory - ok
    21:58:00.0867 4644 ================ Scan services =============================
    21:58:01.0277 4644 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    21:58:01.0282 4644 ACPI - ok
    21:58:01.0391 4644 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    21:58:01.0433 4644 AdobeFlashPlayerUpdateSvc - ok
    21:58:01.0484 4644 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    21:58:01.0512 4644 adp94xx - ok
    21:58:01.0552 4644 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
    21:58:01.0558 4644 adpahci - ok
    21:58:01.0646 4644 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    21:58:01.0670 4644 adpu160m - ok
    21:58:01.0712 4644 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    21:58:01.0716 4644 adpu320 - ok
    21:58:01.0751 4644 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:58:01.0752 4644 AeLookupSvc - ok
    21:58:01.0842 4644 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    21:58:01.0848 4644 AFD - ok
    21:58:01.0889 4644 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
    21:58:01.0891 4644 agp440 - ok
    21:58:01.0922 4644 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    21:58:01.0925 4644 aic78xx - ok
    21:58:02.0084 4644 [ C86D177967D27C80E466D4ED95C26DB9 ] AlertService C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    21:58:02.0112 4644 AlertService - ok
    21:58:02.0150 4644 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    21:58:02.0168 4644 ALG - ok
    21:58:02.0205 4644 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
    21:58:02.0229 4644 aliide - ok
    21:58:02.0265 4644 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    21:58:02.0267 4644 amdagp - ok
    21:58:02.0286 4644 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
    21:58:02.0288 4644 amdide - ok
    21:58:02.0298 4644 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    21:58:02.0301 4644 AmdK7 - ok
    21:58:02.0309 4644 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    21:58:02.0311 4644 AmdK8 - ok
    21:58:02.0355 4644 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    21:58:02.0356 4644 Appinfo - ok
    21:58:02.0443 4644 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:58:02.0466 4644 Apple Mobile Device - ok
    21:58:02.0492 4644 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
    21:58:02.0495 4644 arc - ok
    21:58:02.0524 4644 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    21:58:02.0527 4644 arcsas - ok
    21:58:02.0566 4644 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:58:02.0568 4644 AsyncMac - ok
    21:58:02.0605 4644 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
    21:58:02.0607 4644 atapi - ok
    21:58:02.0670 4644 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:58:02.0689 4644 AudioEndpointBuilder - ok
    21:58:02.0698 4644 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    21:58:02.0701 4644 Audiosrv - ok
    21:58:02.0798 4644 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    21:58:02.0800 4644 Beep - ok
    21:58:02.0845 4644 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
    21:58:02.0851 4644 BFE - ok
    21:58:03.0111 4644 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120928.001\BHDrvx86.sys
    21:58:03.0162 4644 BHDrvx86 - ok
    21:58:03.0234 4644 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
    21:58:03.0260 4644 BITS - ok
    21:58:03.0267 4644 blbdrive - ok
    21:58:03.0346 4644 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    21:58:03.0353 4644 Bonjour Service - ok
    21:58:03.0389 4644 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:58:03.0392 4644 bowser - ok
    21:58:03.0431 4644 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    21:58:03.0449 4644 BrFiltLo - ok
    21:58:03.0487 4644 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    21:58:03.0489 4644 BrFiltUp - ok
    21:58:03.0527 4644 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    21:58:03.0529 4644 Browser - ok
    21:58:03.0561 4644 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    21:58:03.0564 4644 Brserid - ok
    21:58:03.0595 4644 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    21:58:03.0598 4644 BrSerWdm - ok
    21:58:03.0620 4644 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    21:58:03.0622 4644 BrUsbMdm - ok
    21:58:03.0647 4644 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    21:58:03.0649 4644 BrUsbSer - ok
    21:58:03.0673 4644 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    21:58:03.0675 4644 BTHMODEM - ok
    21:58:03.0765 4644 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys
    21:58:03.0769 4644 ccSet_N360 - ok
    21:58:03.0804 4644 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:58:03.0807 4644 cdfs - ok
    21:58:03.0912 4644 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    21:58:03.0934 4644 cdrom - ok
    21:58:03.0994 4644 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    21:58:03.0996 4644 CertPropSvc - ok
    21:58:04.0018 4644 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
    21:58:04.0020 4644 circlass - ok
    21:58:04.0063 4644 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    21:58:04.0068 4644 CLFS - ok
    21:58:04.0328 4644 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:58:04.0331 4644 clr_optimization_v2.0.50727_32 - ok
    21:58:04.0449 4644 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:58:04.0474 4644 clr_optimization_v4.0.30319_32 - ok
    21:58:04.0511 4644 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    21:58:04.0513 4644 cmdide - ok
    21:58:04.0530 4644 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    21:58:04.0532 4644 Compbatt - ok
    21:58:04.0541 4644 COMSysApp - ok
    21:58:04.0565 4644 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    21:58:04.0567 4644 crcdisk - ok
    21:58:04.0636 4644 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    21:58:04.0654 4644 Crusoe - ok
    21:58:04.0716 4644 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:58:04.0719 4644 CryptSvc - ok
    21:58:04.0813 4644 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:58:04.0860 4644 DcomLaunch - ok
    21:58:04.0907 4644 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:58:04.0907 4644 DfsC - ok
    21:58:05.0047 4644 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    21:58:05.0110 4644 DFSR - ok
    21:58:05.0234 4644 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    21:58:05.0234 4644 Dhcp - ok
    21:58:05.0281 4644 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    21:58:05.0281 4644 disk - ok
    21:58:05.0328 4644 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:58:05.0328 4644 Dnscache - ok
    21:58:05.0359 4644 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    21:58:05.0359 4644 dot3svc - ok
    21:58:05.0406 4644 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    21:58:05.0406 4644 DPS - ok
    21:58:05.0531 4644 [ A0B584C33F55545D56F9E71FB4E203AC ] DQLWinService C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    21:58:05.0546 4644 DQLWinService - ok
    21:58:05.0562 4644 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:58:05.0578 4644 drmkaud - ok
    21:58:05.0858 4644 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:58:05.0874 4644 DXGKrnl - ok
    21:58:05.0921 4644 [ D00EEAE1CACD77A1A8396BBC19140BBA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
    21:58:05.0921 4644 E100B - ok
    21:58:05.0968 4644 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    21:58:05.0968 4644 E1G60 - ok
    21:58:06.0014 4644 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    21:58:06.0014 4644 EapHost - ok
    21:58:06.0061 4644 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    21:58:06.0077 4644 Ecache - ok
    21:58:06.0139 4644 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    21:58:06.0139 4644 eeCtrl - ok
    21:58:06.0311 4644 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    21:58:06.0358 4644 ehRecvr - ok
    21:58:06.0389 4644 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
    21:58:06.0404 4644 ehSched - ok
    21:58:06.0436 4644 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
    21:58:06.0436 4644 ehstart - ok
    21:58:06.0467 4644 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
    21:58:06.0482 4644 elxstor - ok
    21:58:06.0592 4644 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    21:58:06.0607 4644 EMDMgmt - ok
    21:58:06.0654 4644 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    21:58:06.0670 4644 EventSystem - ok
    21:58:06.0701 4644 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    21:58:06.0716 4644 exfat - ok
    21:58:06.0763 4644 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:58:06.0763 4644 fastfat - ok
    21:58:06.0810 4644 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    21:58:06.0810 4644 fdc - ok
    21:58:06.0841 4644 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    21:58:06.0841 4644 fdPHost - ok
    21:58:06.0872 4644 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    21:58:06.0872 4644 FDResPub - ok
    21:58:06.0919 4644 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:58:06.0919 4644 FileInfo - ok
    21:58:06.0966 4644 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:58:06.0966 4644 Filetrace - ok
    21:58:06.0997 4644 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    21:58:06.0997 4644 flpydisk - ok
    21:58:07.0044 4644 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:58:07.0044 4644 FltMgr - ok
    21:58:07.0122 4644 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    21:58:07.0184 4644 FontCache - ok
    21:58:07.0247 4644 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    21:58:07.0247 4644 FontCache3.0.0.0 - ok
