Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.happili [Solved]

Started by Rtermite , Nov 09 2012 11:36 AM

  • This topic is locked This topic is locked

#16
Rtermite
Posted 12 November 2012 - 03:47 PM

Rtermite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Will do and will run aswMBR after it, thanks
  • 0

Advertisements

#17
Rtermite
Posted 12 November 2012 - 05:06 PM

Rtermite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ran TDSSKiller and let it write standard boot code and rebooted when it asked me to. It keeps finding Pihar.c upon next scan.
Ran aswMBR, here's one log from aswMBR and two from TDSSKiller from 2 seperate runs.

aswMBR1.txt

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-12 17:05:14
-----------------------------
17:05:14.843 OS Version: Windows 5.1.2600 Service Pack 3
17:05:14.843 Number of processors: 2 586 0x209
17:05:14.843 ComputerName: BOBSCOMPUTER UserName: Robert Hotte
17:05:17.281 Initialize success
17:06:53.750 AVAST engine defs: 12111201
17:07:10.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:07:10.328 Disk 0 Vendor: WDC_WD1600JB-00EVA0 15.05R15 Size: 152627MB BusType: 3
17:07:10.328 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e
17:07:10.328 Disk 1 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
17:07:10.343 Disk 0 MBR read successfully
17:07:10.343 Disk 0 MBR scan
17:07:10.375 Disk 0 Windows XP default MBR code
17:07:10.375 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 152617 MB offset 63
17:07:10.375 Disk 0 scanning sectors +312560640
17:07:10.453 Disk 0 scanning J:\WINDOWS\system32\drivers
17:07:26.515 Service scanning
17:07:44.953 Modules scanning
17:07:53.328 Disk 0 trace - called modules:
17:07:53.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
17:07:53.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a60aab8]
17:07:53.843 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000084[0x8a620f18]
17:07:53.843 5 ACPI.sys[f7552620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a66ed98]
17:07:53.843 \Driver\atapi[0x8a6219f8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf7717d60]
17:07:54.812 AVAST engine scan J:\WINDOWS
17:08:15.640 Disk 0 MBR has been saved successfully to "J:\Documents and Settings\Robert Hotte\Desktop\MBR.dat"
17:08:15.656 The log file has been saved successfully to "J:\Documents and Settings\Robert Hotte\Desktop\aswMBR.txt"
17:08:20.296 AVAST engine scan J:\WINDOWS\system32
17:12:46.578 AVAST engine scan J:\WINDOWS\system32\drivers
17:13:21.156 AVAST engine scan J:\Documents and Settings\Robert Hotte
17:21:50.812 AVAST engine scan J:\Documents and Settings\All Users
17:24:54.343 Scan finished successfully
17:26:37.562 Disk 0 MBR has been saved successfully to "J:\Documents and Settings\Robert Hotte\Desktop\MBR.dat"
17:26:37.562 The log file has been saved successfully to "J:\Documents and Settings\Robert Hotte\Desktop\aswMBR1.txt"

TDSSKiller.txt @16:59

16:59:13.0296 3120 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:59:13.0875 3120 ============================================================
16:59:13.0875 3120 Current date / time: 2012/11/12 16:59:13.0875
16:59:13.0875 3120 SystemInfo:
16:59:13.0875 3120
16:59:13.0875 3120 OS Version: 5.1.2600 ServicePack: 3.0
16:59:13.0875 3120 Product type: Workstation
16:59:13.0875 3120 ComputerName: BOBSCOMPUTER
16:59:13.0875 3120 UserName: Robert Hotte
16:59:13.0875 3120 Windows directory: J:\WINDOWS
16:59:13.0875 3120 System windows directory: J:\WINDOWS
16:59:13.0875 3120 Processor architecture: Intel x86
16:59:13.0875 3120 Number of processors: 2
16:59:13.0875 3120 Page size: 0x1000
16:59:13.0875 3120 Boot type: Normal boot
16:59:13.0875 3120 ============================================================
16:59:15.0796 3120 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:59:15.0828 3120 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:59:15.0843 3120 ============================================================
16:59:15.0843 3120 \Device\Harddisk0\DR0:
16:59:15.0843 3120 MBR partitions:
16:59:15.0843 3120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
16:59:15.0843 3120 \Device\Harddisk1\DR1:
16:59:15.0843 3120 MBR partitions:
16:59:15.0843 3120 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
16:59:15.0843 3120 ============================================================
16:59:15.0859 3120 C: <-> \Device\Harddisk0\DR0\Partition1
16:59:15.0906 3120 J: <-> \Device\Harddisk1\DR1\Partition1
16:59:15.0906 3120 ============================================================
16:59:15.0906 3120 Initialize success
16:59:15.0906 3120 ============================================================
16:59:34.0359 3824 ============================================================
16:59:34.0359 3824 Scan started
16:59:34.0359 3824 Mode: Manual;
16:59:34.0359 3824 ============================================================
16:59:34.0562 3824 ================ Scan system memory ========================
16:59:34.0562 3824 System memory - ok
16:59:34.0562 3824 ================ Scan services =============================
16:59:34.0687 3824 [ 2A8681AEA24003040CA7D677BE9F1702 ] 09378049 J:\WINDOWS\system32\drivers\24730941.sys
16:59:34.0703 3824 09378049 - ok
16:59:34.0718 3824 Abiosdsk - ok
16:59:34.0718 3824 abp480n5 - ok
16:59:34.0781 3824 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI J:\WINDOWS\system32\DRIVERS\ACPI.sys
16:59:34.0781 3824 ACPI - ok
16:59:34.0828 3824 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC J:\WINDOWS\system32\drivers\ACPIEC.sys
16:59:34.0843 3824 ACPIEC - ok
16:59:34.0859 3824 adpu160m - ok
16:59:34.0921 3824 [ 8BED39E3C35D6A489438B8141717A557 ] aec J:\WINDOWS\system32\drivers\aec.sys
16:59:34.0921 3824 aec - ok
16:59:34.0953 3824 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD J:\WINDOWS\System32\drivers\afd.sys
16:59:34.0953 3824 AFD - ok
16:59:34.0968 3824 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 J:\WINDOWS\system32\DRIVERS\agp440.sys
16:59:34.0968 3824 agp440 - ok
16:59:34.0984 3824 Aha154x - ok
16:59:34.0984 3824 aic78u2 - ok
16:59:35.0000 3824 aic78xx - ok
16:59:35.0046 3824 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter J:\WINDOWS\system32\alrsvc.dll
16:59:35.0046 3824 Alerter - ok
16:59:35.0062 3824 [ 8C515081584A38AA007909CD02020B3D ] ALG J:\WINDOWS\System32\alg.exe
16:59:35.0062 3824 ALG - ok
16:59:35.0062 3824 AliIde - ok
16:59:35.0078 3824 amsint - ok
16:59:35.0125 3824 [ 8D3A55F7B7BE6B374479E5195F477226 ] AnyDVD J:\WINDOWS\system32\Drivers\AnyDVD.sys
16:59:35.0140 3824 AnyDVD - ok
16:59:35.0187 3824 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt J:\WINDOWS\System32\appmgmts.dll
16:59:35.0187 3824 AppMgmt - ok
16:59:35.0203 3824 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 J:\WINDOWS\system32\DRIVERS\arp1394.sys
16:59:35.0218 3824 Arp1394 - ok
16:59:35.0218 3824 asc - ok
16:59:35.0234 3824 asc3350p - ok
16:59:35.0234 3824 asc3550 - ok
16:59:35.0328 3824 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state J:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:59:35.0453 3824 aspnet_state - ok
16:59:35.0500 3824 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac J:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:59:35.0500 3824 AsyncMac - ok
16:59:35.0515 3824 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi J:\WINDOWS\system32\DRIVERS\atapi.sys
16:59:35.0515 3824 atapi - ok
16:59:35.0531 3824 Atdisk - ok
16:59:35.0562 3824 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc J:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:59:35.0562 3824 Atmarpc - ok
16:59:35.0625 3824 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv J:\WINDOWS\System32\audiosrv.dll
16:59:35.0625 3824 AudioSrv - ok
16:59:35.0656 3824 [ D9F724AA26C010A217C97606B160ED68 ] audstub J:\WINDOWS\system32\DRIVERS\audstub.sys
16:59:35.0656 3824 audstub - ok
16:59:35.0703 3824 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep J:\WINDOWS\system32\drivers\Beep.sys
16:59:35.0703 3824 Beep - ok
16:59:35.0937 3824 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 J:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
16:59:35.0953 3824 BHDrvx86 - ok
16:59:35.0984 3824 [ 574738F61FCA2935F5265DC4E5691314 ] BITS J:\WINDOWS\system32\qmgr.dll
16:59:36.0109 3824 BITS - ok
16:59:36.0125 3824 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser J:\WINDOWS\System32\browser.dll
16:59:36.0140 3824 Browser - ok
16:59:36.0187 3824 catchme - ok
16:59:36.0250 3824 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k J:\WINDOWS\system32\drivers\cbidf2k.sys
16:59:36.0265 3824 cbidf2k - ok
16:59:36.0281 3824 cd20xrnt - ok
16:59:36.0343 3824 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio J:\WINDOWS\system32\drivers\Cdaudio.sys
16:59:36.0343 3824 Cdaudio - ok
16:59:36.0390 3824 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs J:\WINDOWS\system32\drivers\Cdfs.sys
16:59:36.0390 3824 Cdfs - ok
16:59:36.0421 3824 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom J:\WINDOWS\system32\DRIVERS\cdrom.sys
16:59:36.0421 3824 Cdrom - ok
16:59:36.0437 3824 Changer - ok
16:59:36.0500 3824 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc J:\WINDOWS\system32\cisvc.exe
16:59:36.0515 3824 CiSvc - ok
16:59:36.0562 3824 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv J:\WINDOWS\system32\clipsrv.exe
16:59:36.0562 3824 ClipSrv - ok
16:59:36.0593 3824 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 J:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:59:36.0625 3824 clr_optimization_v2.0.50727_32 - ok
16:59:36.0718 3824 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 J:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:59:36.0734 3824 clr_optimization_v4.0.30319_32 - ok
16:59:36.0734 3824 CmdIde - ok
16:59:36.0796 3824 [ 22F8692FD3E017EAD334945B3199B0E3 ] COMMONFX J:\WINDOWS\system32\drivers\COMMONFX.SYS
16:59:36.0812 3824 COMMONFX - ok
16:59:36.0828 3824 [ 22F8692FD3E017EAD334945B3199B0E3 ] COMMONFX.SYS J:\WINDOWS\System32\drivers\COMMONFX.SYS
16:59:36.0828 3824 COMMONFX.SYS - ok
16:59:36.0843 3824 COMSysApp - ok
16:59:36.0859 3824 Cpqarray - ok
16:59:36.0953 3824 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service J:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
16:59:36.0968 3824 Creative Audio Engine Licensing Service - ok
16:59:37.0031 3824 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc J:\WINDOWS\System32\cryptsvc.dll
16:59:37.0031 3824 CryptSvc - ok
16:59:37.0171 3824 [ AA7E939BC07965A807C6AC2F1D4D22B7 ] ctac32k J:\WINDOWS\system32\drivers\ctac32k.sys
16:59:37.0187 3824 ctac32k - ok
16:59:37.0265 3824 [ 79E7ABBF928D8A8002EBBA0985905DC1 ] ctaud2k J:\WINDOWS\system32\drivers\ctaud2k.sys
16:59:37.0265 3824 ctaud2k - ok
16:59:37.0328 3824 [ 6D98048890B44191E0DAED4639A9F18C ] CTAUDFX J:\WINDOWS\system32\drivers\CTAUDFX.SYS
16:59:37.0359 3824 CTAUDFX - ok
16:59:37.0390 3824 [ 6D98048890B44191E0DAED4639A9F18C ] CTAUDFX.SYS J:\WINDOWS\System32\drivers\CTAUDFX.SYS
16:59:37.0390 3824 CTAUDFX.SYS - ok
16:59:37.0453 3824 [ 645EC8749BBBA7E991A72BFAC2E14AA7 ] CTAudSvcService J:\Program Files\Creative\Shared Files\CTAudSvc.exe
16:59:37.0453 3824 CTAudSvcService - ok
16:59:37.0484 3824 [ A216C8698C4406A031AF6F867AFE4F92 ] ctdvda2k J:\WINDOWS\system32\drivers\ctdvda2k.sys
16:59:40.0500 3824 ctdvda2k - ok
16:59:40.0531 3824 [ 5192225E2ADFD36D0FC7D61B8E0BAE87 ] CTERFXFX J:\WINDOWS\system32\drivers\CTERFXFX.SYS
16:59:40.0593 3824 CTERFXFX - ok
16:59:40.0593 3824 [ 5192225E2ADFD36D0FC7D61B8E0BAE87 ] CTERFXFX.SYS J:\WINDOWS\System32\drivers\CTERFXFX.SYS
16:59:40.0609 3824 CTERFXFX.SYS - ok
16:59:40.0625 3824 [ B13DF6FF4547A7629413B20262DA385A ] ctgame J:\WINDOWS\system32\DRIVERS\ctgame.sys
16:59:40.0640 3824 ctgame - ok
16:59:40.0656 3824 [ CE3395B054B641E454C8861020FF1D82 ] ctprxy2k J:\WINDOWS\system32\drivers\ctprxy2k.sys
16:59:40.0671 3824 ctprxy2k - ok
16:59:40.0703 3824 [ 8750C640D3068861117FA9166B8AECDE ] CTSBLFX J:\WINDOWS\system32\drivers\CTSBLFX.SYS
16:59:40.0718 3824 CTSBLFX - ok
16:59:40.0734 3824 [ 8750C640D3068861117FA9166B8AECDE ] CTSBLFX.SYS J:\WINDOWS\System32\drivers\CTSBLFX.SYS
16:59:40.0750 3824 CTSBLFX.SYS - ok
16:59:40.0796 3824 [ 01B9017D05D82B6FBCD5CECCE93F3AA7 ] ctsfm2k J:\WINDOWS\system32\drivers\ctsfm2k.sys
16:59:41.0171 3824 ctsfm2k - ok
16:59:41.0187 3824 dac2w2k - ok
16:59:41.0187 3824 dac960nt - ok
16:59:41.0265 3824 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch J:\WINDOWS\system32\rpcss.dll
16:59:41.0265 3824 DcomLaunch - ok
16:59:41.0281 3824 DgiVecp - ok
16:59:41.0328 3824 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp J:\WINDOWS\System32\dhcpcsvc.dll
16:59:41.0328 3824 Dhcp - ok
16:59:41.0390 3824 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk J:\WINDOWS\system32\DRIVERS\disk.sys
16:59:41.0390 3824 Disk - ok
16:59:41.0406 3824 dmadmin - ok
16:59:41.0437 3824 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot J:\WINDOWS\system32\drivers\dmboot.sys
16:59:41.0468 3824 dmboot - ok
16:59:41.0531 3824 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio J:\WINDOWS\system32\drivers\dmio.sys
16:59:41.0531 3824 dmio - ok
16:59:41.0562 3824 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload J:\WINDOWS\system32\drivers\dmload.sys
16:59:41.0578 3824 dmload - ok
16:59:41.0578 3824 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver J:\WINDOWS\System32\dmserver.dll
16:59:41.0578 3824 dmserver - ok
16:59:41.0609 3824 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic J:\WINDOWS\system32\drivers\DMusic.sys
16:59:41.0609 3824 DMusic - ok
16:59:41.0640 3824 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache J:\WINDOWS\System32\dnsrslvr.dll
16:59:41.0640 3824 Dnscache - ok
16:59:41.0687 3824 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc J:\WINDOWS\System32\dot3svc.dll
16:59:41.0687 3824 Dot3svc - ok
16:59:41.0703 3824 dpti2o - ok
16:59:41.0718 3824 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud J:\WINDOWS\system32\drivers\drmkaud.sys
16:59:41.0718 3824 drmkaud - ok
16:59:41.0750 3824 [ 2476936F4994E9084CCFE75ED4F6226A ] E1000 J:\WINDOWS\system32\DRIVERS\e1000325.sys
16:59:41.0750 3824 E1000 - ok
16:59:41.0796 3824 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost J:\WINDOWS\System32\eapsvc.dll
16:59:41.0796 3824 EapHost - ok
16:59:41.0843 3824 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl J:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:59:41.0843 3824 eeCtrl - ok
16:59:41.0875 3824 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL J:\WINDOWS\system32\Drivers\ElbyCDFL.sys
16:59:41.0890 3824 ElbyCDFL - ok
16:59:41.0921 3824 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO J:\WINDOWS\system32\Drivers\ElbyCDIO.sys
16:59:41.0921 3824 ElbyCDIO - ok
16:59:41.0953 3824 [ 71B09041642DE925E6150EB525DCC3BF ] emupia J:\WINDOWS\system32\drivers\emupia2k.sys
16:59:41.0953 3824 emupia - ok
16:59:42.0000 3824 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv J:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:59:42.0000 3824 EraserUtilRebootDrv - ok
16:59:42.0046 3824 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc J:\WINDOWS\System32\ersvc.dll
16:59:42.0046 3824 ERSvc - ok
16:59:42.0093 3824 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog J:\WINDOWS\system32\services.exe
16:59:42.0093 3824 Eventlog - ok
16:59:42.0156 3824 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem J:\WINDOWS\System32\es.dll
16:59:42.0156 3824 EventSystem - ok
16:59:42.0171 3824 [ 38D332A6D56AF32635675F132548343E ] Fastfat J:\WINDOWS\system32\drivers\Fastfat.sys
16:59:42.0171 3824 Fastfat - ok
16:59:42.0218 3824 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility J:\WINDOWS\System32\shsvcs.dll
16:59:42.0218 3824 FastUserSwitchingCompatibility - ok
16:59:42.0250 3824 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc J:\WINDOWS\system32\DRIVERS\fdc.sys
16:59:42.0250 3824 Fdc - ok
16:59:42.0296 3824 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips J:\WINDOWS\system32\drivers\Fips.sys
16:59:42.0296 3824 Fips - ok
16:59:42.0296 3824 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk J:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:59:42.0312 3824 Flpydisk - ok
16:59:42.0343 3824 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr J:\WINDOWS\system32\drivers\fltmgr.sys
16:59:42.0375 3824 FltMgr - ok
16:59:42.0468 3824 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 j:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:59:42.0468 3824 FontCache3.0.0.0 - ok
16:59:42.0515 3824 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk J:\WINDOWS\system32\FsUsbExDisk.SYS
16:59:42.0515 3824 FsUsbExDisk - ok
16:59:42.0531 3824 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService J:\WINDOWS\system32\FsUsbExService.Exe
16:59:42.0546 3824 FsUsbExService - ok
16:59:42.0562 3824 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec J:\WINDOWS\system32\drivers\Fs_Rec.sys
16:59:42.0562 3824 Fs_Rec - ok
16:59:42.0578 3824 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk J:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:59:42.0578 3824 Ftdisk - ok
16:59:42.0593 3824 [ 72FE2BEA6863D4EB93442A1C4FB5CA48 ] GcKernel J:\WINDOWS\system32\DRIVERS\GcKernel.sys
16:59:42.0609 3824 GcKernel - ok
16:59:42.0625 3824 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM J:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:59:42.0640 3824 GEARAspiWDM - ok
16:59:42.0687 3824 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc J:\WINDOWS\system32\DRIVERS\msgpc.sys
16:59:42.0687 3824 Gpc - ok
16:59:42.0718 3824 [ 2E37C43FB534F1D85DCF552D5B2AF9BA ] ha10kx2k J:\WINDOWS\system32\drivers\ha10kx2k.sys
16:59:42.0750 3824 ha10kx2k - ok
16:59:42.0765 3824 [ 607B73DC2A69A98C7F10B5702D947319 ] hap16v2k J:\WINDOWS\system32\drivers\hap16v2k.sys
16:59:42.0781 3824 hap16v2k - ok
16:59:42.0796 3824 [ F674EEAA2D1ED14606AEDFED65C34893 ] hap17v2k J:\WINDOWS\system32\drivers\hap17v2k.sys
16:59:42.0812 3824 hap17v2k - ok
16:59:42.0937 3824 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc J:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:59:42.0937 3824 helpsvc - ok
16:59:42.0937 3824 HidServ - ok
16:59:43.0000 3824 [ BD205320308FB41C88A4049A2D1764B4 ] HIDSwvd J:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
16:59:43.0000 3824 HIDSwvd - ok
16:59:43.0015 3824 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb J:\WINDOWS\system32\DRIVERS\hidusb.sys