    21:58:07.0278 4644 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:58:07.0278 4644 Fs_Rec - ok
    21:58:07.0294 4644 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    21:58:07.0294 4644 gagp30kx - ok
    21:58:07.0356 4644 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
    21:58:07.0356 4644 GEARAspiWDM - ok
    21:58:07.0403 4644 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    21:58:07.0434 4644 gpsvc - ok
    21:58:07.0465 4644 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    21:58:07.0496 4644 HdAudAddService - ok
    21:58:07.0543 4644 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:58:07.0559 4644 HDAudBus - ok
    21:58:07.0590 4644 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    21:58:07.0590 4644 HidBth - ok
    21:58:07.0606 4644 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    21:58:07.0606 4644 HidIr - ok
    21:58:07.0637 4644 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
    21:58:07.0637 4644 hidserv - ok
    21:58:07.0652 4644 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    21:58:07.0652 4644 HidUsb - ok
    21:58:07.0684 4644 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:58:07.0684 4644 hkmsvc - ok
    21:58:07.0699 4644 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    21:58:07.0699 4644 HpCISSs - ok
    21:58:07.0777 4644 [ 88749FBF8BEB18C90E7D6626C8C1910B ] HSF_DP C:\Windows\system32\DRIVERS\HSX_DP.sys
    21:58:07.0793 4644 HSF_DP - ok
    21:58:07.0808 4644 [ FE440536BD98AF772130DC3A6FE1915F ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
    21:58:07.0840 4644 HSXHWBS2 - ok
    21:58:07.0886 4644 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:58:07.0902 4644 HTTP - ok
    21:58:07.0902 4644 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    21:58:07.0918 4644 i2omp - ok
    21:58:07.0964 4644 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    21:58:07.0964 4644 i8042prt - ok
    21:58:08.0027 4644 [ 25C3D5F66A74A7BDDECA56085F040D2E ] iaStor C:\Windows\system32\drivers\iastor.sys
    21:58:08.0027 4644 iaStor - ok
    21:58:08.0042 4644 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    21:58:08.0058 4644 iaStorV - ok
    21:58:08.0152 4644 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    21:58:08.0152 4644 IDriverT - ok
    21:58:08.0245 4644 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    21:58:08.0276 4644 idsvc - ok
    21:58:08.0370 4644 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121004.001\IDSvix86.sys
    21:58:08.0386 4644 IDSVix86 - ok
    21:58:08.0479 4644 [ 62F534791AE488A475A3E508D92AF4CC ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
    21:58:08.0557 4644 igfx - ok
    21:58:08.0620 4644 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    21:58:08.0635 4644 iirsp - ok
    21:58:08.0682 4644 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    21:58:08.0698 4644 IKEEXT - ok
    21:58:08.0869 4644 [ EDC37B918E583A5A813C53D4F5588255 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    21:58:08.0916 4644 IntcAzAudAddService - ok
    21:58:08.0963 4644 [ CE5AF42679DD85947D2D287594F22CE0 ] IntelDHSvcConf C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
    21:58:08.0963 4644 IntelDHSvcConf - ok
    21:58:08.0994 4644 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
    21:58:08.0994 4644 intelide - ok
    21:58:09.0025 4644 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    21:58:09.0025 4644 intelppm - ok
    21:58:09.0072 4644 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:58:09.0072 4644 IPBusEnum - ok
    21:58:09.0103 4644 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:58:09.0103 4644 IpFilterDriver - ok
    21:58:09.0150 4644 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    21:58:09.0150 4644 iphlpsvc - ok
    21:58:09.0166 4644 IpInIp - ok
    21:58:09.0228 4644 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    21:58:09.0228 4644 IPMIDRV - ok
    21:58:09.0275 4644 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    21:58:09.0275 4644 IPNAT - ok
    21:58:09.0306 4644 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    21:58:09.0337 4644 iPod Service - ok
    21:58:09.0384 4644 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:58:09.0384 4644 IRENUM - ok
    21:58:09.0400 4644 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    21:58:09.0400 4644 isapnp - ok
    21:58:09.0446 4644 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    21:58:09.0446 4644 iScsiPrt - ok
    21:58:09.0524 4644 [ E29BA28F76C5A703E7F30F74CF36DF22 ] ISSM C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    21:58:09.0556 4644 ISSM - ok
    21:58:09.0602 4644 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    21:58:09.0602 4644 iteatapi - ok
    21:58:09.0618 4644 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    21:58:09.0618 4644 iteraid - ok
    21:58:09.0649 4644 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    21:58:09.0649 4644 kbdclass - ok
    21:58:09.0665 4644 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    21:58:09.0665 4644 kbdhid - ok
    21:58:09.0696 4644 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    21:58:09.0696 4644 KeyIso - ok
    21:58:09.0774 4644 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:58:09.0821 4644 KSecDD - ok
    21:58:09.0883 4644 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:58:09.0914 4644 KtmRm - ok
    21:58:09.0946 4644 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
    21:58:09.0961 4644 LanmanServer - ok
    21:58:09.0977 4644 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:58:09.0977 4644 LanmanWorkstation - ok
    21:58:10.0039 4644 [ A1043645D16915DF12A6F2E049922A18 ] LexBceS C:\Windows\System32\LEXBCES.EXE
    21:58:10.0039 4644 LexBceS - ok
    21:58:10.0086 4644 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    21:58:10.0102 4644 LightScribeService - ok
    21:58:10.0164 4644 [ DEB2A99C1AD9B9190C78E895AE60A745 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    21:58:10.0211 4644 LiveUpdate Notice Service - ok
    21:58:10.0242 4644 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    21:58:10.0242 4644 lltdio - ok
    21:58:10.0273 4644 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:58:10.0273 4644 lltdsvc - ok
    21:58:10.0304 4644 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:58:10.0304 4644 lmhosts - ok
    21:58:10.0351 4644 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    21:58:10.0382 4644 LSI_FC - ok
    21:58:10.0414 4644 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    21:58:10.0429 4644 LSI_SAS - ok
    21:58:10.0445 4644 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    21:58:10.0445 4644 LSI_SCSI - ok
    21:58:10.0476 4644 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    21:58:10.0476 4644 luafv - ok
    21:58:10.0492 4644 lxcz_device - ok
    21:58:10.0523 4644 [ 7B073FD0133346D0E555353F164057D7 ] M1 Server C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    21:58:10.0554 4644 M1 Server - ok
    21:58:10.0648 4644 [ 7BBA15CA5A2AA4E50C7CBFB78D11DB25 ] MCLServiceATL C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    21:58:10.0694 4644 MCLServiceATL - ok
    21:58:10.0741 4644 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    21:58:10.0741 4644 Mcx2Svc - ok
    21:58:10.0772 4644 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
    21:58:10.0772 4644 mdmxsdk - ok
    21:58:10.0804 4644 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
    21:58:10.0804 4644 megasas - ok
    21:58:10.0819 4644 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    21:58:10.0819 4644 MMCSS - ok
    21:58:10.0882 4644 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    21:58:10.0897 4644 Modem - ok
    21:58:10.0944 4644 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:58:10.0944 4644 monitor - ok
    21:58:10.0975 4644 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    21:58:10.0975 4644 mouclass - ok
    21:58:11.0006 4644 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:58:11.0006 4644 mouhid - ok
    21:58:11.0100 4644 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    21:58:11.0100 4644 MountMgr - ok
    21:58:11.0178 4644 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
    21:58:11.0194 4644 mpio - ok
    21:58:11.0225 4644 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:58:11.0240 4644 mpsdrv - ok
    21:58:11.0287 4644 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
    21:58:11.0287 4644 MpsSvc - ok
    21:58:11.0318 4644 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    21:58:11.0318 4644 Mraid35x - ok
    21:58:11.0365 4644 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:58:11.0396 4644 MRxDAV - ok
    21:58:11.0443 4644 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:58:11.0443 4644 mrxsmb - ok
    21:58:11.0474 4644 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:58:11.0474 4644 mrxsmb10 - ok
    21:58:11.0506 4644 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:58:11.0506 4644 mrxsmb20 - ok
    21:58:11.0537 4644 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
    21:58:11.0537 4644 msahci - ok
    21:58:11.0552 4644 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    21:58:11.0552 4644 msdsm - ok
    21:58:11.0599 4644 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    21:58:11.0599 4644 MSDTC - ok
    21:58:11.0677 4644 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:58:11.0677 4644 Msfs - ok
    21:58:11.0708 4644 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    21:58:11.0708 4644 msisadrv - ok
    21:58:11.0724 4644 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:58:11.0740 4644 MSiSCSI - ok
    21:58:11.0740 4644 msiserver - ok
    21:58:11.0786 4644 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
     