16:59:43.0015 3824 hidusb - ok
16:59:43.0062 3824 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc J:\WINDOWS\System32\kmsvc.dll
16:59:43.0062 3824 hkmsvc - ok
16:59:43.0078 3824 hpn - ok
16:59:43.0125 3824 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP J:\WINDOWS\system32\Drivers\HTTP.sys
16:59:43.0125 3824 HTTP - ok
16:59:43.0171 3824 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter J:\WINDOWS\System32\w3ssl.dll
16:59:43.0171 3824 HTTPFilter - ok
16:59:43.0187 3824 i2omgmt - ok
16:59:43.0187 3824 i2omp - ok
16:59:43.0234 3824 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt J:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:59:43.0234 3824 i8042prt - ok
16:59:43.0296 3824 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc J:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:59:43.0312 3824 idsvc - ok
16:59:43.0421 3824 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 J:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121109.001\IDSxpx86.sys
16:59:43.0421 3824 IDSxpx86 - ok
16:59:43.0453 3824 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi J:\WINDOWS\system32\DRIVERS\imapi.sys
16:59:43.0453 3824 Imapi - ok
16:59:43.0500 3824 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService J:\WINDOWS\system32\imapi.exe
16:59:43.0500 3824 ImapiService - ok
16:59:43.0515 3824 ini910u - ok
16:59:43.0531 3824 IntelIde - ok
16:59:43.0562 3824 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm J:\WINDOWS\system32\DRIVERS\intelppm.sys
16:59:43.0562 3824 intelppm - ok
16:59:43.0578 3824 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw J:\WINDOWS\system32\drivers\ip6fw.sys
16:59:43.0578 3824 ip6fw - ok
16:59:43.0593 3824 IPFilter - ok
16:59:43.0609 3824 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver J:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:59:43.0609 3824 IpFilterDriver - ok
16:59:43.0625 3824 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp J:\WINDOWS\system32\DRIVERS\ipinip.sys
16:59:43.0625 3824 IpInIp - ok
16:59:43.0656 3824 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat J:\WINDOWS\system32\DRIVERS\ipnat.sys
16:59:43.0671 3824 IpNat - ok
16:59:43.0687 3824 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec J:\WINDOWS\system32\DRIVERS\ipsec.sys
16:59:43.0687 3824 IPSec - ok
16:59:43.0718 3824 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM J:\WINDOWS\system32\DRIVERS\irenum.sys
16:59:43.0718 3824 IRENUM - ok
16:59:43.0734 3824 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp J:\WINDOWS\system32\DRIVERS\isapnp.sys
16:59:43.0734 3824 isapnp - ok
16:59:43.0828 3824 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService J:\java\jre6\bin\jqs.exe
16:59:43.0828 3824 JavaQuickStarterService - ok
16:59:43.0843 3824 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass J:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:59:43.0843 3824 Kbdclass - ok
16:59:43.0875 3824 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid J:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:59:43.0875 3824 kbdhid - ok
16:59:43.0906 3824 [ 692BCF44383D056AED41B045A323D378 ] kmixer J:\WINDOWS\system32\drivers\kmixer.sys
16:59:43.0906 3824 kmixer - ok
16:59:43.0937 3824 [ B467646C54CC746128904E1654C750C1 ] KSecDD J:\WINDOWS\system32\drivers\KSecDD.sys
16:59:43.0937 3824 KSecDD - ok
16:59:43.0968 3824 [ 4103DBB6CAA85E40D271C1AD12BBF776 ] L8042pr2 J:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
16:59:43.0968 3824 L8042pr2 - ok
16:59:44.0015 3824 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver J:\WINDOWS\System32\srvsvc.dll
16:59:44.0015 3824 lanmanserver - ok
16:59:44.0109 3824 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation J:\WINDOWS\System32\wkssvc.dll
16:59:44.0109 3824 lanmanworkstation - ok
16:59:44.0109 3824 lbrtfdc - ok
16:59:44.0156 3824 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts J:\WINDOWS\System32\lmhsvc.dll
16:59:44.0156 3824 LmHosts - ok
16:59:44.0187 3824 [ B666F835C18974F392A387C6E863072F ] LMouFlt2 J:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
16:59:44.0187 3824 LMouFlt2 - ok
16:59:44.0218 3824 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector J:\WINDOWS\system32\drivers\mbam.sys
16:59:44.0218 3824 MBAMProtector - ok
16:59:44.0281 3824 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler J:\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:59:44.0281 3824 MBAMScheduler - ok
16:59:44.0343 3824 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService J:\Malwarebytes' Anti-Malware\mbamservice.exe
16:59:44.0375 3824 MBAMService - ok
16:59:44.0406 3824 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger J:\WINDOWS\System32\msgsvc.dll
16:59:44.0406 3824 Messenger - ok
16:59:44.0453 3824 [ BAFDD5E28BAEA99D7F4772AF2F5EC7EE ] mfeavfk J:\WINDOWS\system32\drivers\mfeavfk.sys
16:59:44.0453 3824 mfeavfk - ok
16:59:44.0468 3824 [ 1D003E3056A43D881597D6763E83B943 ] mfebopk J:\WINDOWS\system32\drivers\mfebopk.sys
16:59:44.0468 3824 mfebopk - ok
16:59:44.0500 3824 [ 3F138A1C8A0659F329F242D1E389B2CF ] mfehidk J:\WINDOWS\system32\drivers\mfehidk.sys
16:59:44.0500 3824 mfehidk - ok
16:59:44.0546 3824 [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk J:\WINDOWS\system32\drivers\mferkdk.sys
16:59:44.0546 3824 mferkdk - ok
16:59:44.0562 3824 [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk J:\WINDOWS\system32\drivers\mfesmfk.sys
16:59:44.0625 3824 mfesmfk - ok
16:59:44.0718 3824 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service J:\Microsoft Office\Office12\GrooveAuditService.exe
16:59:44.0734 3824 Microsoft Office Groove Audit Service - ok
16:59:44.0765 3824 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd J:\WINDOWS\system32\drivers\mnmdd.sys
16:59:44.0765 3824 mnmdd - ok
16:59:44.0796 3824 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc J:\WINDOWS\System32\mnmsrvc.exe
16:59:44.0812 3824 mnmsrvc - ok
16:59:44.0828 3824 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem J:\WINDOWS\system32\drivers\Modem.sys
16:59:44.0828 3824 Modem - ok
16:59:44.0843 3824 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass J:\WINDOWS\system32\DRIVERS\mouclass.sys
16:59:44.0843 3824 Mouclass - ok
16:59:44.0859 3824 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr J:\WINDOWS\system32\drivers\MountMgr.sys
16:59:44.0859 3824 MountMgr - ok
16:59:44.0859 3824 mraid35x - ok
16:59:44.0875 3824 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV J:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:59:44.0875 3824 MRxDAV - ok
16:59:44.0921 3824 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb J:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:59:44.0953 3824 MRxSmb - ok
16:59:45.0000 3824 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC J:\WINDOWS\System32\msdtc.exe
16:59:45.0000 3824 MSDTC - ok
16:59:45.0015 3824 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs J:\WINDOWS\system32\drivers\Msfs.sys
16:59:45.0031 3824 Msfs - ok
16:59:45.0031 3824 MSIServer - ok
16:59:45.0093 3824 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV J:\WINDOWS\system32\drivers\MSKSSRV.sys
16:59:45.0093 3824 MSKSSRV - ok
16:59:45.0140 3824 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK J:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:59:45.0140 3824 MSPCLOCK - ok
16:59:45.0156 3824 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM J:\WINDOWS\system32\drivers\MSPQM.sys
16:59:45.0156 3824 MSPQM - ok
16:59:45.0171 3824 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios J:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:59:45.0187 3824 mssmbios - ok
16:59:45.0203 3824 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup J:\WINDOWS\system32\drivers\Mup.sys
16:59:45.0203 3824 Mup - ok
16:59:45.0250 3824 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 J:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
16:59:45.0250 3824 N360 - ok
16:59:45.0312 3824 [ 0102140028FAD045756796E1C685D695 ] napagent J:\WINDOWS\System32\qagentrt.dll
16:59:45.0312 3824 napagent - ok
16:59:45.0406 3824 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG J:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121111.008\NAVENG.SYS
16:59:45.0406 3824 NAVENG - ok
16:59:45.0453 3824 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 J:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121111.008\NAVEX15.SYS
16:59:45.0468 3824 NAVEX15 - ok
16:59:45.0500 3824 [ 1DF7F42665C94B825322FAE71721130D ] NDIS J:\WINDOWS\system32\drivers\NDIS.sys
16:59:45.0500 3824 NDIS - ok
16:59:45.0546 3824 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi J:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:59:45.0546 3824 NdisTapi - ok
16:59:45.0593 3824 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio J:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:59:45.0593 3824 Ndisuio - ok
16:59:45.0609 3824 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan J:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:59:45.0609 3824 NdisWan - ok
16:59:45.0625 3824 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy J:\WINDOWS\system32\drivers\NDProxy.sys
16:59:45.0625 3824 NDProxy - ok
16:59:45.0640 3824 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS J:\WINDOWS\system32\DRIVERS\netbios.sys
16:59:45.0640 3824 NetBIOS - ok
16:59:45.0687 3824 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT J:\WINDOWS\system32\DRIVERS\netbt.sys
16:59:45.0687 3824 NetBT - ok
16:59:45.0734 3824 [ B857BA82860D7FF85AE29B095645563B ] NetDDE J:\WINDOWS\system32\netdde.exe
16:59:45.0734 3824 NetDDE - ok
16:59:45.0750 3824 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm J:\WINDOWS\system32\netdde.exe
16:59:45.0750 3824 NetDDEdsdm - ok
16:59:45.0765 3824 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon J:\WINDOWS\system32\lsass.exe
16:59:45.0765 3824 Netlogon - ok
16:59:45.0828 3824 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman J:\WINDOWS\System32\netman.dll
16:59:45.0828 3824 Netman - ok
16:59:45.0875 3824 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing J:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:59:45.0875 3824 NetTcpPortSharing - ok
16:59:45.0906 3824 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 J:\WINDOWS\system32\DRIVERS\nic1394.sys
16:59:45.0906 3824 NIC1394 - ok
16:59:45.0953 3824 [ 943337D786A56729263071623BBB9DE5 ] Nla J:\WINDOWS\System32\mswsock.dll
16:59:45.0953 3824 Nla - ok
16:59:45.0968 3824 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs J:\WINDOWS\system32\drivers\Npfs.sys
16:59:45.0968 3824 Npfs - ok
16:59:46.0031 3824 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs J:\WINDOWS\system32\drivers\Ntfs.sys
16:59:46.0062 3824 Ntfs - ok
16:59:46.0093 3824 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp J:\WINDOWS\System32\lsass.exe
16:59:46.0093 3824 NtLmSsp - ok
16:59:46.0156 3824 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc J:\WINDOWS\system32\ntmssvc.dll
16:59:46.0156 3824 NtmsSvc - ok
16:59:46.0187 3824 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null J:\WINDOWS\system32\drivers\Null.sys
16:59:46.0187 3824 Null - ok
16:59:46.0515 3824 [ 0DC79B60CEDC3A8854C27B3C6E4B3414 ] nv J:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:59:46.0625 3824 nv - ok
16:59:46.0671 3824 [ 971B4344ABA9B79ED0E9D0BB2A5283C1 ] NVSvc J:\WINDOWS\system32\nvsvc32.exe
16:59:46.0671 3824 NVSvc - ok
16:59:46.0781 3824 [ 4CDE6D8E0A07DCE9E568F58A5DC8086C ] nvUpdatusService J:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:59:46.0843 3824 nvUpdatusService - ok
16:59:46.0890 3824 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt J:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:59:46.0890 3824 NwlnkFlt - ok
16:59:46.0906 3824 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd J:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:59:46.0906 3824 NwlnkFwd - ok
16:59:46.0968 3824 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv J:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:59:46.0984 3824 odserv - ok
16:59:46.0984 3824 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 J:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:59:47.0000 3824 ohci1394 - ok
16:59:47.0046 3824 [ 5A432A042DAE460ABE7199B758E8606C ] ose J:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:59:47.0062 3824 ose - ok
16:59:47.0078 3824 [ E852A590216F0DA2B94DF5A937585554 ] ossrv J:\WINDOWS\system32\drivers\ctoss2k.sys
16:59:47.0093 3824 ossrv - ok
16:59:47.0156 3824 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport J:\WINDOWS\system32\DRIVERS\parport.sys
16:59:47.0156 3824 Parport - ok
16:59:47.0187 3824 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr J:\WINDOWS\system32\drivers\PartMgr.sys
16:59:47.0187 3824 PartMgr - ok
16:59:47.0250 3824 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm J:\WINDOWS\system32\drivers\ParVdm.sys
16:59:47.0250 3824 ParVdm - ok
16:59:47.0265 3824 [ A219903CCF74233761D92BEF471A07B1 ] PCI J:\WINDOWS\system32\DRIVERS\pci.sys
16:59:47.0265 3824 PCI - ok
16:59:47.0281 3824 PCIDump - ok
16:59:47.0281 3824 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde J:\WINDOWS\system32\DRIVERS\pciide.sys
16:59:47.0296 3824 PCIIde - ok
16:59:47.0343 3824 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia J:\WINDOWS\system32\drivers\Pcmcia.sys
16:59:47.0359 3824 Pcmcia - ok
16:59:47.0359 3824 PDCOMP - ok
16:59:47.0375 3824 PDFRAME - ok
16:59:47.0375 3824 PDRELI - ok
16:59:47.0390 3824 PDRFRAME - ok
16:59:47.0390 3824 perc2 - ok
16:59:47.0406 3824 perc2hib - ok
16:59:47.0437 3824 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay J:\WINDOWS\system32\services.exe
16:59:47.0437 3824 PlugPlay - ok
16:59:47.0453 3824 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent J:\WINDOWS\system32\lsass.exe
16:59:47.0453 3824 PolicyAgent - ok
16:59:47.0500 3824 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport J:\WINDOWS\system32\DRIVERS\raspptp.sys
16:59:47.0500 3824 PptpMiniport - ok
16:59:47.0515 3824 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor J:\WINDOWS\system32\DRIVERS\processr.sys
16:59:47.0515 3824 Processor - ok
16:59:47.0531 3824 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage J:\WINDOWS\system32\lsass.exe
16:59:47.0531 3824 ProtectedStorage - ok
16:59:47.0531 3824 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched J:\WINDOWS\system32\DRIVERS\psched.sys
16:59:47.0546 3824 PSched - ok
16:59:47.0578 3824 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink J:\WINDOWS\system32\DRIVERS\ptilink.sys
16:59:47.0578 3824 Ptilink - ok
16:59:47.0625 3824 [ FAA729E2E2FD3AFB8DF7A45DE8769CC3 ] PxHelp20 J:\WINDOWS\system32\DRIVERS\PxHelp20.sys
16:59:47.0625 3824 PxHelp20 - ok
16:59:47.0640 3824 ql1080 - ok
16:59:47.0656 3824 Ql10wnt - ok
16:59:47.0656 3824 ql12160 - ok
16:59:47.0671 3824 ql1240 - ok
16:59:47.0671 3824 ql1280 - ok
16:59:47.0687 3824 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd J:\WINDOWS\system32\DRIVERS\rasacd.sys
16:59:47.0687 3824 RasAcd - ok
16:59:47.0718 3824 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto J:\WINDOWS\System32\rasauto.dll
16:59:47.0718 3824 RasAuto - ok
16:59:47.0734 3824 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp J:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:59:47.0750 3824 Rasl2tp - ok
16:59:47.0765 3824 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan J:\WINDOWS\System32\rasmans.dll
16:59:47.0765 3824 RasMan - ok
16:59:47.0796 3824 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe J:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:59:47.0796 3824 RasPppoe - ok
16:59:47.0828 3824 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti J:\WINDOWS\system32\DRIVERS\raspti.sys
16:59:47.0828 3824 Raspti - ok
16:59:47.0859 3824 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss J:\WINDOWS\system32\DRIVERS\rdbss.sys
16:59:47.0859 3824 Rdbss - ok
16:59:47.0890 3824 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD J:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:59:47.0890 3824 RDPCDD - ok
16:59:47.0921 3824 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr J:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:59:47.0921 3824 rdpdr - ok
16:59:47.0953 3824 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD J:\WINDOWS\system32\drivers\RDPWD.sys
16:59:47.0953 3824 RDPWD - ok
16:59:47.0984 3824 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr J:\WINDOWS\system32\sessmgr.exe
16:59:48.0015 3824 RDSessMgr - ok
16:59:48.0046 3824 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook J:\WINDOWS\system32\DRIVERS\redbook.sys
16:59:48.0046 3824 redbook - ok
16:59:48.0078 3824 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess J:\WINDOWS\System32\mprdim.dll
16:59:48.0093 3824 RemoteAccess - ok
16:59:48.0109 3824 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry J:\WINDOWS\system32\regsvc.dll
16:59:48.0109 3824 RemoteRegistry - ok
16:59:48.0140 3824 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator J:\WINDOWS\System32\locator.exe
16:59:48.0140 3824 RpcLocator - ok
16:59:48.0171 3824 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs J:\WINDOWS\System32\rpcss.dll
16:59:48.0187 3824 RpcSs - ok
16:59:48.0234 3824 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP J:\WINDOWS\System32\rsvp.exe
16:59:48.0250 3824 RSVP - ok
16:59:48.0250 3824 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs J:\WINDOWS\system32\lsass.exe
16:59:48.0250 3824 SamSs - ok
16:59:48.0281 3824 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr J:\WINDOWS\System32\SCardSvr.exe
16:59:48.0281 3824 SCardSvr - ok
16:59:48.0312 3824 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule J:\WINDOWS\system32\schedsvc.dll
16:59:48.0312 3824 Schedule - ok
16:59:48.0375 3824 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv J:\WINDOWS\system32\DRIVERS\secdrv.sys
16:59:48.0375 3824 Secdrv - ok
16:59:48.0390 3824 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon J:\WINDOWS\System32\seclogon.dll
16:59:48.0406 3824 seclogon - ok
16:59:48.0421 3824 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS J:\WINDOWS\system32\sens.dll
16:59:48.0421 3824 SENS - ok
16:59:48.0437 3824 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum J:\WINDOWS\system32\DRIVERS\serenum.sys
16:59:48.0437 3824 serenum - ok
16:59:48.0437 3824 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial J:\WINDOWS\system32\DRIVERS\serial.sys
16:59:48.0453 3824 Serial - ok
16:59:48.0484 3824 [ 00DE597B81B381053CB5B21A7F20E365 ] sfdrv01 J:\WINDOWS\system32\drivers\sfdrv01.sys
16:59:48.0500 3824 sfdrv01 - ok
16:59:48.0500 3824 [ 64B9AB76F1B16EB059CB6CDD906C067A ] sfhlp02 J:\WINDOWS\system32\drivers\sfhlp02.sys
16:59:48.0500 3824 sfhlp02 - ok
16:59:48.0531 3824 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy J:\WINDOWS\system32\drivers\Sfloppy.sys
16:59:48.0546 3824 Sfloppy - ok
16:59:48.0546 3824 [ 798D918D8F20380008277CE3CE5319D1 ] sfsync02 J:\WINDOWS\system32\drivers\sfsync02.sys
16:59:48.0562 3824 sfsync02 - ok
16:59:48.0578 3824 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess J:\WINDOWS\System32\ipnathlp.dll
16:59:48.0578 3824 SharedAccess - ok
16:59:48.0609 3824 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection J:\WINDOWS\System32\shsvcs.dll
16:59:48.0609 3824 ShellHWDetection - ok
16:59:48.0625 3824 Simbad - ok
16:59:48.0656 3824 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver J:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
16:59:48.0656 3824 SmartDefragDriver - ok
16:59:48.0671 3824 Sparrow - ok
16:59:48.0703 3824 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter J:\WINDOWS\system32\drivers\splitter.sys
16:59:48.0703 3824 splitter - ok
16:59:48.0734 3824 [ 60784F891563FB1B767F70117FC2428F ] Spooler J:\WINDOWS\system32\spoolsv.exe
16:59:48.0734 3824 Spooler - ok
16:59:48.0750 3824 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr J:\WINDOWS\system32\DRIVERS\sr.sys
16:59:48.0750 3824 sr - ok
16:59:48.0781 3824 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice J:\WINDOWS\system32\srsvc.dll
16:59:48.0781 3824 srservice - ok
16:59:48.0859 3824 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP J:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
16:59:48.0875 3824 SRTSP - ok
16:59:48.0890 3824 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX J:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
16:59:48.0890 3824 SRTSPX - ok
16:59:48.0921 3824 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv J:\WINDOWS\system32\DRIVERS\srv.sys
16:59:48.0921 3824 Srv - ok
16:59:48.0953 3824 [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus J:\WINDOWS\system32\DRIVERS\sscebus.sys
16:59:48.0953 3824 sscebus - ok
16:59:48.0984 3824 [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl J:\WINDOWS\system32\DRIVERS\sscemdfl.sys
16:59:49.0015 3824 sscemdfl - ok
16:59:49.0031 3824 [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm J:\WINDOWS\system32\DRIVERS\sscemdm.sys
16:59:49.0031 3824 sscemdm - ok
16:59:49.0062 3824 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV J:\WINDOWS\System32\ssdpsrv.dll
16:59:49.0062 3824 SSDPSRV - ok
16:59:49.0062 3824 SSPORT - ok
16:59:49.0093 3824 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc J:\WINDOWS\system32\wiaservc.dll
16:59:49.0109 3824 stisvc - ok
16:59:49.0140 3824 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum J:\WINDOWS\system32\DRIVERS\swenum.sys
16:59:49.0140 3824 swenum - ok
16:59:49.0171 3824 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi J:\WINDOWS\system32\drivers\swmidi.sys
16:59:49.0171 3824 swmidi - ok
16:59:49.0171 3824 SwPrv - ok
16:59:49.0187 3824 symc810 - ok
16:59:49.0203 3824 symc8xx - ok
16:59:49.0250 3824 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS J:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
16:59:49.0265 3824 SymDS - ok
16:59:49.0296 3824 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA J:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
16:59:49.0312 3824 SymEFA - ok
16:59:49.0343 3824 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent J:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:59:49.0359 3824 SymEvent - ok
16:59:49.0359 3824 SYMFW - ok
16:59:49.0375 3824 SYMIDS - ok
16:59:49.0421 3824 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON J:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
16:59:49.0421 3824 SymIRON - ok
16:59:49.0421 3824 SYMNDIS - ok
16:59:49.0453 3824 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI J:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
16:59:49.0453 3824 SYMTDI - ok
16:59:49.0453 3824 sym_hi - ok
16:59:49.0468 3824 sym_u3 - ok
16:59:49.0484 3824 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio J:\WINDOWS\system32\drivers\sysaudio.sys
16:59:49.0500 3824 sysaudio - ok
16:59:49.0515 3824 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog J:\WINDOWS\system32\smlogsvc.exe
16:59:49.0515 3824 SysmonLog - ok
16:59:49.0546 3824 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv J:\WINDOWS\System32\tapisrv.dll
16:59:49.0546 3824 TapiSrv - ok
16:59:49.0609 3824 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip J:\WINDOWS\system32\DRIVERS\tcpip.sys
16:59:49.0625 3824 Tcpip - ok
16:59:49.0656 3824 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE J:\WINDOWS\system32\drivers\TDPIPE.sys
16:59:49.0671 3824 TDPIPE - ok
16:59:49.0687 3824 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP J:\WINDOWS\system32\drivers\TDTCP.sys
16:59:49.0687 3824 TDTCP - ok
16:59:49.0718 3824 [ 88155247177638048422893737429D9E ] TermDD J:\WINDOWS\system32\DRIVERS\termdd.sys
16:59:49.0734 3824 TermDD - ok
16:59:49.0750 3824 [ FF3477C03BE7201C294C35F684B3479F ] TermService J:\WINDOWS\System32\termsrv.dll
16:59:49.0765 3824 TermService - ok
16:59:49.0781 3824 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes J:\WINDOWS\System32\shsvcs.dll
16:59:49.0781 3824 Themes - ok
16:59:49.0843 3824 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr J:\WINDOWS\System32\tlntsvr.exe
16:59:49.0843 3824 TlntSvr - ok
16:59:49.0859 3824 TosIde - ok
16:59:49.0875 3824 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks J:\WINDOWS\system32\trkwks.dll
16:59:49.0875 3824 TrkWks - ok
16:59:49.0906 3824 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs J:\WINDOWS\system32\drivers\Udfs.sys
16:59:49.0906 3824 Udfs - ok
16:59:49.0921 3824 ultra - ok
16:59:49.0953 3824 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update J:\WINDOWS\system32\DRIVERS\update.sys
16:59:49.0953 3824 Update - ok
16:59:49.0968 3824 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost J:\WINDOWS\System32\upnphost.dll
16:59:50.0015 3824 upnphost - ok
16:59:50.0031 3824 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS J:\WINDOWS\System32\ups.exe
16:59:50.0046 3824 UPS - ok
16:59:50.0093 3824 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp J:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:59:50.0093 3824 usbccgp - ok
16:59:50.0109 3824 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci J:\WINDOWS\system32\DRIVERS\usbehci.sys
16:59:50.0109 3824 usbehci - ok
16:59:50.0156 3824 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub J:\WINDOWS\system32\DRIVERS\usbhub.sys
16:59:50.0171 3824 usbhub - ok
16:59:50.0187 3824 [ A717C8721046828520C9EDF31288FC00 ] usbprint J:\WINDOWS\system32\DRIVERS\usbprint.sys
16:59:50.0187 3824 usbprint - ok
16:59:50.0234 3824 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan J:\WINDOWS\system32\DRIVERS\usbscan.sys
16:59:50.0234 3824 usbscan - ok
16:59:50.0312 3824 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor J:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:59:50.0312 3824 usbstor - ok
16:59:50.0328 3824 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci J:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:59:50.0328 3824 usbuhci - ok
16:59:50.0375 3824 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave J:\WINDOWS\System32\drivers\vga.sys
16:59:50.0375 3824 VgaSave - ok
16:59:50.0375 3824 ViaIde - ok
16:59:50.0390 3824 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap J:\WINDOWS\system32\drivers\VolSnap.sys
16:59:50.0406 3824 VolSnap - ok
16:59:50.0437 3824 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS J:\WINDOWS\System32\vssvc.exe
16:59:50.0453 3824 VSS - ok
16:59:50.0468 3824 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time J:\WINDOWS\system32\w32time.dll
16:59:50.0484 3824 W32Time - ok
16:59:50.0531 3824 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp J:\WINDOWS\system32\DRIVERS\wanarp.sys
16:59:50.0531 3824 Wanarp - ok
16:59:50.0546 3824 WDICA - ok
16:59:50.0562 3824 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud J:\WINDOWS\system32\drivers\wdmaud.sys
16:59:50.0562 3824 wdmaud - ok
16:59:50.0593 3824 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient J:\WINDOWS\System32\webclnt.dll
16:59:50.0593 3824 WebClient - ok
16:59:50.0687 3824 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt J:\WINDOWS\system32\wbem\WMIsvc.dll
16:59:50.0687 3824 winmgmt - ok
16:59:50.0734 3824 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN J:\WINDOWS\system32\MsPMSNSv.dll
16:59:50.0765 3824 WmdmPmSN - ok
16:59:50.0812 3824 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi J:\WINDOWS\System32\advapi32.dll
16:59:50.0812 3824 Wmi - ok
16:59:50.0859 3824 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv J:\WINDOWS\System32\wbem\wmiapsrv.exe
16:59:50.0859 3824 WmiApSrv - ok
16:59:50.0937 3824 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc J:\Program Files\Windows Media Player\WMPNetwk.exe
16:59:50.0968 3824 WMPNetworkSvc - ok
16:59:51.0062 3824 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 J:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:59:51.0093 3824 WPFFontCache_v0400 - ok
16:59:51.0140 3824 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL J:\WINDOWS\System32\drivers\ws2ifsl.sys
16:59:51.0140 3824 WS2IFSL - ok
16:59:51.0171 3824 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc J:\WINDOWS\system32\wscsvc.dll
16:59:51.0187 3824 wscsvc - ok
16:59:51.0218 3824 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv J:\WINDOWS\system32\wuauserv.dll
16:59:51.0234 3824 wuauserv - ok
16:59:51.0265 3824 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf J:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:59:51.0281 3824 WudfPf - ok
16:59:51.0296 3824 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd J:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:59:51.0296 3824 WudfRd - ok
16:59:51.0343 3824 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc J:\WINDOWS\System32\WUDFSvc.dll
16:59:51.0343 3824 WudfSvc - ok
16:59:51.0390 3824 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC J:\WINDOWS\System32\wzcsvc.dll
16:59:51.0406 3824 WZCSVC - ok
16:59:51.0453 3824 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov J:\WINDOWS\System32\xmlprov.dll
16:59:51.0484 3824 xmlprov - ok
16:59:51.0500 3824 ================ Scan global ===============================
16:59:51.0546 3824 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] J:\WINDOWS\system32\basesrv.dll
16:59:51.0562 3824 [ 8C7DCA4B158BF16894120786A7A5F366 ] J:\WINDOWS\system32\winsrv.dll
16:59:51.0593 3824 [ 8C7DCA4B158BF16894120786A7A5F366 ] J:\WINDOWS\system32\winsrv.dll
16:59:51.0609 3824 [ 65DF52F5B8B6E9BBD183505225C37315 ] J:\WINDOWS\system32\services.exe
16:59:51.0609 3824 [Global] - ok
16:59:51.0609 3824 ================ Scan MBR ==================================
16:59:51.0625 3824 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:59:51.0640 3824 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:59:51.0640 3824 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:59:51.0671 3824 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:59:51.0828 3824 \Device\Harddisk1\DR1 - ok
16:59:51.0828 3824 ================ Scan VBR ==================================
16:59:51.0828 3824 [ 04CA63503D47E2FE5A8F9E87718B99DD ] \Device\Harddisk0\DR0\Partition1
16:59:51.0828 3824 \Device\Harddisk0\DR0\Partition1 - ok
16:59:51.0843 3824 [ EDC5DFF516ECCC241E9F9A05B4F23BA3 ] \Device\Harddisk1\DR1\Partition1
16:59:51.0843 3824 \Device\Harddisk1\DR1\Partition1 - ok
16:59:51.0843 3824 ============================================================
16:59:51.0843 3824 Scan finished
16:59:51.0843 3824 ============================================================
16:59:51.0859 2420 Detected object count: 1
16:59:51.0859 2420 Actual detected object count: 1
17:00:16.0812 2420 \Device\Harddisk0\DR0\# - copied to quarantine
17:00:16.0812 2420 \Device\Harddisk0\DR0 - copied to quarantine
17:00:16.0875 2420 \Device\Harddisk0\DR0 - processing error
17:00:21.0703 2420 \Device\Harddisk0\DR0 - will be restored on reboot
17:00:22.0781 2420 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure Restore
17:00:40.0890 2584 Deinitialize success