  10. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    21:58:11.0786 4644 MSKSSRV - ok
    21:58:11.0802 4644 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:58:11.0818 4644 MSPCLOCK - ok
    21:58:11.0818 4644 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:58:11.0818 4644 MSPQM - ok
    21:58:11.0880 4644 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:58:11.0880 4644 MsRPC - ok
    21:58:11.0911 4644 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    21:58:11.0927 4644 mssmbios - ok
    21:58:11.0927 4644 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:58:11.0927 4644 MSTEE - ok
    21:58:11.0958 4644 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    21:58:11.0974 4644 Mup - ok
    21:58:12.0020 4644 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
    21:58:12.0020 4644 N360 - ok
    21:58:12.0067 4644 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    21:58:12.0067 4644 napagent - ok
    21:58:12.0114 4644 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:58:12.0114 4644 NativeWifiP - ok
    21:58:12.0208 4644 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121004.002\NAVENG.SYS
    21:58:12.0208 4644 NAVENG - ok
    21:58:12.0301 4644 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121004.002\NAVEX15.SYS
    21:58:12.0348 4644 NAVEX15 - ok
    21:58:12.0410 4644 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:58:12.0410 4644 NDIS - ok
    21:58:12.0442 4644 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    21:58:12.0442 4644 NdisTapi - ok
    21:58:12.0473 4644 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:58:12.0488 4644 Ndisuio - ok
    21:58:12.0520 4644 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:58:12.0520 4644 NdisWan - ok
    21:58:12.0551 4644 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:58:12.0551 4644 NDProxy - ok
    21:58:12.0566 4644 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:58:12.0566 4644 NetBIOS - ok
    21:58:12.0613 4644 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    21:58:12.0613 4644 netbt - ok
    21:58:12.0629 4644 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    21:58:12.0629 4644 Netlogon - ok
    21:58:12.0676 4644 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
    21:58:12.0691 4644 Netman - ok
    21:58:12.0722 4644 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
    21:58:12.0722 4644 netprofm - ok
    21:58:12.0769 4644 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:58:12.0769 4644 NetTcpPortSharing - ok
    21:58:12.0800 4644 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    21:58:12.0800 4644 nfrd960 - ok
    21:58:12.0832 4644 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:58:12.0847 4644 NlaSvc - ok
    21:58:12.0878 4644 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:58:12.0878 4644 Npfs - ok
    21:58:12.0910 4644 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
    21:58:12.0910 4644 nsi - ok
    21:58:12.0941 4644 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:58:12.0941 4644 nsiproxy - ok
    21:58:13.0003 4644 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:58:13.0034 4644 Ntfs - ok
    21:58:13.0066 4644 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    21:58:13.0066 4644 ntrigdigi - ok
    21:58:13.0066 4644 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    21:58:13.0081 4644 Null - ok
    21:58:13.0097 4644 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
    21:58:13.0097 4644 nvraid - ok
    21:58:13.0112 4644 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
    21:58:13.0112 4644 nvstor - ok
    21:58:13.0128 4644 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    21:58:13.0128 4644 nv_agp - ok
    21:58:13.0128 4644 NwlnkFlt - ok
    21:58:13.0144 4644 NwlnkFwd - ok
    21:58:13.0190 4644 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    21:58:13.0206 4644 ohci1394 - ok
    21:58:13.0253 4644 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:58:13.0253 4644 ose - ok
    21:58:13.0284 4644 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    21:58:13.0331 4644 p2pimsvc - ok
    21:58:13.0362 4644 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    21:58:13.0362 4644 p2psvc - ok
    21:58:13.0393 4644 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
    21:58:13.0393 4644 Parport - ok
    21:58:13.0424 4644 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:58:13.0424 4644 partmgr - ok
    21:58:13.0456 4644 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    21:58:13.0456 4644 Parvdm - ok
    21:58:13.0502 4644 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:58:13.0502 4644 PcaSvc - ok
    21:58:13.0549 4644 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    21:58:13.0549 4644 pci - ok
    21:58:13.0565 4644 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
    21:58:13.0565 4644 pciide - ok
    21:58:13.0580 4644 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    21:58:13.0580 4644 pcmcia - ok
    21:58:13.0643 4644 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
    21:58:13.0643 4644 pcouffin - ok
    21:58:13.0690 4644 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:58:13.0705 4644 PEAUTH - ok
    21:58:13.0783 4644 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    21:58:13.0830 4644 pla - ok
    21:58:13.0861 4644 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:58:13.0861 4644 PlugPlay - ok
    21:58:13.0892 4644 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    21:58:13.0924 4644 PNRPAutoReg - ok
    21:58:13.0939 4644 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    21:58:13.0939 4644 PNRPsvc - ok
    21:58:13.0955 4644 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:58:13.0986 4644 PolicyAgent - ok
    21:58:14.0017 4644 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:58:14.0017 4644 PptpMiniport - ok
    21:58:14.0033 4644 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
    21:58:14.0033 4644 Processor - ok
    21:58:14.0064 4644 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    21:58:14.0080 4644 ProfSvc - ok
    21:58:14.0095 4644 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:58:14.0095 4644 ProtectedStorage - ok
    21:58:14.0126 4644 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
    21:58:14.0142 4644 Ps2 - ok
    21:58:14.0158 4644 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    21:58:14.0173 4644 PSched - ok
    21:58:14.0189 4644 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
    21:58:14.0236 4644 PxHelp20 - ok
    21:58:14.0282 4644 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    21:58:14.0345 4644 ql2300 - ok
    21:58:14.0360 4644 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    21:58:14.0360 4644 ql40xx - ok
    21:58:14.0407 4644 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    21:58:14.0423 4644 QWAVE - ok
    21:58:14.0454 4644 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:58:14.0454 4644 QWAVEdrv - ok
    21:58:14.0501 4644 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:58:14.0501 4644 RasAcd - ok
    21:58:14.0532 4644 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    21:58:14.0548 4644 RasAuto - ok
    21:58:14.0594 4644 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:58:14.0594 4644 Rasl2tp - ok
    21:58:14.0641 4644 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    21:58:14.0641 4644 RasMan - ok
    21:58:14.0672 4644 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:58:14.0672 4644 RasPppoe - ok
    21:58:14.0719 4644 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:58:14.0719 4644 RasSstp - ok
    21:58:14.0766 4644 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:58:14.0766 4644 rdbss - ok
    21:58:14.0813 4644 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:58:14.0813 4644 RDPCDD - ok
    21:58:14.0844 4644 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    21:58:14.0844 4644 rdpdr - ok
    21:58:14.0860 4644 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:58:14.0860 4644 RDPENCDD - ok
    21:58:14.0891 4644 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:58:14.0906 4644 RDPWD - ok
    21:58:14.0938 4644 [ 752402F6BD5FA012805813C329F88DD3 ] Remote UI Service C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    21:58:14.0953 4644 Remote UI Service - ok
    21:58:15.0000 4644 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:58:15.0000 4644 RemoteAccess - ok
    21:58:15.0031 4644 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:58:15.0047 4644 RemoteRegistry - ok