TDSSKiller.txt @17:28

17:28:34.0609 3892 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:28:34.0968 3892 ============================================================
17:28:34.0968 3892 Current date / time: 2012/11/12 17:28:34.0968
17:28:34.0968 3892 SystemInfo:
17:28:34.0968 3892
17:28:34.0968 3892 OS Version: 5.1.2600 ServicePack: 3.0
17:28:34.0968 3892 Product type: Workstation
17:28:34.0968 3892 ComputerName: BOBSCOMPUTER
17:28:34.0968 3892 UserName: Robert Hotte
17:28:34.0968 3892 Windows directory: J:\WINDOWS
17:28:34.0968 3892 System windows directory: J:\WINDOWS
17:28:34.0968 3892 Processor architecture: Intel x86
17:28:34.0968 3892 Number of processors: 2
17:28:34.0968 3892 Page size: 0x1000
17:28:34.0968 3892 Boot type: Normal boot
17:28:34.0968 3892 ============================================================
17:28:36.0546 3892 BG loaded
17:28:36.0921 3892 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:28:36.0937 3892 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:28:36.0968 3892 ============================================================
17:28:36.0968 3892 \Device\Harddisk0\DR0:
17:28:36.0968 3892 MBR partitions:
17:28:36.0968 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
17:28:36.0968 3892 \Device\Harddisk1\DR1:
17:28:36.0968 3892 MBR partitions:
17:28:36.0968 3892 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
17:28:36.0968 3892 ============================================================
17:28:36.0984 3892 C: <-> \Device\Harddisk0\DR0\Partition1
17:28:37.0093 3892 J: <-> \Device\Harddisk1\DR1\Partition1
17:28:37.0093 3892 ============================================================
17:28:37.0093 3892 Initialize success
17:28:37.0093 3892 ============================================================
17:28:39.0078 3324 ============================================================
17:28:39.0078 3324 Scan started
17:28:39.0078 3324 Mode: Manual;
17:28:39.0078 3324 ============================================================
17:28:40.0109 3324 ================ Scan system memory ========================
17:28:40.0125 3324 System memory - ok
17:28:40.0125 3324 ================ Scan services =============================
17:28:40.0203 3324 Abiosdsk - ok
17:28:40.0203 3324 abp480n5 - ok
17:28:40.0265 3324 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI J:\WINDOWS\system32\DRIVERS\ACPI.sys
17:28:40.0265 3324 ACPI - ok
17:28:40.0312 3324 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC J:\WINDOWS\system32\drivers\ACPIEC.sys
17:28:40.0312 3324 ACPIEC - ok
17:28:40.0312 3324 adpu160m - ok
17:28:40.0359 3324 [ 8BED39E3C35D6A489438B8141717A557 ] aec J:\WINDOWS\system32\drivers\aec.sys
17:28:40.0359 3324 aec - ok
17:28:40.0390 3324 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD J:\WINDOWS\System32\drivers\afd.sys
17:28:40.0390 3324 AFD - ok
17:28:40.0406 3324 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 J:\WINDOWS\system32\DRIVERS\agp440.sys
17:28:40.0406 3324 agp440 - ok
17:28:40.0421 3324 Aha154x - ok
17:28:40.0421 3324 aic78u2 - ok
17:28:40.0437 3324 aic78xx - ok
17:28:40.0468 3324 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter J:\WINDOWS\system32\alrsvc.dll
17:28:40.0468 3324 Alerter - ok
17:28:40.0500 3324 [ 8C515081584A38AA007909CD02020B3D ] ALG J:\WINDOWS\System32\alg.exe
17:28:40.0500 3324 ALG - ok
17:28:40.0515 3324 AliIde - ok
17:28:40.0531 3324 amsint - ok
17:28:40.0578 3324 [ 8D3A55F7B7BE6B374479E5195F477226 ] AnyDVD J:\WINDOWS\system32\Drivers\AnyDVD.sys
17:28:40.0640 3324 AnyDVD - ok
17:28:40.0687 3324 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt J:\WINDOWS\System32\appmgmts.dll
17:28:40.0703 3324 AppMgmt - ok
17:28:40.0718 3324 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 J:\WINDOWS\system32\DRIVERS\arp1394.sys
17:28:40.0718 3324 Arp1394 - ok
17:28:40.0734 3324 asc - ok
17:28:40.0734 3324 asc3350p - ok
17:28:40.0750 3324 asc3550 - ok
17:28:40.0843 3324 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state J:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:28:40.0859 3324 aspnet_state - ok
17:28:40.0890 3324 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac J:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:28:40.0890 3324 AsyncMac - ok
17:28:40.0906 3324 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi J:\WINDOWS\system32\DRIVERS\atapi.sys
17:28:40.0906 3324 atapi - ok
17:28:40.0921 3324 Atdisk - ok
17:28:40.0937 3324 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc J:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:28:40.0937 3324 Atmarpc - ok
17:28:40.0984 3324 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv J:\WINDOWS\System32\audiosrv.dll
17:28:40.0984 3324 AudioSrv - ok
17:28:41.0015 3324 [ D9F724AA26C010A217C97606B160ED68 ] audstub J:\WINDOWS\system32\DRIVERS\audstub.sys
17:28:41.0015 3324 audstub - ok
17:28:41.0046 3324 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep J:\WINDOWS\system32\drivers\Beep.sys
17:28:41.0046 3324 Beep - ok
17:28:41.0156 3324 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 J:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
17:28:41.0171 3324 BHDrvx86 - ok
17:28:41.0203 3324 [ 574738F61FCA2935F5265DC4E5691314 ] BITS J:\WINDOWS\system32\qmgr.dll
17:28:41.0218 3324 BITS - ok
17:28:41.0265 3324 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser J:\WINDOWS\System32\browser.dll
17:28:41.0265 3324 Browser - ok
17:28:41.0359 3324 catchme - ok
17:28:41.0390 3324 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k J:\WINDOWS\system32\drivers\cbidf2k.sys
17:28:41.0390 3324 cbidf2k - ok
17:28:41.0406 3324 cd20xrnt - ok
17:28:41.0421 3324 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio J:\WINDOWS\system32\drivers\Cdaudio.sys
17:28:41.0437 3324 Cdaudio - ok
17:28:41.0468 3324 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs J:\WINDOWS\system32\drivers\Cdfs.sys
17:28:41.0468 3324 Cdfs - ok
17:28:41.0500 3324 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom J:\WINDOWS\system32\DRIVERS\cdrom.sys
17:28:41.0500 3324 Cdrom - ok
17:28:41.0515 3324 Changer - ok
17:28:41.0562 3324 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc J:\WINDOWS\system32\cisvc.exe
17:28:41.0562 3324 CiSvc - ok
17:28:41.0609 3324 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv J:\WINDOWS\system32\clipsrv.exe
17:28:41.0609 3324 ClipSrv - ok
17:28:41.0656 3324 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 J:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:28:41.0656 3324 clr_optimization_v2.0.50727_32 - ok
17:28:41.0718 3324 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 J:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:28:41.0718 3324 clr_optimization_v4.0.30319_32 - ok
17:28:41.0734 3324 CmdIde - ok
17:28:41.0781 3324 [ 22F8692FD3E017EAD334945B3199B0E3 ] COMMONFX J:\WINDOWS\system32\drivers\COMMONFX.SYS
17:28:41.0796 3324 COMMONFX - ok
17:28:41.0796 3324 [ 22F8692FD3E017EAD334945B3199B0E3 ] COMMONFX.SYS J:\WINDOWS\System32\drivers\COMMONFX.SYS
17:28:41.0812 3324 COMMONFX.SYS - ok
17:28:41.0812 3324 COMSysApp - ok
17:28:41.0828 3324 Cpqarray - ok
17:28:41.0859 3324 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service J:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:28:41.0875 3324 Creative Audio Engine Licensing Service - ok
17:28:41.0921 3324 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc J:\WINDOWS\System32\cryptsvc.dll
17:28:41.0921 3324 CryptSvc - ok
17:28:41.0968 3324 [ AA7E939BC07965A807C6AC2F1D4D22B7 ] ctac32k J:\WINDOWS\system32\drivers\ctac32k.sys
17:28:41.0984 3324 ctac32k - ok
17:28:42.0015 3324 [ 79E7ABBF928D8A8002EBBA0985905DC1 ] ctaud2k J:\WINDOWS\system32\drivers\ctaud2k.sys
17:28:42.0046 3324 ctaud2k - ok
17:28:42.0078 3324 [ 6D98048890B44191E0DAED4639A9F18C ] CTAUDFX J:\WINDOWS\system32\drivers\CTAUDFX.SYS
17:28:42.0093 3324 CTAUDFX - ok
17:28:42.0109 3324 [ 6D98048890B44191E0DAED4639A9F18C ] CTAUDFX.SYS J:\WINDOWS\System32\drivers\CTAUDFX.SYS
17:28:42.0125 3324 CTAUDFX.SYS - ok
17:28:42.0156 3324 [ 645EC8749BBBA7E991A72BFAC2E14AA7 ] CTAudSvcService J:\Program Files\Creative\Shared Files\CTAudSvc.exe
17:28:42.0187 3324 CTAudSvcService - ok
17:28:42.0218 3324 [ A216C8698C4406A031AF6F867AFE4F92 ] ctdvda2k J:\WINDOWS\system32\drivers\ctdvda2k.sys
17:28:42.0218 3324 ctdvda2k - ok
17:28:42.0250 3324 [ 5192225E2ADFD36D0FC7D61B8E0BAE87 ] CTERFXFX J:\WINDOWS\system32\drivers\CTERFXFX.SYS
17:28:42.0250 3324 CTERFXFX - ok
17:28:42.0265 3324 [ 5192225E2ADFD36D0FC7D61B8E0BAE87 ] CTERFXFX.SYS J:\WINDOWS\System32\drivers\CTERFXFX.SYS
17:28:42.0265 3324 CTERFXFX.SYS - ok
17:28:42.0296 3324 [ B13DF6FF4547A7629413B20262DA385A ] ctgame J:\WINDOWS\system32\DRIVERS\ctgame.sys
17:28:42.0296 3324 ctgame - ok
17:28:42.0312 3324 [ CE3395B054B641E454C8861020FF1D82 ] ctprxy2k J:\WINDOWS\system32\drivers\ctprxy2k.sys
17:28:42.0328 3324 ctprxy2k - ok
17:28:42.0359 3324 [ 8750C640D3068861117FA9166B8AECDE ] CTSBLFX J:\WINDOWS\system32\drivers\CTSBLFX.SYS
17:28:42.0375 3324 CTSBLFX - ok
17:28:42.0421 3324 [ 8750C640D3068861117FA9166B8AECDE ] CTSBLFX.SYS J:\WINDOWS\System32\drivers\CTSBLFX.SYS
17:28:42.0421 3324 CTSBLFX.SYS - ok
17:28:42.0453 3324 [ 01B9017D05D82B6FBCD5CECCE93F3AA7 ] ctsfm2k J:\WINDOWS\system32\drivers\ctsfm2k.sys
17:28:42.0453 3324 ctsfm2k - ok
17:28:42.0453 3324 dac2w2k - ok
17:28:42.0468 3324 dac960nt - ok
17:28:42.0546 3324 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch J:\WINDOWS\system32\rpcss.dll
17:28:42.0546 3324 DcomLaunch - ok
17:28:42.0562 3324 DgiVecp - ok
17:28:42.0593 3324 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp J:\WINDOWS\System32\dhcpcsvc.dll
17:28:42.0640 3324 Dhcp - ok
17:28:42.0656 3324 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk J:\WINDOWS\system32\DRIVERS\disk.sys
17:28:42.0656 3324 Disk - ok
17:28:42.0671 3324 dmadmin - ok
17:28:42.0703 3324 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot J:\WINDOWS\system32\drivers\dmboot.sys
17:28:42.0718 3324 dmboot - ok
17:28:42.0750 3324 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio J:\WINDOWS\system32\drivers\dmio.sys
17:28:42.0750 3324 dmio - ok
17:28:42.0765 3324 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload J:\WINDOWS\system32\drivers\dmload.sys
17:28:42.0765 3324 dmload - ok
17:28:42.0828 3324 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver J:\WINDOWS\System32\dmserver.dll
17:28:42.0843 3324 dmserver - ok
17:28:42.0859 3324 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic J:\WINDOWS\system32\drivers\DMusic.sys
17:28:42.0859 3324 DMusic - ok
17:28:42.0890 3324 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache J:\WINDOWS\System32\dnsrslvr.dll
17:28:42.0906 3324 Dnscache - ok
17:28:42.0937 3324 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc J:\WINDOWS\System32\dot3svc.dll
17:28:42.0937 3324 Dot3svc - ok
17:28:42.0953 3324 dpti2o - ok
17:28:42.0968 3324 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud J:\WINDOWS\system32\drivers\drmkaud.sys
17:28:42.0984 3324 drmkaud - ok
17:28:43.0000 3324 [ 2476936F4994E9084CCFE75ED4F6226A ] E1000 J:\WINDOWS\system32\DRIVERS\e1000325.sys
17:28:43.0000 3324 E1000 - ok
17:28:43.0046 3324 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost J:\WINDOWS\System32\eapsvc.dll
17:28:43.0062 3324 EapHost - ok
17:28:43.0109 3324 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl J:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:28:43.0125 3324 eeCtrl - ok
17:28:43.0156 3324 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL J:\WINDOWS\system32\Drivers\ElbyCDFL.sys
17:28:43.0156 3324 ElbyCDFL - ok
17:28:43.0203 3324 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO J:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:28:43.0203 3324 ElbyCDIO - ok
17:28:43.0218 3324 [ 71B09041642DE925E6150EB525DCC3BF ] emupia J:\WINDOWS\system32\drivers\emupia2k.sys
17:28:43.0234 3324 emupia - ok
17:28:43.0265 3324 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv J:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:28:43.0265 3324 EraserUtilRebootDrv - ok
17:28:43.0312 3324 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc J:\WINDOWS\System32\ersvc.dll
17:28:43.0312 3324 ERSvc - ok
17:28:43.0375 3324 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog J:\WINDOWS\system32\services.exe
17:28:43.0406 3324 Eventlog - ok
17:28:43.0453 3324 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem J:\WINDOWS\System32\es.dll
17:28:43.0468 3324 EventSystem - ok
17:28:43.0484 3324 [ 38D332A6D56AF32635675F132548343E ] Fastfat J:\WINDOWS\system32\drivers\Fastfat.sys
17:28:43.0484 3324 Fastfat - ok
17:28:43.0531 3324 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility J:\WINDOWS\System32\shsvcs.dll
17:28:43.0531 3324 FastUserSwitchingCompatibility - ok
17:28:43.0562 3324 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc J:\WINDOWS\system32\DRIVERS\fdc.sys
17:28:43.0562 3324 Fdc - ok
17:28:43.0593 3324 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips J:\WINDOWS\system32\drivers\Fips.sys
17:28:43.0593 3324 Fips - ok
17:28:43.0625 3324 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk J:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:28:43.0640 3324 Flpydisk - ok
17:28:43.0656 3324 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr J:\WINDOWS\system32\drivers\fltmgr.sys
17:28:43.0687 3324 FltMgr - ok
17:28:43.0781 3324 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 j:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:28:43.0781 3324 FontCache3.0.0.0 - ok
17:28:43.0828 3324 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk J:\WINDOWS\system32\FsUsbExDisk.SYS
17:28:43.0828 3324 FsUsbExDisk - ok
17:28:43.0843 3324 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService J:\WINDOWS\system32\FsUsbExService.Exe
17:28:43.0875 3324 FsUsbExService - ok
17:28:43.0890 3324 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec J:\WINDOWS\system32\drivers\Fs_Rec.sys
17:28:43.0890 3324 Fs_Rec - ok
17:28:43.0906 3324 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk J:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:28:43.0906 3324 Ftdisk - ok
17:28:43.0921 3324 [ 72FE2BEA6863D4EB93442A1C4FB5CA48 ] GcKernel J:\WINDOWS\system32\DRIVERS\GcKernel.sys
17:28:43.0937 3324 GcKernel - ok
17:28:43.0953 3324 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM J:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:28:43.0953 3324 GEARAspiWDM - ok
17:28:44.0000 3324 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc J:\WINDOWS\system32\DRIVERS\msgpc.sys
17:28:44.0000 3324 Gpc - ok
17:28:44.0031 3324 [ 2E37C43FB534F1D85DCF552D5B2AF9BA ] ha10kx2k J:\WINDOWS\system32\drivers\ha10kx2k.sys
17:28:44.0062 3324 ha10kx2k - ok
17:28:44.0093 3324 [ 607B73DC2A69A98C7F10B5702D947319 ] hap16v2k J:\WINDOWS\system32\drivers\hap16v2k.sys
17:28:44.0093 3324 hap16v2k - ok
17:28:44.0109 3324 [ F674EEAA2D1ED14606AEDFED65C34893 ] hap17v2k J:\WINDOWS\system32\drivers\hap17v2k.sys
17:28:44.0109 3324 hap17v2k - ok
17:28:44.0218 3324 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc J:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:28:44.0218 3324 helpsvc - ok
17:28:44.0234 3324 HidServ - ok
17:28:44.0265 3324 [ BD205320308FB41C88A4049A2D1764B4 ] HIDSwvd J:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
17:28:44.0281 3324 HIDSwvd - ok
17:28:44.0296 3324 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb J:\WINDOWS\system32\DRIVERS\hidusb.sys
17:28:44.0296 3324 hidusb - ok
17:28:44.0343 3324 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc J:\WINDOWS\System32\kmsvc.dll
17:28:44.0343 3324 hkmsvc - ok
17:28:44.0359 3324 hpn - ok
17:28:44.0406 3324 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP J:\WINDOWS\system32\Drivers\HTTP.sys
17:28:44.0421 3324 HTTP - ok
17:28:44.0468 3324 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter J:\WINDOWS\System32\w3ssl.dll
17:28:44.0468 3324 HTTPFilter - ok
17:28:44.0484 3324 i2omgmt - ok
17:28:44.0484 3324 i2omp - ok
17:28:44.0531 3324 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt J:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:28:44.0531 3324 i8042prt - ok
17:28:44.0593 3324 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc J:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:28:44.0640 3324 idsvc - ok
17:28:44.0750 3324 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 J:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121109.001\IDSxpx86.sys
17:28:44.0750 3324 IDSxpx86 - ok
17:28:44.0765 3324 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi J:\WINDOWS\system32\DRIVERS\imapi.sys
17:28:44.0765 3324 Imapi - ok
17:28:44.0812 3324 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService J:\WINDOWS\system32\imapi.exe
17:28:44.0828 3324 ImapiService - ok
17:28:44.0828 3324 ini910u - ok
17:28:44.0843 3324 IntelIde - ok
17:28:44.0875 3324 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm J:\WINDOWS\system32\DRIVERS\intelppm.sys
17:28:44.0875 3324 intelppm - ok
17:28:44.0890 3324 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw J:\WINDOWS\system32\drivers\ip6fw.sys
17:28:44.0906 3324 ip6fw - ok
17:28:44.0906 3324 IPFilter - ok
17:28:44.0953 3324 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver J:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:28:44.0953 3324 IpFilterDriver - ok
17:28:44.0968 3324 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp J:\WINDOWS\system32\DRIVERS\ipinip.sys
17:28:44.0984 3324 IpInIp - ok
17:28:45.0000 3324 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat J:\WINDOWS\system32\DRIVERS\ipnat.sys
17:28:45.0000 3324 IpNat - ok
17:28:45.0031 3324 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec J:\WINDOWS\system32\DRIVERS\ipsec.sys
17:28:45.0031 3324 IPSec - ok
17:28:45.0062 3324 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM J:\WINDOWS\system32\DRIVERS\irenum.sys
17:28:45.0062 3324 IRENUM - ok
17:28:45.0078 3324 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp J:\WINDOWS\system32\DRIVERS\isapnp.sys
17:28:45.0078 3324 isapnp - ok
17:28:45.0281 3324 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService J:\java\jre6\bin\jqs.exe
17:28:45.0343 3324 JavaQuickStarterService - ok
17:28:45.0390 3324 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass J:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:28:45.0390 3324 Kbdclass - ok
17:28:45.0437 3324 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid J:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:28:45.0562 3324 kbdhid - ok
17:28:45.0671 3324 [ 692BCF44383D056AED41B045A323D378 ] kmixer J:\WINDOWS\system32\drivers\kmixer.sys
17:28:45.0703 3324 kmixer - ok
17:28:45.0750 3324 [ B467646C54CC746128904E1654C750C1 ] KSecDD J:\WINDOWS\system32\drivers\KSecDD.sys
17:28:45.0781 3324 KSecDD - ok
17:28:45.0828 3324 [ 4103DBB6CAA85E40D271C1AD12BBF776 ] L8042pr2 J:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
17:28:45.0843 3324 L8042pr2 - ok
17:28:45.0890 3324 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver J:\WINDOWS\System32\srvsvc.dll
17:28:45.0937 3324 lanmanserver - ok
17:28:45.0984 3324 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation J:\WINDOWS\System32\wkssvc.dll
17:28:45.0984 3324 lanmanworkstation - ok
17:28:46.0000 3324 lbrtfdc - ok
17:28:46.0031 3324 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts J:\WINDOWS\System32\lmhsvc.dll
17:28:46.0046 3324 LmHosts - ok
17:28:46.0062 3324 [ B666F835C18974F392A387C6E863072F ] LMouFlt2 J:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
17:28:46.0078 3324 LMouFlt2 - ok
17:28:46.0109 3324 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector J:\WINDOWS\system32\drivers\mbam.sys
17:28:46.0125 3324 MBAMProtector - ok
17:28:46.0187 3324 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler J:\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:28:46.0187 3324 MBAMScheduler - ok
17:28:46.0250 3324 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService J:\Malwarebytes' Anti-Malware\mbamservice.exe
17:28:46.0281 3324 MBAMService - ok
17:28:46.0312 3324 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger J:\WINDOWS\System32\msgsvc.dll
17:28:46.0312 3324 Messenger - ok
17:28:46.0328 3324 [ BAFDD5E28BAEA99D7F4772AF2F5EC7EE ] mfeavfk J:\WINDOWS\system32\drivers\mfeavfk.sys
17:28:46.0328 3324 mfeavfk - ok
17:28:46.0343 3324 [ 1D003E3056A43D881597D6763E83B943 ] mfebopk J:\WINDOWS\system32\drivers\mfebopk.sys
17:28:46.0359 3324 mfebopk - ok
17:28:46.0390 3324 [ 3F138A1C8A0659F329F242D1E389B2CF ] mfehidk J:\WINDOWS\system32\drivers\mfehidk.sys
17:28:46.0406 3324 mfehidk - ok
17:28:46.0468 3324 [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk J:\WINDOWS\system32\drivers\mferkdk.sys
17:28:46.0468 3324 mferkdk - ok
17:28:46.0484 3324 [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk J:\WINDOWS\system32\drivers\mfesmfk.sys
17:28:46.0484 3324 mfesmfk - ok
17:28:46.0562 3324 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service J:\Microsoft Office\Office12\GrooveAuditService.exe
17:28:46.0562 3324 Microsoft Office Groove Audit Service - ok
17:28:46.0609 3324 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd J:\WINDOWS\system32\drivers\mnmdd.sys
17:28:46.0609 3324 mnmdd - ok
17:28:46.0671 3324 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc J:\WINDOWS\System32\mnmsrvc.exe
17:28:46.0687 3324 mnmsrvc - ok
17:28:46.0703 3324 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem J:\WINDOWS\system32\drivers\Modem.sys
17:28:46.0718 3324 Modem - ok
17:28:46.0734 3324 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass J:\WINDOWS\system32\DRIVERS\mouclass.sys
17:28:46.0734 3324 Mouclass - ok
17:28:46.0734 3324 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr J:\WINDOWS\system32\drivers\MountMgr.sys
17:28:46.0750 3324 MountMgr - ok
17:28:46.0750 3324 mraid35x - ok
17:28:46.0765 3324 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV J:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:28:46.0765 3324 MRxDAV - ok
17:28:46.0812 3324 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb J:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:28:46.0843 3324 MRxSmb - ok
17:28:46.0906 3324 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC J:\WINDOWS\System32\msdtc.exe
17:28:46.0906 3324 MSDTC - ok
17:28:46.0921 3324 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs J:\WINDOWS\system32\drivers\Msfs.sys
17:28:46.0921 3324 Msfs - ok
17:28:46.0921 3324 MSIServer - ok
17:28:46.0937 3324 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV J:\WINDOWS\system32\drivers\MSKSSRV.sys
17:28:46.0937 3324 MSKSSRV - ok
17:28:46.0984 3324 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK J:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:28:46.0984 3324 MSPCLOCK - ok
17:28:47.0000 3324 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM J:\WINDOWS\system32\drivers\MSPQM.sys
17:28:47.0000 3324 MSPQM - ok
17:28:47.0031 3324 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios J:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:28:47.0031 3324 mssmbios - ok
17:28:47.0046 3324 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup J:\WINDOWS\system32\drivers\Mup.sys
17:28:47.0062 3324 Mup - ok
17:28:47.0140 3324 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 J:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
17:28:47.0140 3324 N360 - ok
17:28:47.0203 3324 [ 0102140028FAD045756796E1C685D695 ] napagent J:\WINDOWS\System32\qagentrt.dll
17:28:47.0203 3324 napagent - ok
17:28:47.0296 3324 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG J:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121112.003\NAVENG.SYS
17:28:47.0296 3324 NAVENG - ok
17:28:47.0500 3324 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 J:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121112.003\NAVEX15.SYS
17:28:47.0687 3324 NAVEX15 - ok
17:28:47.0765 3324 [ 1DF7F42665C94B825322FAE71721130D ] NDIS J:\WINDOWS\system32\drivers\NDIS.sys
17:28:47.0859 3324 NDIS - ok
17:28:47.0906 3324 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi J:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:28:47.0906 3324 NdisTapi - ok
17:28:47.0937 3324 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio J:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:28:47.0953 3324 Ndisuio - ok
17:28:47.0968 3324 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan J:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:28:47.0968 3324 NdisWan - ok
17:28:47.0984 3324 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy J:\WINDOWS\system32\drivers\NDProxy.sys
17:28:47.0984 3324 NDProxy - ok
17:28:48.0000 3324 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS J:\WINDOWS\system32\DRIVERS\netbios.sys
17:28:48.0000 3324 NetBIOS - ok
17:28:48.0031 3324 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT J:\WINDOWS\system32\DRIVERS\netbt.sys
17:28:48.0031 3324 NetBT - ok
17:28:48.0078 3324 [ B857BA82860D7FF85AE29B095645563B ] NetDDE J:\WINDOWS\system32\netdde.exe
17:28:48.0078 3324 NetDDE - ok
17:28:48.0093 3324 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm J:\WINDOWS\system32\netdde.exe
17:28:48.0093 3324 NetDDEdsdm - ok
17:28:48.0125 3324 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon J:\WINDOWS\system32\lsass.exe
17:28:48.0125 3324 Netlogon - ok
17:28:48.0171 3324 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman J:\WINDOWS\System32\netman.dll
17:28:48.0187 3324 Netman - ok
17:28:48.0218 3324 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing J:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:28:48.0218 3324 NetTcpPortSharing - ok
17:28:48.0250 3324 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 J:\WINDOWS\system32\DRIVERS\nic1394.sys
17:28:48.0250 3324 NIC1394 - ok
17:28:48.0281 3324 [ 943337D786A56729263071623BBB9DE5 ] Nla J:\WINDOWS\System32\mswsock.dll
17:28:48.0281 3324 Nla - ok
17:28:48.0296 3324 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs J:\WINDOWS\system32\drivers\Npfs.sys
17:28:48.0296 3324 Npfs - ok
17:28:48.0375 3324 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs J:\WINDOWS\system32\drivers\Ntfs.sys
17:28:48.0390 3324 Ntfs - ok
17:28:48.0390 3324 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp J:\WINDOWS\System32\lsass.exe
17:28:48.0390 3324 NtLmSsp - ok
17:28:48.0468 3324 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc J:\WINDOWS\system32\ntmssvc.dll
17:28:48.0468 3324 NtmsSvc - ok
17:28:48.0500 3324 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null J:\WINDOWS\system32\drivers\Null.sys
17:28:48.0500 3324 Null - ok
17:28:48.0828 3324 [ 0DC79B60CEDC3A8854C27B3C6E4B3414 ] nv J:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:28:49.0125 3324 nv - ok
17:28:49.0156 3324 [ 971B4344ABA9B79ED0E9D0BB2A5283C1 ] NVSvc J:\WINDOWS\system32\nvsvc32.exe
17:28:49.0187 3324 NVSvc - ok
17:28:49.0296 3324 [ 4CDE6D8E0A07DCE9E568F58A5DC8086C ] nvUpdatusService J:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:28:49.0437 3324 nvUpdatusService - ok
17:28:49.0468 3324 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt J:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:28:49.0484 3324 NwlnkFlt - ok
17:28:49.0500 3324 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd J:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:28:49.0500 3324 NwlnkFwd - ok
17:28:49.0640 3324 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv J:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:28:49.0671 3324 odserv - ok
17:28:49.0687 3324 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 J:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:28:49.0687 3324 ohci1394 - ok
17:28:49.0734 3324 [ 5A432A042DAE460ABE7199B758E8606C ] ose J:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:28:49.0734 3324 ose - ok
17:28:49.0750 3324 [ E852A590216F0DA2B94DF5A937585554 ] ossrv J:\WINDOWS\system32\drivers\ctoss2k.sys
17:28:49.0750 3324 ossrv - ok
17:28:49.0812 3324 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport J:\WINDOWS\system32\DRIVERS\parport.sys
17:28:49.0812 3324 Parport - ok
17:28:49.0828 3324 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr J:\WINDOWS\system32\drivers\PartMgr.sys
17:28:49.0828 3324 PartMgr - ok
17:28:49.0875 3324 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm J:\WINDOWS\system32\drivers\ParVdm.sys
17:28:49.0890 3324 ParVdm - ok
17:28:49.0890 3324 [ A219903CCF74233761D92BEF471A07B1 ] PCI J:\WINDOWS\system32\DRIVERS\pci.sys
17:28:49.0890 3324 PCI - ok
17:28:49.0906 3324 PCIDump - ok
17:28:49.0906 3324 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde J:\WINDOWS\system32\DRIVERS\pciide.sys
17:28:49.0921 3324 PCIIde - ok
17:28:49.0968 3324 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia J:\WINDOWS\system32\drivers\Pcmcia.sys
17:28:49.0968 3324 Pcmcia - ok
17:28:49.0984 3324 PDCOMP - ok
17:28:50.0000 3324 PDFRAME - ok
17:28:50.0000 3324 PDRELI - ok
17:28:50.0015 3324 PDRFRAME - ok
17:28:50.0015 3324 perc2 - ok
17:28:50.0031 3324 perc2hib - ok
17:28:50.0062 3324 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay J:\WINDOWS\system32\services.exe
17:28:50.0062 3324 PlugPlay - ok
17:28:50.0078 3324 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent J:\WINDOWS\system32\lsass.exe
17:28:50.0078 3324 PolicyAgent - ok
17:28:50.0125 3324 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport J:\WINDOWS\system32\DRIVERS\raspptp.sys
17:28:50.0125 3324 PptpMiniport - ok
17:28:50.0140 3324 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor J:\WINDOWS\system32\DRIVERS\processr.sys
17:28:50.0140 3324 Processor - ok
17:28:50.0156 3324 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage J:\WINDOWS\system32\lsass.exe
17:28:50.0156 3324 ProtectedStorage - ok
17:28:50.0171 3324 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched J:\WINDOWS\system32\DRIVERS\psched.sys
17:28:50.0171 3324 PSched - ok
17:28:50.0218 3324 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink J:\WINDOWS\system32\DRIVERS\ptilink.sys
17:28:50.0234 3324 Ptilink - ok
17:28:50.0250 3324 [ FAA729E2E2FD3AFB8DF7A45DE8769CC3 ] PxHelp20 J:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:28:50.0265 3324 PxHelp20 - ok
17:28:50.0265 3324 ql1080 - ok
17:28:50.0281 3324 Ql10wnt - ok
17:28:50.0281 3324 ql12160 - ok
17:28:50.0296 3324 ql1240 - ok
17:28:50.0296 3324 ql1280 - ok
17:28:50.0312 3324 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd J:\WINDOWS\system32\DRIVERS\rasacd.sys
17:28:50.0328 3324 RasAcd - ok
17:28:50.0343 3324 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto J:\WINDOWS\System32\rasauto.dll
17:28:50.0343 3324 RasAuto - ok
17:28:50.0375 3324 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp J:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:28:50.0406 3324 Rasl2tp - ok
17:28:50.0484 3324 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan J:\WINDOWS\System32\rasmans.dll
17:28:50.0484 3324 RasMan - ok