    21:58:15.0062 4644 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    21:58:15.0062 4644 RpcLocator - ok
    21:58:15.0109 4644 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    21:58:15.0125 4644 RpcSs - ok
    21:58:15.0156 4644 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    21:58:15.0156 4644 rspndr - ok
    21:58:15.0156 4644 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    21:58:15.0156 4644 SamSs - ok
    21:58:15.0234 4644 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    21:58:15.0234 4644 SASDIFSV - ok
    21:58:15.0265 4644 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    21:58:15.0265 4644 SASENUM - ok
    21:58:15.0281 4644 [ 67D2688756DD304AF655349BAAD82BFF ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    21:58:15.0281 4644 SASKUTIL - ok
    21:58:15.0312 4644 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    21:58:15.0312 4644 sbp2port - ok
    21:58:15.0374 4644 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:58:15.0374 4644 SCardSvr - ok
    21:58:15.0421 4644 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    21:58:15.0437 4644 Schedule - ok
    21:58:15.0515 4644 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:58:15.0515 4644 SCPolicySvc - ok
    21:58:15.0562 4644 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:58:15.0577 4644 SDRSVC - ok
    21:58:15.0593 4644 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:58:15.0608 4644 secdrv - ok
    21:58:15.0655 4644 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    21:58:15.0655 4644 seclogon - ok
    21:58:15.0702 4644 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
    21:58:15.0702 4644 SENS - ok
    21:58:15.0718 4644 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
    21:58:15.0718 4644 Serenum - ok
    21:58:15.0749 4644 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
    21:58:15.0749 4644 Serial - ok
    21:58:15.0796 4644 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    21:58:15.0796 4644 sermouse - ok
    21:58:15.0842 4644 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    21:58:15.0858 4644 SessionEnv - ok
    21:58:15.0874 4644 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    21:58:15.0874 4644 sffdisk - ok
    21:58:15.0889 4644 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    21:58:15.0889 4644 sffp_mmc - ok
    21:58:15.0905 4644 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    21:58:15.0905 4644 sffp_sd - ok
    21:58:15.0920 4644 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    21:58:15.0920 4644 sfloppy - ok
    21:58:15.0952 4644 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    21:58:15.0967 4644 SharedAccess - ok
    21:58:15.0998 4644 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:58:16.0014 4644 ShellHWDetection - ok
    21:58:16.0030 4644 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    21:58:16.0030 4644 sisagp - ok
    21:58:16.0045 4644 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    21:58:16.0045 4644 SiSRaid2 - ok
    21:58:16.0061 4644 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    21:58:16.0061 4644 SiSRaid4 - ok
    21:58:16.0170 4644 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    21:58:16.0248 4644 slsvc - ok
    21:58:16.0326 4644 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    21:58:16.0326 4644 SLUINotify - ok
    21:58:16.0373 4644 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:58:16.0373 4644 Smb - ok
    21:58:16.0404 4644 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:58:16.0404 4644 SNMPTRAP - ok
    21:58:16.0451 4644 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    21:58:16.0451 4644 spldr - ok
    21:58:16.0498 4644 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    21:58:16.0513 4644 Spooler - ok
    21:58:16.0576 4644 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\N360\0603000.00E\SRTSP.SYS
    21:58:16.0591 4644 SRTSP - ok
    21:58:16.0607 4644 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS
    21:58:16.0607 4644 SRTSPX - ok
    21:58:16.0654 4644 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:58:16.0654 4644 srv - ok
    21:58:16.0700 4644 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:58:16.0700 4644 srv2 - ok
    21:58:16.0716 4644 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:58:16.0716 4644 srvnet - ok
    21:58:16.0763 4644 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:58:16.0778 4644 SSDPSRV - ok
    21:58:16.0825 4644 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:58:16.0841 4644 SstpSvc - ok
    21:58:16.0888 4644 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    21:58:16.0888 4644 stisvc - ok
    21:58:16.0919 4644 [ D4CE4D370A26AE1BF41BE9F69D24D049 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    21:58:16.0950 4644 stllssvr - ok
    21:58:16.0981 4644 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    21:58:16.0981 4644 swenum - ok
    21:58:17.0028 4644 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    21:58:17.0028 4644 swprv - ok
    21:58:17.0059 4644 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    21:58:17.0059 4644 Symc8xx - ok
    21:58:17.0090 4644 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\N360\0603000.00E\SYMDS.SYS
    21:58:17.0106 4644 SymDS - ok
    21:58:17.0153 4644 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\N360\0603000.00E\SYMEFA.SYS
    21:58:17.0168 4644 SymEFA - ok
    21:58:17.0200 4644 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
    21:58:17.0200 4644 SymEvent - ok
    21:58:17.0231 4644 SymIMMP - ok
    21:58:17.0246 4644 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS
    21:58:17.0262 4644 SymIRON - ok
    21:58:17.0309 4644 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\N360\0603000.00E\SYMTDIV.SYS
    21:58:17.0309 4644 SYMTDIv - ok
    21:58:17.0340 4644 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    21:58:17.0340 4644 Sym_hi - ok
    21:58:17.0356 4644 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    21:58:17.0356 4644 Sym_u3 - ok
    21:58:17.0402 4644 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    21:58:17.0418 4644 SysMain - ok
    21:58:17.0449 4644 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:58:17.0449 4644 TabletInputService - ok
    21:58:17.0496 4644 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:58:17.0496 4644 TapiSrv - ok
    21:58:17.0543 4644 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    21:58:17.0543 4644 TBS - ok
    21:58:17.0590 4644 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:58:17.0621 4644 Tcpip - ok
    21:58:17.0652 4644 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:58:17.0668 4644 Tcpip6 - ok
    21:58:17.0683 4644 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:58:17.0683 4644 tcpipreg - ok
    21:58:17.0714 4644 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:58:17.0714 4644 TDPIPE - ok
    21:58:17.0761 4644 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:58:17.0761 4644 TDTCP - ok
    21:58:17.0777 4644 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:58:17.0777 4644 tdx - ok
    21:58:17.0808 4644 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    21:58:17.0808 4644 TermDD - ok
    21:58:17.0855 4644 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    21:58:17.0855 4644 TermService - ok
    21:58:17.0886 4644 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    21:58:17.0886 4644 Themes - ok
    21:58:17.0902 4644 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    21:58:17.0902 4644 THREADORDER - ok
    21:58:17.0948 4644 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    21:58:17.0964 4644 TrkWks - ok
    21:58:18.0011 4644 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:58:18.0011 4644 TrustedInstaller - ok
    21:58:18.0026 4644 [ A7D055F92C8EA06849CEFC0E3AA78730 ] TSHWMDTCP C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
    21:58:18.0026 4644 TSHWMDTCP - ok
    21:58:18.0073 4644 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:58:18.0073 4644 tssecsrv - ok
    21:58:18.0104 4644 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    21:58:18.0104 4644 tunmp - ok
    21:58:18.0136 4644 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:58:18.0136 4644 tunnel - ok
    21:58:18.0167 4644 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    21:58:18.0167 4644 uagp35 - ok
    21:58:18.0214 4644 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:58:18.0214 4644 udfs - ok
    21:58:18.0245 4644 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:58:18.0245 4644 UI0Detect - ok
    21:58:18.0276 4644 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    21:58:18.0276 4644 uliagpkx - ok
    21:58:18.0323 4644 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
    21:58:18.0323 4644 uliahci - ok
    21:58:18.0354 4644 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    21:58:18.0354 4644 UlSata - ok
    21:58:18.0370 4644 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    21:58:18.0385 4644 ulsata2 - ok
    21:58:18.0416 4644 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    21:58:18.0416 4644 umbus - ok
    21:58:18.0432 4644 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
    21:58:18.0448 4644 UMPass - ok
    21:58:18.0479 4644 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    21:58:18.0494 4644 upnphost - ok
    21:58:18.0541 4644 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    21:58:18.0541 4644 USBAAPL - ok
    21:58:18.0588 4644 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:58:18.0588 4644 usbccgp - ok
    21:58:18.0619 4644 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    21:58:18.0619 4644 usbcir - ok
    21:58:18.0666 4644 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    21:58:18.0666 4644 usbehci - ok
    21:58:18.0713 4644 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    21:58:18.0713 4644 usbhub - ok
    21:58:18.0728 4644 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
    21:58:18.0744 4644 usbohci - ok
    21:58:18.0775 4644 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    21:58:18.0775 4644 usbprint - ok
    21:58:18.0806 4644 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    21:58:18.0806 4644 usbscan - ok
    21:58:18.0822 4644 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:58:18.0822 4644 USBSTOR - ok
    21:58:18.0853 4644 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    21:58:18.0853 4644 usbuhci - ok
    21:58:18.0900 4644 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    21:58:18.0900 4644 UxSms - ok
    21:58:18.0931 4644 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    21:58:18.0947 4644 vds - ok
    21:58:18.0962 4644 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:58:18.0962 4644 vga - ok
    21:58:19.0009 4644 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:58:19.0009 4644 VgaSave - ok
    21:58:19.0025 4644 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
    21:58:19.0025 4644 viaagp - ok
    21:58:19.0040 4644 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    21:58:19.0040 4644 ViaC7 - ok
    21:58:19.0056 4644 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
    21:58:19.0056 4644 viaide - ok
    21:58:19.0118 4644 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
    21:58:19.0134 4644 Viewpoint Manager Service - ok
    21:58:19.0165 4644 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    21:58:19.0165 4644 volmgr - ok
    21:58:19.0212 4644 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:58:19.0228 4644 volmgrx - ok
    21:58:19.0259 4644 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    21:58:19.0259 4644 volsnap - ok
    21:58:19.0290 4644 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    21:58:19.0306 4644 vsmraid - ok
    21:58:19.0337 4644 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    21:58:19.0384 4644 VSS - ok
    21:58:19.0430 4644 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    21:58:19.0430 4644 W32Time - ok
    21:58:19.0462 4644 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    21:58:19.0462 4644 WacomPen - ok
    21:58:19.0493 4644 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    21:58:19.0493 4644 Wanarp - ok
    21:58:19.0508 4644 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:58:19.0508 4644 Wanarpv6 - ok
    21:58:19.0540 4644 wanatw - ok
    21:58:19.0571 4644 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:58:19.0586 4644 wcncsvc - ok
    21:58:19.0602 4644 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:58:19.0618 4644 WcsPlugInService - ok
    21:58:19.0649 4644 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
    21:58:19.0649 4644 Wd - ok
    21:58:19.0696 4644 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:58:19.0711 4644 Wdf01000 - ok
    21:58:19.0742 4644 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:58:19.0742 4644 WdiServiceHost - ok
    21:58:19.0742 4644 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:58:19.0758 4644 WdiSystemHost - ok
    21:58:19.0789 4644 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    21:58:19.0805 4644 WebClient - ok
    21:58:19.0836 4644 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:58:19.0836 4644 Wecsvc - ok
    21:58:19.0867 4644 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:58:19.0883 4644 wercplsupport - ok
    21:58:19.0914 4644 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:58:19.0930 4644 WerSvc - ok
    21:58:19.0976 4644 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    21:58:19.0992 4644 winachsf - ok
    21:58:20.0054 4644 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    21:58:20.0054 4644 WinDefend - ok
    21:58:20.0070 4644 WinHttpAutoProxySvc - ok
    21:58:20.0132 4644 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:58:20.0132 4644 Winmgmt - ok
    21:58:20.0195 4644 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    21:58:20.0226 4644 WinRM - ok
    21:58:20.0273 4644 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:58:20.0288 4644 Wlansvc - ok
    21:58:20.0320 4644 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    21:58:20.0320 4644 WmiAcpi - ok
    21:58:20.0366 4644 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:58:20.0366 4644 wmiApSrv - ok
    21:58:20.0460 4644 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    21:58:20.0491 4644 WMPNetworkSvc - ok
    21:58:20.0522 4644 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:58:20.0522 4644 WPCSvc - ok
    21:58:20.0569 4644 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:58:20.0569 4644 WPDBusEnum - ok
    21:58:20.0600 4644 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    21:58:20.0600 4644 WpdUsb - ok
    21:58:20.0725 4644 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    21:58:20.0756 4644 WPFFontCache_v0400 - ok
    21:58:20.0803 4644 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:58:20.0803 4644 ws2ifsl - ok
    21:58:20.0850 4644 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
    21:58:20.0850 4644 wscsvc - ok
    21:58:20.0850 4644 WSearch - ok
    21:58:20.0928 4644 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    21:58:20.0990 4644 wuauserv - ok
    21:58:21.0022 4644 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:58:21.0037 4644 WUDFRd - ok
    21:58:21.0068 4644 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:58:21.0068 4644 wudfsvc - ok
    21:58:21.0115 4644 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
    21:58:21.0115 4644 XAudio - ok
    21:58:21.0131 4644 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
    21:58:21.0146 4644 XAudioService - ok
    21:58:21.0178 4644 [ A640C90B007762939507C28A021BE3B3 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    21:58:21.0178 4644 xusb21 - ok
    21:58:21.0193 4644 ================ Scan global ===============================
    21:58:21.0224 4644 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    21:58:21.0256 4644 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    21:58:21.0287 4644 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    21:58:21.0334 4644 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
    21:58:21.0334 4644 [Global] - ok
    21:58:21.0334 4644 ================ Scan MBR ==================================
    21:58:21.0365 4644 [ 8913823FF508CCF109DB74B636C301DA ] \Device\Harddisk0\DR0
    21:58:21.0755 4644 \Device\Harddisk0\DR0 - ok
    21:58:21.0755 4644 ================ Scan VBR ==================================
    21:58:21.0770 4644 [ DFC8E7B55315D01BF5D44EA965632C4A ] \Device\Harddisk0\DR0\Partition1
    21:58:21.0770 4644 \Device\Harddisk0\DR0\Partition1 - ok
    21:58:21.0802 4644 [ 8382EEB6EB3B94E14C03E0B6B5F6A762 ] \Device\Harddisk0\DR0\Partition2
    21:58:21.0802 4644 \Device\Harddisk0\DR0\Partition2 - ok
    21:58:21.0802 4644 ============================================================
    21:58:21.0802 4644 Scan finished
    21:58:21.0802 4644 ============================================================
    21:58:21.0817 2812 Detected object count: 0
    21:58:21.0817 2812 Actual detected object count: 0
     
     
  11. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    When you say close all the running programs after downloading Roguekiller, what exactly do you mean? Just the visible ones on the screen or background programs?
     
  12. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Visible ones.
     
  13. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : brock [Admin rights]
    Mode : Remove -- Date : 10/04/2012 22:46:11

    ¤¤¤ Bad processes : 2 ¤¤¤
    [RESIDUE] PIFSvc.exe -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> KILLED [TermProc]
    [RESIDUE] PIFSvc.exe -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][RESIDU] HKLM\[...]\Run : Symantec PIF AlertEng ("C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll") -> DELETED
    [Services][BLPATH] HKLM\[...]\ControlSet001\Services\LiveUpdate Notice Service ("C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /m PifEng.dll) -> DELETED
    [Services][BLPATH] HKLM\[...]\ControlSet003\Services\LiveUpdate Notice Service ("C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /m PifEng.dll) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[13] : NtAlertResumeThread @ 0x820A25C3 -> HOOKED (Unknown @ 0x87445998)
    SSDT[14] : NtAlertThread @ 0x8201B255 -> HOOKED (Unknown @ 0x87445A78)
    SSDT[21] : NtAlpcConnectPort @ 0x81FF9887 -> HOOKED (Unknown @ 0x8730ABF8)
    SSDT[42] : NtAssignProcessToJobObject @ 0x81FCCB43 -> HOOKED (Unknown @ 0x87734970)
    SSDT[67] : NtCreateMutant @ 0x8202F812 -> HOOKED (Unknown @ 0x87734F18)
    SSDT[77] : NtCreateSymbolicLinkObject @ 0x81FCF35A -> HOOKED (Unknown @ 0x87734690)
    SSDT[78] : NtCreateThread @ 0x820A0BE0 -> HOOKED (Unknown @ 0x87CB2270)
    SSDT[116] : NtDebugActiveProcess @ 0x82073D22 -> HOOKED (Unknown @ 0x87734A50)
    SSDT[129] : NtDuplicateObject @ 0x82007551 -> HOOKED (Unknown @ 0x876B2C20)
    SSDT[156] : NtImpersonateAnonymousToken @ 0x81FC9F12 -> HOOKED (Unknown @ 0x874457D8)
    SSDT[158] : NtImpersonateThread @ 0x81FDF54F -> HOOKED (Unknown @ 0x874458B8)
    SSDT[165] : NtLoadDriver @ 0x81F7ADEE -> HOOKED (Unknown @ 0x872C9BE0)
    SSDT[177] : NtMapViewOfSection @ 0x8201F89A -> HOOKED (Unknown @ 0x876B2168)
    SSDT[184] : NtOpenEvent @ 0x82008DCF -> HOOKED (Unknown @ 0x87734E38)
    SSDT[194] : NtOpenProcess @ 0x8202FFAE -> HOOKED (Unknown @ 0x879AB2A8)
    SSDT[195] : NtOpenProcessToken @ 0x82010A2E -> HOOKED (Unknown @ 0x877B5250)
    SSDT[197] : NtOpenSection @ 0x8202066D -> HOOKED (Unknown @ 0x87734C78)
    SSDT[201] : NtOpenThread @ 0x8202B4FF -> HOOKED (Unknown @ 0x876B2D10)
    SSDT[282] : NtResumeThread @ 0x8202AB4A -> HOOKED (Unknown @ 0x87445B58)
    SSDT[289] : NtSetContextThread @ 0x820A206F -> HOOKED (Unknown @ 0x87445DF8)
    SSDT[305] : NtSetInformationProcess @ 0x820238C8 -> HOOKED (Unknown @ 0x87445ED8)
    SSDT[317] : NtSetSystemInformation @ 0x81FF5EEB -> HOOKED (Unknown @ 0x87734B30)
    SSDT[330] : NtSuspendProcess @ 0x820A24FF -> HOOKED (Unknown @ 0x87734D58)
    SSDT[331] : NtSuspendThread @ 0x81FA992B -> HOOKED (Unknown @ 0x87445C38)
    SSDT[335] : NtTerminateThread @ 0x8202B534 -> HOOKED (Unknown @ 0x87445D18)
    SSDT[348] : NtUnmapViewOfSection @ 0x8201FB5D -> HOOKED (Unknown @ 0x876B20C8)
    SSDT[382] : NtCreateThreadEx @ 0x8202AFE9 -> HOOKED (Unknown @ 0x87734780)
    S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x878C1390)
    S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x874861E8)
    S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x87490598)
    S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x874992E8)
    S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x874993A8)
    S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x87545120)
    S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x874904C8)
    S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x875451F0)
    S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x87912F38)
    S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x878BE2F0)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3320820AS +++++
    --- User ---
    [MBR] 70378d2462969e07ac87e57308d019d4
    [BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 298818 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 611980110 | Size: 6424 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 625137345 | Size: 2 Mo
    3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 625142432 | Size: 0 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  14. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-04 22:47:35
    -----------------------------
    22:47:35.667 OS Version: Windows 6.0.6002 Service Pack 2
    22:47:35.667 Number of processors: 2 586 0xF06
    22:47:35.667 ComputerName: BROCK-PC UserName: brock
    22:47:37.321 Initialize success
    22:49:01.346 AVAST engine defs: 12100500
    22:49:04.856 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:49:04.856 Disk 0 Vendor: ST332082 3.AH Size: 305245MB BusType: 3
    22:49:04.872 Disk 0 MBR read successfully
    22:49:04.888 Disk 0 MBR scan
    22:49:04.888 Disk 0 unknown MBR code
    22:49:04.888 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 298818 MB offset 63
    22:49:04.919 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6424 MB offset 611980110
    22:49:04.919 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 625137345
    22:49:04.981 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 0 MB offset 625142432
    22:49:04.997 Disk 0 scanning sectors +625142448
    22:49:05.153 Disk 0 scanning C:\Windows\system32\drivers
    22:49:20.764 Service scanning
    22:49:45.573 Modules scanning
    22:49:53.826 Disk 0 trace - called modules:
    22:49:53.873 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    22:49:53.873 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860b29c0]
    22:49:53.873 3 CLASSPNP.SYS[887a48b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8446f030]
    22:49:55.214 AVAST engine scan C:\Windows
    22:49:58.334 AVAST engine scan C:\Windows\system32
    22:53:39.378 AVAST engine scan C:\Windows\system32\drivers
    22:53:57.978 AVAST engine scan C:\Users\brock
    23:21:43.415 AVAST engine scan C:\ProgramData
    23:29:45.408 Scan finished successfully
    23:30:04.471 Disk 0 MBR has been saved successfully to "C:\Users\brock\Desktop\MBR.dat"
    23:30:04.487 The log file has been saved successfully to "C:\Users\brock\Desktop\aswMBR.txt"
     
  15. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    For x86 (x32) bit systems please download Listparts
    For x64 bit systems please download Listparts64

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  16. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    ListParts by Farbar Version: 02-10-2012
    Ran by brock (administrator) on 04-10-2012 at 23:47:20
    Windows Vista (X86)
    Running From: C:\Users\brock\Downloads
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 64%
    Total physical RAM: 2037.77 MB
    Available physical RAM: 728.09 MB
    Total Pagefile: 4320.8 MB
    Available Pagefile: 2635.7 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1965.26 MB

    ======================= Partitions =========================

    1 Drive c: (HP) (Fixed) (Total:291.81 GB) (Free:205.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (Recovery) (Fixed) (Total:6.27 GB) (Free:0.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 292 GB 32 KB
    Partition 2 Primary 6424 MB 292 GB
    Partition 3 Primary 2544 KB 298 GB
    Partition 4 Primary 8 KB 298 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C HP NTFS Partition 292 GB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Recovery NTFS Partition 6424 MB Healthy

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 0
    Partition 4
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    ****** End Of Log ******
     
  17. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  18. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    I'm having a problem with this last step. I disable all the programs and things that are listed and start running Combofix. A couple minutes after opening Combofix, my computer restarts itself and comes to the screen that says windows was not shut down properly. I don't know where the log is if it was even made. Kinda stuck.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Run it from safe mode.
     
  20. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    Ok, I want to get this right. Reboot in safe mode then follow the original instructions?
     
  21. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Only to run TFC.
    Run Eset in normal mode.
     
  22. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    Ok, so I ran Combofix in safe mode.

    ComboFix 12-10-04.02 - brock 10/06/2012 0:56.4.2 - x86 MINIMAL
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1643 [GMT -4:00]
    Running from: c:\users\brock\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\users\brock\AppData\Roaming\inst.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-06 05:05 . 2012-10-06 05:05--------d-----w-c:\users\brock\AppData\Local\temp
    2012-10-06 05:05 . 2012-10-06 05:05--------d-----w-c:\users\Mcx1\AppData\Local\temp
    2012-10-06 05:05 . 2012-10-06 05:05--------d-----w-c:\users\IUSR_NMPR\AppData\Local\temp
    2012-10-06 05:05 . 2012-10-06 05:05--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-06 03:58 . 2012-09-19 04:596980552----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{84F2BDAA-A9EC-41AC-88AD-644E092483BE}\mpengine.dll
    2012-10-05 05:08 . 2012-10-05 05:08--------d-----w-c:\users\brock\AppData\Local\CrashDumps
    2012-10-04 22:28 . 2012-10-04 22:28--------d-----w-c:\users\brock\AppData\Roaming\Malwarebytes
    2012-10-04 22:27 . 2012-10-04 22:27--------d-----w-c:\programdata\Malwarebytes
    2012-10-04 22:27 . 2012-10-04 22:28--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-10-04 22:27 . 2012-09-07 21:0422856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-10-04 16:23 . 2012-10-05 05:10--------d-----w-c:\programdata\AVAST Software
    2012-10-04 16:23 . 2012-10-04 16:23--------d-----w-c:\program files\AVAST Software
    2012-10-03 06:30 . 2012-10-03 06:30--------d-----w-c:\program files\ESET
    2012-10-03 06:28 . 2012-10-03 06:29--------d-----w-C:\TDSSKiller_Quarantine
    2012-09-30 16:27 . 2012-09-30 16:27--------d-----w-c:\windows\system32\N360_BACKUP
    2012-09-30 14:05 . 2012-09-30 14:05--------d-----w-c:\programdata\NortonInstaller
    2012-09-27 15:26 . 2012-09-27 15:26--------d-----w-c:\users\brock\AppData\Local\Windows Live
    2012-09-27 15:26 . 2012-09-27 15:26--------d-----w-c:\program files\Common Files\Windows Live
    2012-09-19 22:29 . 2012-09-19 22:29--------d-----w-c:\program files\Jnes
    2012-09-14 05:05 . 2012-08-21 17:0126840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-14 05:04 . 2012-09-14 05:04--------d-----w-c:\program files\iPod
    2012-09-14 05:04 . 2012-09-14 05:05--------d-----w-c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-14 05:04 . 2012-09-14 05:05--------d-----w-c:\program files\iTunes
    2012-09-08 16:26 . 2012-09-08 16:2693672----a-w-c:\windows\system32\WindowsAccessBridge.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-08 16:26 . 2012-07-07 15:23821736----a-w-c:\windows\system32\npDeployJava1.dll
    2012-09-08 16:26 . 2010-05-10 01:40746984----a-w-c:\windows\system32\deployJava1.dll
    2012-08-29 21:39 . 2012-04-13 03:43696520----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-08-29 21:39 . 2011-05-18 23:0673416----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-23 15:22 . 2007-10-01 09:42348160----a-w-c:\windows\system32\msvcr71.dll
    2012-08-23 15:22 . 2007-10-01 09:42499712----a-w-c:\windows\system32\msvcp71.dll
    2012-08-21 17:01 . 2010-03-13 06:45106928----a-w-c:\windows\system32\GEARAspi.dll
    2012-07-09 17:42 . 2012-07-09 17:424547984----a-w-c:\windows\system32\usbaaplrc.dll
    2012-07-09 17:42 . 2012-07-09 17:4244032----a-w-c:\windows\system32\drivers\usbaapl.sys
    2012-09-06 01:27 . 2012-09-09 17:10266720----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-23 296096]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
    Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 18:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ECACHE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 21:39]
    .
    2012-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083133115-3377555592-1284217255-1001Core.job
    - c:\users\brock\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-27 19:28]
    .
    2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083133115-3377555592-1284217255-1001UA.job
    - c:\users\brock\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-27 19:28]
    .
    2012-10-06 c:\windows\Tasks\User_Feed_Synchronization-{46C19C9A-26A1-435A-AF07-C0A755687A16}.job
    - c:\windows\system32\msfeedssync.exe [2008-07-04 07:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: AOL &Dictionary Search - file:///c:\program files\Common Files\aol\AOLSearch/AOLDictionary.htm
    IE: AOL &Thesaurus Search - file:///c:\program files\Common Files\aol\AOLSearch/AOLThesauras.htm
    IE: AOL &Video Search - file:///c:\program files\Common Files\aol\AOLSearch/AOLVideo.htm
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\brock\AppData\Roaming\Mozilla\Firefox\Profiles\etr2fqqs.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-06 01:05
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2012-10-06 01:06:35
    ComboFix-quarantined-files.txt 2012-10-06 05:06
    ComboFix2.txt 2012-10-05 05:40
    .
    Pre-Run: 216,307,937,280 bytes free
    Post-Run: 216,215,240,704 bytes free
    .
    - - End Of File - - 225E0B73D2177488F91554E72ED2666C
     
  23. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Looks good.

    Any current issues?

    =========================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  24. Brockr11

    Brockr11 TS Rookie Topic Starter Posts: 26

    There doesn't seem to be any issues at the moment.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.