17:28:50.0515 3324 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe J:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:28:50.0515 3324 RasPppoe - ok
17:28:50.0546 3324 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti J:\WINDOWS\system32\DRIVERS\raspti.sys
17:28:50.0546 3324 Raspti - ok
17:28:50.0593 3324 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss J:\WINDOWS\system32\DRIVERS\rdbss.sys
17:28:50.0625 3324 Rdbss - ok
17:28:50.0656 3324 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD J:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:28:50.0656 3324 RDPCDD - ok
17:28:50.0671 3324 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr J:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:28:50.0687 3324 rdpdr - ok
17:28:50.0718 3324 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD J:\WINDOWS\system32\drivers\RDPWD.sys
17:28:50.0718 3324 RDPWD - ok
17:28:50.0750 3324 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr J:\WINDOWS\system32\sessmgr.exe
17:28:50.0750 3324 RDSessMgr - ok
17:28:50.0781 3324 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook J:\WINDOWS\system32\DRIVERS\redbook.sys
17:28:50.0796 3324 redbook - ok
17:28:50.0843 3324 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess J:\WINDOWS\System32\mprdim.dll
17:28:50.0843 3324 RemoteAccess - ok
17:28:50.0890 3324 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry J:\WINDOWS\system32\regsvc.dll
17:28:50.0890 3324 RemoteRegistry - ok
17:28:50.0921 3324 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator J:\WINDOWS\System32\locator.exe
17:28:50.0921 3324 RpcLocator - ok
17:28:50.0953 3324 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs J:\WINDOWS\System32\rpcss.dll
17:28:50.0953 3324 RpcSs - ok
17:28:51.0015 3324 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP J:\WINDOWS\System32\rsvp.exe
17:28:51.0031 3324 RSVP - ok
17:28:51.0031 3324 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs J:\WINDOWS\system32\lsass.exe
17:28:51.0031 3324 SamSs - ok
17:28:51.0062 3324 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr J:\WINDOWS\System32\SCardSvr.exe
17:28:51.0062 3324 SCardSvr - ok
17:28:51.0093 3324 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule J:\WINDOWS\system32\schedsvc.dll
17:28:51.0109 3324 Schedule - ok
17:28:51.0156 3324 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv J:\WINDOWS\system32\DRIVERS\secdrv.sys
17:28:51.0156 3324 Secdrv - ok
17:28:51.0171 3324 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon J:\WINDOWS\System32\seclogon.dll
17:28:51.0171 3324 seclogon - ok
17:28:51.0187 3324 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS J:\WINDOWS\system32\sens.dll
17:28:51.0203 3324 SENS - ok
17:28:51.0218 3324 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum J:\WINDOWS\system32\DRIVERS\serenum.sys
17:28:51.0218 3324 serenum - ok
17:28:51.0218 3324 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial J:\WINDOWS\system32\DRIVERS\serial.sys
17:28:51.0234 3324 Serial - ok
17:28:51.0265 3324 [ 00DE597B81B381053CB5B21A7F20E365 ] sfdrv01 J:\WINDOWS\system32\drivers\sfdrv01.sys
17:28:51.0265 3324 sfdrv01 - ok
17:28:51.0281 3324 [ 64B9AB76F1B16EB059CB6CDD906C067A ] sfhlp02 J:\WINDOWS\system32\drivers\sfhlp02.sys
17:28:51.0281 3324 sfhlp02 - ok
17:28:51.0312 3324 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy J:\WINDOWS\system32\drivers\Sfloppy.sys
17:28:51.0312 3324 Sfloppy - ok
17:28:51.0328 3324 [ 798D918D8F20380008277CE3CE5319D1 ] sfsync02 J:\WINDOWS\system32\drivers\sfsync02.sys
17:28:51.0328 3324 sfsync02 - ok
17:28:51.0359 3324 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess J:\WINDOWS\System32\ipnathlp.dll
17:28:51.0359 3324 SharedAccess - ok
17:28:51.0390 3324 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection J:\WINDOWS\System32\shsvcs.dll
17:28:51.0390 3324 ShellHWDetection - ok
17:28:51.0406 3324 Simbad - ok
17:28:51.0421 3324 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver J:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
17:28:51.0437 3324 SmartDefragDriver - ok
17:28:51.0437 3324 Sparrow - ok
17:28:51.0468 3324 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter J:\WINDOWS\system32\drivers\splitter.sys
17:28:51.0468 3324 splitter - ok
17:28:51.0500 3324 [ 60784F891563FB1B767F70117FC2428F ] Spooler J:\WINDOWS\system32\spoolsv.exe
17:28:51.0500 3324 Spooler - ok
17:28:51.0515 3324 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr J:\WINDOWS\system32\DRIVERS\sr.sys
17:28:51.0515 3324 sr - ok
17:28:51.0531 3324 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice J:\WINDOWS\system32\srsvc.dll
17:28:51.0546 3324 srservice - ok
17:28:51.0609 3324 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP J:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
17:28:51.0687 3324 SRTSP - ok
17:28:51.0703 3324 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX J:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
17:28:51.0703 3324 SRTSPX - ok
17:28:51.0718 3324 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv J:\WINDOWS\system32\DRIVERS\srv.sys
17:28:51.0734 3324 Srv - ok
17:28:51.0765 3324 [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus J:\WINDOWS\system32\DRIVERS\sscebus.sys
17:28:51.0765 3324 sscebus - ok
17:28:51.0781 3324 [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl J:\WINDOWS\system32\DRIVERS\sscemdfl.sys
17:28:51.0781 3324 sscemdfl - ok
17:28:51.0812 3324 [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm J:\WINDOWS\system32\DRIVERS\sscemdm.sys
17:28:51.0812 3324 sscemdm - ok
17:28:51.0828 3324 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV J:\WINDOWS\System32\ssdpsrv.dll
17:28:51.0843 3324 SSDPSRV - ok
17:28:51.0843 3324 SSPORT - ok
17:28:51.0875 3324 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc J:\WINDOWS\system32\wiaservc.dll
17:28:51.0875 3324 stisvc - ok
17:28:51.0937 3324 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum J:\WINDOWS\system32\DRIVERS\swenum.sys
17:28:51.0937 3324 swenum - ok
17:28:51.0953 3324 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi J:\WINDOWS\system32\drivers\swmidi.sys
17:28:51.0953 3324 swmidi - ok
17:28:51.0968 3324 SwPrv - ok
17:28:51.0984 3324 symc810 - ok
17:28:51.0984 3324 symc8xx - ok
17:28:52.0031 3324 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS J:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
17:28:52.0046 3324 SymDS - ok
17:28:52.0078 3324 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA J:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
17:28:52.0093 3324 SymEFA - ok
17:28:52.0140 3324 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent J:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:28:52.0171 3324 SymEvent - ok
17:28:52.0187 3324 SYMFW - ok
17:28:52.0187 3324 SYMIDS - ok
17:28:52.0218 3324 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON J:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
17:28:52.0218 3324 SymIRON - ok
17:28:52.0234 3324 SYMNDIS - ok
17:28:52.0265 3324 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI J:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
17:28:52.0265 3324 SYMTDI - ok
17:28:52.0281 3324 sym_hi - ok
17:28:52.0281 3324 sym_u3 - ok
17:28:52.0312 3324 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio J:\WINDOWS\system32\drivers\sysaudio.sys
17:28:52.0312 3324 sysaudio - ok
17:28:52.0328 3324 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog J:\WINDOWS\system32\smlogsvc.exe
17:28:52.0343 3324 SysmonLog - ok
17:28:52.0359 3324 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv J:\WINDOWS\System32\tapisrv.dll
17:28:52.0421 3324 TapiSrv - ok
17:28:52.0468 3324 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip J:\WINDOWS\system32\DRIVERS\tcpip.sys
17:28:52.0484 3324 Tcpip - ok
17:28:52.0531 3324 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE J:\WINDOWS\system32\drivers\TDPIPE.sys
17:28:52.0531 3324 TDPIPE - ok
17:28:52.0546 3324 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP J:\WINDOWS\system32\drivers\TDTCP.sys
17:28:52.0546 3324 TDTCP - ok
17:28:52.0593 3324 [ 88155247177638048422893737429D9E ] TermDD J:\WINDOWS\system32\DRIVERS\termdd.sys
17:28:52.0593 3324 TermDD - ok
17:28:52.0640 3324 [ FF3477C03BE7201C294C35F684B3479F ] TermService J:\WINDOWS\System32\termsrv.dll
17:28:52.0640 3324 TermService - ok
17:28:52.0656 3324 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes J:\WINDOWS\System32\shsvcs.dll
17:28:52.0656 3324 Themes - ok
17:28:52.0703 3324 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr J:\WINDOWS\System32\tlntsvr.exe
17:28:52.0718 3324 TlntSvr - ok
17:28:52.0718 3324 TosIde - ok
17:28:52.0734 3324 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks J:\WINDOWS\system32\trkwks.dll
17:28:52.0750 3324 TrkWks - ok
17:28:52.0765 3324 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs J:\WINDOWS\system32\drivers\Udfs.sys
17:28:52.0765 3324 Udfs - ok
17:28:52.0781 3324 ultra - ok
17:28:52.0812 3324 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update J:\WINDOWS\system32\DRIVERS\update.sys
17:28:52.0828 3324 Update - ok
17:28:52.0843 3324 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost J:\WINDOWS\System32\upnphost.dll
17:28:52.0859 3324 upnphost - ok
17:28:52.0859 3324 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS J:\WINDOWS\System32\ups.exe
17:28:52.0875 3324 UPS - ok
17:28:52.0921 3324 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp J:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:28:52.0921 3324 usbccgp - ok
17:28:52.0937 3324 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci J:\WINDOWS\system32\DRIVERS\usbehci.sys
17:28:52.0937 3324 usbehci - ok
17:28:53.0000 3324 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub J:\WINDOWS\system32\DRIVERS\usbhub.sys
17:28:53.0000 3324 usbhub - ok
17:28:53.0015 3324 [ A717C8721046828520C9EDF31288FC00 ] usbprint J:\WINDOWS\system32\DRIVERS\usbprint.sys
17:28:53.0031 3324 usbprint - ok
17:28:53.0062 3324 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan J:\WINDOWS\system32\DRIVERS\usbscan.sys
17:28:53.0078 3324 usbscan - ok
17:28:53.0125 3324 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor J:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:28:53.0125 3324 usbstor - ok
17:28:53.0140 3324 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci J:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:28:53.0156 3324 usbuhci - ok
17:28:53.0187 3324 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave J:\WINDOWS\System32\drivers\vga.sys
17:28:53.0187 3324 VgaSave - ok
17:28:53.0203 3324 ViaIde - ok
17:28:53.0218 3324 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap J:\WINDOWS\system32\drivers\VolSnap.sys
17:28:53.0218 3324 VolSnap - ok
17:28:53.0281 3324 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS J:\WINDOWS\System32\vssvc.exe
17:28:53.0296 3324 VSS - ok
17:28:53.0328 3324 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time J:\WINDOWS\system32\w32time.dll
17:28:53.0328 3324 W32Time - ok
17:28:53.0375 3324 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp J:\WINDOWS\system32\DRIVERS\wanarp.sys
17:28:53.0406 3324 Wanarp - ok
17:28:53.0421 3324 WDICA - ok
17:28:53.0453 3324 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud J:\WINDOWS\system32\drivers\wdmaud.sys
17:28:53.0453 3324 wdmaud - ok
17:28:53.0484 3324 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient J:\WINDOWS\System32\webclnt.dll
17:28:53.0500 3324 WebClient - ok
17:28:53.0593 3324 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt J:\WINDOWS\system32\wbem\WMIsvc.dll
17:28:53.0593 3324 winmgmt - ok
17:28:53.0656 3324 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN J:\WINDOWS\system32\MsPMSNSv.dll
17:28:53.0656 3324 WmdmPmSN - ok
17:28:53.0703 3324 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi J:\WINDOWS\System32\advapi32.dll
17:28:53.0718 3324 Wmi - ok
17:28:53.0750 3324 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv J:\WINDOWS\System32\wbem\wmiapsrv.exe
17:28:53.0750 3324 WmiApSrv - ok
17:28:53.0875 3324 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc J:\Program Files\Windows Media Player\WMPNetwk.exe
17:28:53.0906 3324 WMPNetworkSvc - ok
17:28:53.0968 3324 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 J:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:28:54.0000 3324 WPFFontCache_v0400 - ok
17:28:54.0046 3324 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL J:\WINDOWS\System32\drivers\ws2ifsl.sys
17:28:54.0062 3324 WS2IFSL - ok
17:28:54.0093 3324 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc J:\WINDOWS\system32\wscsvc.dll
17:28:54.0109 3324 wscsvc - ok
17:28:54.0140 3324 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv J:\WINDOWS\system32\wuauserv.dll
17:28:54.0140 3324 wuauserv - ok
17:28:54.0171 3324 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf J:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:28:54.0171 3324 WudfPf - ok
17:28:54.0203 3324 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd J:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:28:54.0203 3324 WudfRd - ok
17:28:54.0218 3324 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc J:\WINDOWS\System32\WUDFSvc.dll
17:28:54.0218 3324 WudfSvc - ok
17:28:54.0250 3324 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC J:\WINDOWS\System32\wzcsvc.dll
17:28:54.0265 3324 WZCSVC - ok
17:28:54.0328 3324 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov J:\WINDOWS\System32\xmlprov.dll
17:28:54.0328 3324 xmlprov - ok
17:28:54.0343 3324 ================ Scan global ===============================
17:28:54.0375 3324 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] J:\WINDOWS\system32\basesrv.dll
17:28:54.0468 3324 [ 8C7DCA4B158BF16894120786A7A5F366 ] J:\WINDOWS\system32\winsrv.dll
17:28:54.0484 3324 [ 8C7DCA4B158BF16894120786A7A5F366 ] J:\WINDOWS\system32\winsrv.dll
17:28:54.0515 3324 [ 65DF52F5B8B6E9BBD183505225C37315 ] J:\WINDOWS\system32\services.exe
17:28:54.0515 3324 [Global] - ok
17:28:54.0515 3324 ================ Scan MBR ==================================
17:28:54.0531 3324 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:28:54.0546 3324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:28:54.0546 3324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:28:54.0578 3324 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:28:54.0953 3324 \Device\Harddisk1\DR1 - ok
17:28:54.0953 3324 ================ Scan VBR ==================================
17:28:54.0968 3324 [ 04CA63503D47E2FE5A8F9E87718B99DD ] \Device\Harddisk0\DR0\Partition1
17:28:54.0968 3324 \Device\Harddisk0\DR0\Partition1 - ok
17:28:54.0968 3324 [ EDC5DFF516ECCC241E9F9A05B4F23BA3 ] \Device\Harddisk1\DR1\Partition1
17:28:54.0968 3324 \Device\Harddisk1\DR1\Partition1 - ok
17:28:54.0968 3324 ============================================================
17:28:54.0968 3324 Scan finished
17:28:54.0968 3324 ============================================================
17:28:54.0984 1888 Detected object count: 1
17:28:54.0984 1888 Actual detected object count: 1
17:29:15.0046 1888 \Device\Harddisk0\DR0\# - copied to quarantine
17:29:15.0046 1888 \Device\Harddisk0\DR0 - copied to quarantine
17:29:15.0093 1888 \Device\Harddisk0\DR0 - processing error
17:29:20.0312 1888 \Device\Harddisk0\DR0 - will be restored on reboot
17:29:21.0375 1888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure Restore
17:29:35.0921 3544 Deinitialize success
  • 0

#18
gringo_pr
Posted 12 November 2012 - 06:11 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#19
Rtermite
Posted 12 November 2012 - 07:48 PM

Rtermite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I had to run CFScript into Combofix under safe mode again to get it to run.

Here's ComboFix.txt;

ComboFix 12-11-12.03 - Robert Hotte 11/12/2012 20:20:51.6.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1654 [GMT -5:00]
Running from: j:\documents and settings\Robert Hotte\Desktop\ComboFix.exe
Command switches used :: j:\documents and settings\Robert Hotte\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))
.
.
2012-11-12 21:11 . 2012-11-12 21:11 -------- d-----w- J:\TDSSKiller_Quarantine
2012-11-08 22:48 . 2012-11-08 22:48 -------- d-----w- j:\documents and settings\LocalService\Application Data\Malwarebytes
2012-11-07 01:36 . 2012-11-07 01:36 -------- d-----w- j:\documents and settings\Robert Hotte\Application Data\Tific
2012-11-03 19:28 . 2012-11-03 23:23 -------- d-----w- j:\documents and settings\Robert Hotte\Application Data\System
2012-10-20 20:09 . 2012-10-20 20:09 -------- d-----w- J:\VLC
2012-10-18 00:45 . 2012-05-08 22:35 29528 ----a-w- j:\windows\system32\SmartDefragBootTime.exe
2012-10-18 00:44 . 2010-11-26 22:02 14776 ----a-w- j:\windows\system32\drivers\SmartDefragDriver.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 23:54 . 2009-04-18 01:37 22856 ----a-w- j:\windows\system32\drivers\mbam.sys
2012-08-28 15:14 . 2002-08-29 12:00 916992 ----a-w- j:\windows\system32\wininet.dll
2012-08-28 15:14 . 2002-08-29 12:00 43520 ----a-w- j:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2002-08-29 12:00 1469440 ------w- j:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2009-04-18 01:31 385024 ----a-w- j:\windows\system32\html.iec
2012-08-26 12:56 . 2012-08-26 12:56 121248 ----a-w- j:\windows\system32\drivers\AnyDVD.sys
2012-08-24 13:53 . 2002-08-29 12:00 177664 ----a-w- j:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2002-08-29 12:00 2148864 ----a-w- j:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2027520 ----a-w- j:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="j:\samsung new pc studio\NPSAgent.exe" [2010-07-04 95576]
"AnyDVD"="j:\anydvd\AnyDVDtray.exe" [2012-08-29 6315680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2009-03-04 19456]
"GrooveMonitor"="j:\microsoft office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IntelliType"="j:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"Samsung PanelMgr"="j:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-19 536576]
"StorageGuard"="j:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
"CloneCDTray"="j:\clonecd\CloneCDTray.exe" [2009-01-29 57344]
"NvCplDaemon"="j:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-10 108352]
"nwiz"="j:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1634112]
"SunJavaUpdateSched"="j:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="j:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="j:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="j:\quicktime\qttask.exe" [2012-04-19 421888]
.
j:\documents and settings\Robert Hotte\Start Menu\Programs\Startup\
WKCALREM.LNK - j:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-7-10 24651]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"j:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"j:\\Microsoft Office\\Office12\\GROOVE.EXE"=
"j:\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"j:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"j:\\samsung new pc studio\\npsasvr.exe"=
"j:\\samsung new pc studio\\npsvsvr.exe"=
"j:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"j:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;j:\windows\system32\drivers\SmartDefragDriver.sys [10/17/2012 7:44 PM 14776]
R0 SymDS;Symantec Data Store;j:\windows\system32\drivers\N360\0502020.003\symds.sys [7/16/2012 4:59 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;j:\windows\system32\drivers\N360\0502020.003\symefa.sys [7/16/2012 4:59 PM 744568]
S1 BHDrvx86;BHDrvx86;j:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx86.sys [11/5/2012 12:20 PM 995488]
S1 SymIRON;Symantec Iron Driver;j:\windows\system32\drivers\N360\0502020.003\ironx86.sys [7/16/2012 4:59 PM 136312]
S2 FsUsbExService;FsUsbExService;j:\windows\system32\FsUsbExService.Exe [8/13/2010 2:37 PM 238952]
S2 MBAMScheduler;MBAMScheduler;j:\malwarebytes' anti-malware\mbamscheduler.exe [10/31/2012 5:35 PM 399432]
S2 MBAMService;MBAMService;j:\malwarebytes' anti-malware\mbamservice.exe [4/17/2009 8:37 PM 676936]
S2 N360;Norton Security Suite;j:\program files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [7/16/2012 4:59 PM 130008]
S2 SSPORT;SSPORT;\??\j:\windows\system32\Drivers\SSPORT.sys --> j:\windows\system32\Drivers\SSPORT.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;j:\windows\system32\drivers\COMMONFX.sys [3/4/2009 1:42 PM 99352]
S3 COMMONFX;COMMONFX;j:\windows\system32\drivers\COMMONFX.sys [3/4/2009 1:42 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;j:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [4/17/2009 10:23 PM 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;j:\windows\system32\drivers\CTAUDFX.sys [3/4/2009 1:42 PM 555032]
S3 CTAUDFX;CTAUDFX;j:\windows\system32\drivers\CTAUDFX.sys [3/4/2009 1:42 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;j:\windows\system32\drivers\CTERFXFX.sys [3/4/2009 1:42 PM 100888]
S3 CTERFXFX;CTERFXFX;j:\windows\system32\drivers\CTERFXFX.sys [3/4/2009 1:42 PM 100888]
S3 ctgame;Game Port;j:\windows\system32\drivers\ctgame.sys [3/4/2009 1:45 PM 18840]
S3 CTSBLFX.SYS;CTSBLFX.SYS;j:\windows\system32\drivers\CTSBLFX.sys [3/4/2009 1:42 PM 566296]
S3 CTSBLFX;CTSBLFX;j:\windows\system32\drivers\CTSBLFX.sys [3/4/2009 1:42 PM 566296]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;j:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 2:57 PM 106656]
S3 FsUsbExDisk;FsUsbExDisk;j:\windows\system32\FsUsbExDisk.Sys [8/13/2010 2:37 PM 36608]
S3 IDSxpx86;IDSxpx86;j:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121109.001\IDSXpx86.sys [11/9/2012 5:28 PM 373728]
S3 MBAMProtector;MBAMProtector;j:\windows\system32\drivers\mbam.sys [4/17/2009 8:37 PM 22856]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);j:\windows\system32\drivers\sscebus.sys [8/13/2010 2:38 PM 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;j:\windows\system32\drivers\sscemdfl.sys [8/13/2010 2:38 PM 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;j:\windows\system32\drivers\sscemdm.sys [8/13/2010 2:38 PM 123648]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-13 j:\windows\Tasks\SmartDefragUpdate.job
- j:\smart defrag 2\AutoUpdate.exe [2012-10-18 15:06]
.
2012-11-13 j:\windows\Tasks\SmartDefrag_Startup.job
- j:\smart defrag 2\SmartDefrag.exe [2012-06-28 15:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://registration.excite.com/excitereg/login.jsp
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - j:\micros~1\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://j:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: Microsoft XML Parser for Java - file://j:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-12 20:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"j:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"j:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-507921405-1682526488-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1188)
j:\windows\system32\WININET.dll
j:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
j:\windows\system32\ieframe.dll
.
Completion time: 2012-11-12 20:35:35
ComboFix-quarantined-files.txt 2012-11-13 01:35
ComboFix2.txt 2012-11-12 20:22
.
Pre-Run: 153,954,516,992 bytes free
Post-Run: 153,938,628,608 bytes free
.
- - End Of File - - EAB2D7614DED5C17C3071DDF8011D31A
  • 0

#20
gringo_pr
Posted 12 November 2012 - 09:52 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Rtermite


I would like to know how the computer is doing now?



extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#21
Rtermite
Posted 12 November 2012 - 10:43 PM

Rtermite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Seems abit better, last time Malwarebytes Quarantined trojan.agent was 1:28 pm today and found it in Garmin nakuey.dll
Also Malwarebytes Quarantined Exploit.Drop.9 at 6:28 pm today but that was in temp directory while I was online so that might have been new attack.

Add-Remove Programs.txt;

7-Zip 4.65
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2)
Any Video Converter 2.7.5
AnyDVD
Apple Application Support
Apple Software Update
Audacity 1.2.6
BurnAware Free 5.0.1
Call of Duty® 4 - Modern Warfare™
Canon Camera WIA Driver
Canon EOS 20D WIA Driver
Canon Utilities EOS Capture 1.2
Canon Utilities EOS Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
CloneCD
CloneDVD2
Corel WordPerfect Suite 8
Creative Audio Console
Crystal Reports Basic Runtime for Visual Studio 2008
ELCSoft
EOS Capture 1.2
EOS Viewer Utility 1.2.1
FastStone Image Viewer 4.6
Garmin BaseCamp
Garmin City Navigator North America NT 2010.40
Garmin City Navigator NorthAmerica NT 2013.30 Update
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Innova OBD PC-Link
Intel® PRO Network Adapters and Drivers
Java Auto Updater
Java™ 6 Update 31
Lernout & Hauspie TruVoice American English TTS Engine
Logitech MouseWare 9.79
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 2.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Move Media Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Norton Security Suite
NVIDIA Control Panel 295.73
NVIDIA Graphics Driver 295.73
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA nView Desktop Manager
NVIDIA Update 1.7.11
NVIDIA Update Components
OBD-PC Link
OGA Notifier 2.0.0048.0
PhotoStitch
QuickTime
Ricochet Xtreme
Samsung ML-2850 Series
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sid Meier's Pirates!
Silent Hunter III
Smart Defrag 2
SSA Benefit Calculator
The Keyed CD Edition of The LogixPro Simulator
Ulead CD & DVD PictureShow 4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 CARD READER Icons and Drivers
VERITAS RecordNow DX
VERITAS RecordNow DX Update Manager
VLC media player 2.0.3
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Works Suite OS Pack
XML Paper Specification Shared Components Pack 1.0
  • 0

#22
gringo_pr
Posted 12 November 2012 - 10:51 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 31 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#23
Rtermite
Posted 13 November 2012 - 09:07 AM

Rtermite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Computer status seems to have changed for better after running these items. First time I logged on here to forums it was taking forever to load pages and finally asked if I wanted to stop script from running ( I was seeing ads in messages). This time pages loaded quick without ads.

Removed Java 6 update with add/remove as Revo Uninstaller Free linked to 30 day trial of Revo Uninstall Pro, might have gone to freeware after trial but wasn't sure so did easy way. Rest ran great and here's logs

Mbam-log

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.13.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Robert Hotte :: BOBSCOMPUTER [administrator]

Protection: Enabled

11/13/2012 9:48:52 AM
mbam-log-2012-11-13 (09-48-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 261220
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


hijackthis.log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:58:01 AM, on 11/13/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Creative\Shared Files\CTAudSvc.exe
J:\WINDOWS\system32\FsUsbExService.Exe
J:\Malwarebytes' Anti-Malware\mbamscheduler.exe
J:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
J:\WINDOWS\system32\nvsvc32.exe
J:\Smart Defrag 2\SmartDefrag.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\CTHELPER.EXE
J:\Microsoft Office\Office12\GrooveMonitor.exe
J:\Program Files\Microsoft Hardware\Keyboard\type32.exe
J:\Logitech\MouseWare\system\em_exec.exe
J:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
J:\WINDOWS\system32\RunDLL32.exe
J:\WINDOWS\system32\rundll32.exe
J:\samsung new pc studio\NPSAgent.exe
J:\AnyDVD\AnyDVDtray.exe
J:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
J:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
J:\Malwarebytes' Anti-Malware\mbamservice.exe
J:\Malwarebytes' Anti-Malware\mbamgui.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Java\jre7\bin\jqs.exe
J:\Documents and Settings\Robert Hotte\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://registration....tereg/login.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - J:\Program Files\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - J:\Program Files\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - J:\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - J:\Program Files\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "J:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliType] "J:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Samsung PanelMgr] J:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [StorageGuard] "J:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CloneCDTray] "J:\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] J:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Adobe ARM] "J:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "J:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "J:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] J:\samsung new pc studio\NPSAgent.exe
O4 - HKCU\..\Run: [AnyDVD] J:\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WKCALREM.LNK = J:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmi...xControl_32.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1240022564453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1243549532296
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - J:\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - J:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - J:\WINDOWS\System32\browseui.dll
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - J:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - J:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FsUsbExService - Teruten - J:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - J:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - J:\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - J:\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - J:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - J:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

--
End of file - 7614 bytes
  • 0

#24
gringo_pr
Posted 13 November 2012 - 11:55 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [GrooveMonitor] "J:\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [Samsung PanelMgr] J:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
      O4 - HKLM\..\Run: [StorageGuard] "J:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [CloneCDTray] "J:\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
      O4 - HKLM\..\Run: [nwiz] J:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
      O4 - HKLM\..\Run: [Adobe ARM] "J:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "J:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "J:\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [AutoStartNPSAgent] J:\samsung new pc studio\NPSAgent.exe
      O4 - HKCU\..\Run: [AnyDVD] J:\AnyDVD\AnyDVDtray.exe
      O4 - Startup: WKCALREM.LNK = J:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
  • 0

#25
Rtermite
Posted 14 November 2012 - 10:30 AM

Rtermite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry for delay. All yesterday when I tried to Run ESET Online Scanner it asked for Proxy settings when it was trying to D/L virus signature database. I don't use a proxy so I was stuck at that point. Retried this morning and all was it ran fine.

On removing unneeded start-up processes I just used feature in Norton Security Suite that lets me do so and if I find later I like them so some reason can just check again and select ones I like.

Ran Eset and it found 8 items, here's the log;

C:\bob\Software\vpholdemzip.exe probably a variant of Win32/Spy.KeyLogger.EJLZNEM trojan
C:\bob\Windowspak3\Malware\VirtumundoBeGone.exe Win32/PrcView application
J:\bob\software\vpholdemzip.exe probably a variant of Win32/Spy.KeyLogger.EJLZNEM trojan
J:\bob\software\Freeware\cnet_PCImageEdSetup_exe.exe a variant of Win32/InstallCore.D application
J:\bob\software\Freeware\cnet_pix470me_exe.exe a variant of Win32/InstallCore.D application
J:\bob\software\Freeware\defragsetup.exe a variant of Win32/ELEX application
J:\bob\software\Freeware\audacity\soundeffects_1291.exe a variant of Win32/InstallIQ application
J:\bob\Windowspak3\Malware\VirtumundoBeGone.exe Win32/PrcView application


I can delete all these files in Bob directory as they are files I have d/l and am not using at this time.
  • 0

Advertisements

#26
gringo_pr
Posted 14 November 2012 - 11:55 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\bob\Software\vpholdemzip.exe"
    del /f /s /q "C:\bob\Windowspak3\Malware\VirtumundoBeGone.exe"
    del /f /s /q "J:\bob\software\vpholdemzip.exe"
    del /f /s /q "J:\bob\software\Freeware\cnet_PCImageEdSetup_exe.exe"
    del /f /s /q "J:\bob\software\Freeware\cnet_pix470me_exe.exe"
    del /f /s /q "J:\bob\software\Freeware\defragsetup.exe"
    del /f /s /q "J:\bob\software\Freeware\audacity\soundeffects_1291.exe"
    del /f /s /q "J:\bob\Windowspak3\Malware\VirtumundoBeGone.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
  • 0

#27
Rtermite
Posted 14 November 2012 - 01:13 PM

Rtermite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Read and did all steps, created new restore point now that clean. Will drop you a line in couple days and let you know how things going. Am going to look at programs you use as only using Norton as if came free with ISP. Am already using trial period of paid version MBAM and am going to buy as soon as trial is over. Thanks again
  • 0

#28
gringo_pr
Posted 14 November 2012 - 01:36 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
you are more than welcome


gringo
  • 0

#29
gringo_pr
Posted 17 November 2012 - 05:27 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP