Sign In
Create Account
1
Attached Files
-
Attach.txt 29.16K
13 downloads
-
DDS.txt 25.06K
14 downloads
-
This topic is locked
#1
Posted 30 July 2012 - 02:50 AM
-
- Members
-
- 6 posts
New Member
my computer keeps crashing and i found a trojan with malwarebytes but can't seem to get rid off it
Back to top
#2
Posted 30 July 2012 - 06:32 AM
-
- Experts
-
- 16,958 posts
Forum Deity
- Gender:Male
- Location:Bulgaria, EU
Hello zaylol and 
! My name is Maniac and I will be glad to help you solve your malware problem.
Please note:
BACKDOOR WARNING
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.
Step 1
Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall avast! Free Antivirus and to keep Norton Internet Security only if you have license for Norton Internet Security, if not uninstall it and keep avast! Free Antivirus . Finally, reboot your PC.
Step 2
Download the latest version of TDSSKiller from here and save it to your Desktop.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Step 3
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
In your next reply, post the following log files:
! My name is Maniac and I will be glad to help you solve your malware problem.Please note:
- If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
- I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
- Make sure you read all of the instructions and fixes thoroughly before continuing with them.
- Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
- Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
BACKDOOR WARNING
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.
Step 1
Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall avast! Free Antivirus and to keep Norton Internet Security only if you have license for Norton Internet Security, if not uninstall it and keep avast! Free Antivirus . Finally, reboot your PC.
Step 2
Download the latest version of TDSSKiller from here and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Step 3
- Launch Malwarebytes' Anti-Malware
- Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
- Go to Scanner tab and select Perform Quick Scan, then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
In your next reply, post the following log files:
- TDSSKiller log
- Malwarebytes' Anti-Malware log
- a new fresh DDS log file
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here 
#3
Posted 30 July 2012 - 02:14 PM
-
- Members
-
- 6 posts
New Member
Thank you for the fast responde! Here are the logs!
14:35:54.0040 1664 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:35:54.0305 1664 ============================================================
14:35:54.0305 1664 Current date / time: 2012/07/30 14:35:54.0305
14:35:54.0305 1664 SystemInfo:
14:35:54.0305 1664
14:35:54.0305 1664 OS Version: 6.1.7600 ServicePack: 0.0
14:35:54.0305 1664 Product type: Workstation
14:35:54.0305 1664 ComputerName: ALEX-PC
14:35:54.0305 1664 UserName: alex
14:35:54.0305 1664 Windows directory: C:\Windows
14:35:54.0305 1664 System windows directory: C:\Windows
14:35:54.0305 1664 Running under WOW64
14:35:54.0305 1664 Processor architecture: Intel x64
14:35:54.0305 1664 Number of processors: 2
14:35:54.0305 1664 Page size: 0x1000
14:35:54.0305 1664 Boot type: Safe boot with network
14:35:54.0305 1664 ============================================================
14:35:55.0896 1664 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
14:35:55.0912 1664 ============================================================
14:35:55.0912 1664 \Device\Harddisk0\DR0:
14:35:55.0927 1664 MBR partitions:
14:35:55.0927 1664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:35:55.0927 1664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
14:35:55.0927 1664 ============================================================
14:35:55.0974 1664 C: <-> \Device\Harddisk0\DR0\Partition1
14:35:55.0974 1664 ============================================================
14:35:55.0974 1664 Initialize success
14:35:55.0974 1664 ============================================================
14:36:35.0395 1684 ============================================================
14:36:35.0395 1684 Scan started
14:36:35.0395 1684 Mode: Manual; SigCheck; TDLFS;
14:36:35.0395 1684 ============================================================
14:36:36.0518 1684 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:36:36.0596 1684 1394ohci - ok
14:36:36.0659 1684 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:36:36.0674 1684 ACPI - ok
14:36:36.0706 1684 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:36:36.0752 1684 AcpiPmi - ok
14:36:36.0908 1684 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:36:36.0908 1684 AdobeARMservice - ok
14:36:37.0064 1684 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:36:37.0096 1684 AdobeFlashPlayerUpdateSvc - ok
14:36:37.0158 1684 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:36:37.0174 1684 adp94xx - ok
14:36:37.0236 1684 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:36:37.0252 1684 adpahci - ok
14:36:37.0283 1684 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:36:37.0298 1684 adpu320 - ok
14:36:37.0345 1684 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:36:37.0486 1684 AeLookupSvc - ok
14:36:37.0579 1684 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
14:36:37.0626 1684 AFD - ok
14:36:37.0688 1684 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:36:37.0704 1684 agp440 - ok
14:36:37.0720 1684 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:36:37.0766 1684 ALG - ok
14:36:37.0782 1684 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:36:37.0798 1684 aliide - ok
14:36:37.0876 1684 AMD External Events Utility (ee048ef96ee7f7fdf1dce45c9ebbf19a) C:\Windows\system32\atiesrxx.exe
14:36:37.0938 1684 AMD External Events Utility - ok
14:36:37.0954 1684 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:36:37.0969 1684 amdide - ok
14:36:38.0000 1684 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:36:38.0032 1684 AmdK8 - ok
14:36:38.0375 1684 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
14:36:38.0531 1684 amdkmdag - ok
14:36:38.0765 1684 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys
14:36:38.0796 1684 amdkmdap - ok
14:36:38.0874 1684 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:36:38.0905 1684 AmdPPM - ok
14:36:38.0936 1684 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:36:38.0952 1684 amdsata - ok
14:36:38.0983 1684 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:36:38.0999 1684 amdsbs - ok
14:36:38.0999 1684 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:36:39.0014 1684 amdxata - ok
14:36:39.0046 1684 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:36:39.0124 1684 AppID - ok
14:36:39.0170 1684 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:36:39.0217 1684 AppIDSvc - ok
14:36:39.0248 1684 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
14:36:39.0280 1684 Appinfo - ok
14:36:39.0420 1684 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:36:39.0436 1684 Apple Mobile Device - ok
14:36:39.0482 1684 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:36:39.0498 1684 arc - ok
14:36:39.0514 1684 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:36:39.0529 1684 arcsas - ok
14:36:39.0560 1684 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:36:39.0607 1684 AsyncMac - ok
14:36:39.0623 1684 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:36:39.0638 1684 atapi - ok
14:36:39.0748 1684 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:36:39.0810 1684 AudioEndpointBuilder - ok
14:36:39.0810 1684 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:36:39.0841 1684 AudioSrv - ok
14:36:39.0888 1684 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
14:36:39.0950 1684 AxInstSV - ok
14:36:40.0028 1684 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:36:40.0075 1684 b06bdrv - ok
14:36:40.0169 1684 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:36:40.0200 1684 b57nd60a - ok
14:36:40.0278 1684 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:36:40.0309 1684 BDESVC - ok
14:36:40.0325 1684 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:36:40.0372 1684 Beep - ok
14:36:40.0434 1684 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
14:36:40.0496 1684 BFE - ok
14:36:40.0730 1684 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
14:36:40.0793 1684 BHDrvx64 - ok
14:36:41.0027 1684 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
14:36:41.0136 1684 BITS - ok
14:36:41.0261 1684 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:36:41.0292 1684 blbdrive - ok
14:36:41.0448 1684 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:36:41.0464 1684 Bonjour Service - ok
14:36:41.0526 1684 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:36:41.0557 1684 bowser - ok
14:36:41.0588 1684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:36:41.0620 1684 BrFiltLo - ok
14:36:41.0635 1684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:36:41.0651 1684 BrFiltUp - ok
14:36:41.0729 1684 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
14:36:41.0760 1684 Browser - ok
14:36:41.0807 1684 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:36:41.0854 1684 Brserid - ok
14:36:41.0885 1684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:36:41.0916 1684 BrSerWdm - ok
14:36:41.0932 1684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:36:41.0963 1684 BrUsbMdm - ok
14:36:41.0978 1684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:36:41.0994 1684 BrUsbSer - ok
14:36:42.0010 1684 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:36:42.0025 1684 BTHMODEM - ok
14:36:42.0088 1684 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:36:42.0119 1684 bthserv - ok
14:36:42.0244 1684 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
14:36:42.0259 1684 ccHP - ok
14:36:42.0275 1684 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:36:42.0322 1684 cdfs - ok
14:36:42.0353 1684 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:36:42.0384 1684 cdrom - ok
14:36:42.0415 1684 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:36:42.0462 1684 CertPropSvc - ok
14:36:42.0493 1684 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:36:42.0509 1684 circlass - ok
14:36:42.0602 1684 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:36:42.0618 1684 CLFS - ok
14:36:42.0758 1684 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:36:42.0758 1684 clr_optimization_v2.0.50727_32 - ok
14:36:42.0883 1684 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:36:42.0899 1684 clr_optimization_v2.0.50727_64 - ok
14:36:43.0008 1684 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:36:43.0039 1684 clr_optimization_v4.0.30319_32 - ok
14:36:43.0071 1684 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:36:43.0102 1684 clr_optimization_v4.0.30319_64 - ok
14:36:43.0117 1684 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:36:43.0149 1684 CmBatt - ok
14:36:43.0195 1684 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:36:43.0195 1684 cmdide - ok
14:36:43.0273 1684 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
14:36:43.0320 1684 CNG - ok
14:36:43.0336 1684 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:36:43.0336 1684 Compbatt - ok
14:36:43.0383 1684 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:36:43.0398 1684 CompositeBus - ok
14:36:43.0398 1684 COMSysApp - ok
14:36:43.0429 1684 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:36:43.0429 1684 crcdisk - ok
14:36:43.0492 1684 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
14:36:43.0539 1684 CryptSvc - ok
14:36:43.0617 1684 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:36:43.0663 1684 DcomLaunch - ok
14:36:43.0741 1684 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:36:43.0788 1684 defragsvc - ok
14:36:43.0835 1684 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:36:43.0866 1684 DfsC - ok
14:36:43.0913 1684 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
14:36:43.0991 1684 Dhcp - ok
14:36:44.0053 1684 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:36:44.0100 1684 discache - ok
14:36:44.0131 1684 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:36:44.0147 1684 Disk - ok
14:36:44.0178 1684 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
14:36:44.0194 1684 Dnscache - ok
14:36:44.0256 1684 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
14:36:44.0303 1684 dot3svc - ok
14:36:44.0319 1684 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
14:36:44.0365 1684 DPS - ok
14:36:44.0428 1684 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:36:44.0443 1684 drmkaud - ok
14:36:44.0506 1684 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:36:44.0537 1684 DXGKrnl - ok
14:36:44.0599 1684 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:36:44.0646 1684 EapHost - ok
14:36:44.0833 1684 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:36:44.0911 1684 ebdrv - ok
14:36:45.0036 1684 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:36:45.0052 1684 eeCtrl - ok
14:36:45.0223 1684 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
14:36:45.0255 1684 EFS - ok
14:36:45.0364 1684 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
14:36:45.0411 1684 ehRecvr - ok
14:36:45.0473 1684 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:36:45.0504 1684 ehSched - ok
14:36:45.0676 1684 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:36:45.0691 1684 elxstor - ok
14:36:45.0707 1684 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:36:45.0738 1684 ErrDev - ok
14:36:45.0816 1684 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:36:45.0863 1684 EventSystem - ok
14:36:45.0910 1684 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:36:45.0957 1684 exfat - ok
14:36:45.0972 1684 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:36:46.0003 1684 fastfat - ok
14:36:46.0081 1684 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
14:36:46.0128 1684 Fax - ok
14:36:46.0175 1684 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:36:46.0206 1684 fdc - ok
14:36:46.0237 1684 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:36:46.0269 1684 fdPHost - ok
14:36:46.0284 1684 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:36:46.0315 1684 FDResPub - ok
14:36:46.0347 1684 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:36:46.0362 1684 FileInfo - ok
14:36:46.0378 1684 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:36:46.0393 1684 Filetrace - ok
14:36:46.0409 1684 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:36:46.0425 1684 flpydisk - ok
14:36:46.0440 1684 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:36:46.0456 1684 FltMgr - ok
14:36:46.0534 1684 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
14:36:46.0596 1684 FontCache - ok
14:36:46.0815 1684 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:36:46.0830 1684 FontCache3.0.0.0 - ok
14:36:46.0893 1684 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:36:46.0908 1684 FsDepends - ok
14:36:46.0939 1684 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
14:36:46.0939 1684 Fs_Rec - ok
14:36:47.0002 1684 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:36:47.0017 1684 fvevol - ok
14:36:47.0064 1684 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:36:47.0064 1684 gagp30kx - ok
14:36:47.0095 1684 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:36:47.0095 1684 GEARAspiWDM - ok
14:36:47.0205 1684 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
14:36:47.0236 1684 gpsvc - ok
14:36:47.0376 1684 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:36:47.0376 1684 gupdate - ok
14:36:47.0392 1684 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:36:47.0392 1684 gupdatem - ok
14:36:47.0407 1684 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:36:47.0439 1684 hcw85cir - ok
14:36:47.0485 1684 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:36:47.0517 1684 HDAudBus - ok
14:36:47.0517 1684 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:36:47.0532 1684 HidBatt - ok
14:36:47.0548 1684 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:36:47.0579 1684 HidBth - ok
14:36:47.0626 1684 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:36:47.0641 1684 HidIr - ok
14:36:47.0719 1684 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:36:47.0751 1684 hidserv - ok
14:36:47.0813 1684 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:36:47.0829 1684 HidUsb - ok
14:36:47.0907 1684 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
14:36:47.0938 1684 hkmsvc - ok
14:36:47.0969 1684 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
14:36:48.0000 1684 HomeGroupListener - ok
14:36:48.0063 1684 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
14:36:48.0094 1684 HomeGroupProvider - ok
14:36:48.0125 1684 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:36:48.0141 1684 HpSAMD - ok
14:36:48.0219 1684 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:36:48.0265 1684 HTTP - ok
14:36:48.0281 1684 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:36:48.0297 1684 hwpolicy - ok
14:36:48.0328 1684 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:36:48.0343 1684 i8042prt - ok
14:36:48.0406 1684 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:36:48.0421 1684 iaStorV - ok
14:36:48.0671 1684 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:36:48.0687 1684 idsvc - ok
14:36:48.0952 1684 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120722.001\IDSvia64.sys
14:36:48.0967 1684 IDSVia64 - ok
14:36:49.0170 1684 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:36:49.0186 1684 iirsp - ok
14:36:49.0279 1684 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
14:36:49.0342 1684 IKEEXT - ok
14:36:49.0357 1684 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:36:49.0357 1684 intelide - ok
14:36:49.0404 1684 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:36:49.0420 1684 intelppm - ok
14:36:49.0467 1684 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:36:49.0498 1684 IPBusEnum - ok
14:36:49.0529 1684 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:36:49.0560 1684 IpFilterDriver - ok
14:36:49.0623 1684 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
14:36:49.0654 1684 iphlpsvc - ok
14:36:49.0685 1684 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:36:49.0701 1684 IPMIDRV - ok
14:36:49.0732 1684 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:36:49.0763 1684 IPNAT - ok
14:36:49.0966 1684 iPod Service (b7cb0b121962cd89f98c0dd89331b0c0) C:\Program Files\iPod\bin\iPodService.exe
14:36:49.0981 1684 iPod Service - ok
14:36:50.0013 1684 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:36:50.0028 1684 IRENUM - ok
14:36:50.0044 1684 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:36:50.0044 1684 isapnp - ok
14:36:50.0059 1684 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:36:50.0075 1684 iScsiPrt - ok
14:36:50.0106 1684 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:36:50.0122 1684 kbdclass - ok
14:36:50.0153 1684 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:36:50.0169 1684 kbdhid - ok
14:36:50.0184 1684 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:36:50.0184 1684 KeyIso - ok
14:36:50.0200 1684 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
14:36:50.0215 1684 KSecDD - ok
14:36:50.0231 1684 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
14:36:50.0247 1684 KSecPkg - ok
14:36:50.0247 1684 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:36:50.0293 1684 ksthunk - ok
14:36:50.0356 1684 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:36:50.0403 1684 KtmRm - ok
14:36:50.0465 1684 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
14:36:50.0496 1684 LanmanServer - ok
14:36:50.0559 1684 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
14:36:50.0621 1684 LanmanWorkstation - ok
14:36:50.0652 1684 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:36:50.0699 1684 lltdio - ok
14:36:50.0761 1684 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:36:50.0793 1684 lltdsvc - ok
14:36:50.0839 1684 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:36:50.0855 1684 lmhosts - ok
14:36:50.0902 1684 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:36:50.0902 1684 LSI_FC - ok
14:36:50.0964 1684 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:36:50.0980 1684 LSI_SAS - ok
14:36:50.0995 1684 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:36:50.0995 1684 LSI_SAS2 - ok
14:36:51.0027 1684 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:36:51.0027 1684 LSI_SCSI - ok
14:36:51.0042 1684 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:36:51.0089 1684 luafv - ok
14:36:51.0105 1684 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
14:36:51.0120 1684 MBAMProtector - ok
14:36:51.0307 1684 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:36:51.0339 1684 MBAMService - ok
14:36:51.0385 1684 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
14:36:51.0417 1684 Mcx2Svc - ok
14:36:51.0432 1684 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:36:51.0448 1684 megasas - ok
14:36:51.0479 1684 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:36:51.0479 1684 MegaSR - ok
14:36:51.0557 1684 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:36:51.0588 1684 MMCSS - ok
14:36:51.0588 1684 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:36:51.0635 1684 Modem - ok
14:36:51.0666 1684 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:36:51.0682 1684 monitor - ok
14:36:51.0713 1684 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:36:51.0713 1684 mouclass - ok
14:36:51.0744 1684 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:36:51.0775 1684 mouhid - ok
14:36:51.0807 1684 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:36:51.0807 1684 mountmgr - ok
14:36:51.0947 1684 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:36:51.0963 1684 MozillaMaintenance - ok
14:36:51.0978 1684 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:36:51.0994 1684 mpio - ok
14:36:52.0009 1684 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:36:52.0041 1684 mpsdrv - ok
14:36:52.0134 1684 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
14:36:52.0181 1684 MpsSvc - ok
14:36:52.0197 1684 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:36:52.0228 1684 MRxDAV - ok
14:36:52.0259 1684 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:36:52.0306 1684 mrxsmb - ok
14:36:52.0321 1684 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:36:52.0353 1684 mrxsmb10 - ok
14:36:52.0384 1684 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:36:52.0399 1684 mrxsmb20 - ok
14:36:52.0462 1684 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:36:52.0462 1684 msahci - ok
14:36:52.0477 1684 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:36:52.0493 1684 msdsm - ok
14:36:52.0540 1684 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:36:52.0571 1684 MSDTC - ok
14:36:52.0587 1684 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:36:52.0618 1684 Msfs - ok
14:36:52.0649 1684 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:36:52.0665 1684 mshidkmdf - ok
14:36:52.0680 1684 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:36:52.0696 1684 msisadrv - ok
14:36:52.0758 1684 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:36:52.0805 1684 MSiSCSI - ok
14:36:52.0805 1684 msiserver - ok
14:36:52.0836 1684 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:36:52.0883 1684 MSKSSRV - ok
14:36:52.0914 1684 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:36:52.0961 1684 MSPCLOCK - ok
14:36:53.0008 1684 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:36:53.0039 1684 MSPQM - ok
14:36:53.0070 1684 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:36:53.0101 1684 MsRPC - ok
14:36:53.0117 1684 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:36:53.0117 1684 mssmbios - ok
14:36:53.0133 1684 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:36:53.0164 1684 MSTEE - ok
14:36:53.0179 1684 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:36:53.0211 1684 MTConfig - ok
14:36:53.0226 1684 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:36:53.0242 1684 Mup - ok
14:36:53.0320 1684 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
14:36:53.0367 1684 napagent - ok
14:36:53.0429 1684 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:36:53.0460 1684 NativeWifiP - ok
14:36:53.0585 1684 NAVENG - ok
14:36:53.0585 1684 NAVEX15 - ok
14:36:53.0679 1684 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:36:53.0710 1684 NDIS - ok
14:36:53.0725 1684 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:36:53.0757 1684 NdisCap - ok
14:36:53.0788 1684 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:36:53.0835 1684 NdisTapi - ok
14:36:53.0850 1684 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:36:53.0897 1684 Ndisuio - ok
14:36:53.0928 1684 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:36:53.0944 1684 NdisWan - ok
14:36:53.0975 1684 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:36:54.0006 1684 NDProxy - ok
14:36:54.0037 1684 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:36:54.0084 1684 NetBIOS - ok
14:36:54.0100 1684 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:36:54.0147 1684 NetBT - ok
14:36:54.0193 1684 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:36:54.0193 1684 Netlogon - ok
14:36:54.0271 1684 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:36:54.0318 1684 Netman - ok
14:36:54.0365 1684 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:36:54.0412 1684 netprofm - ok
14:36:54.0630 1684 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:36:54.0646 1684 NetTcpPortSharing - ok
14:36:54.0677 1684 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:36:54.0677 1684 nfrd960 - ok
14:36:54.0833 1684 NIS (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
14:36:54.0833 1684 NIS - ok
14:36:54.0880 1684 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
14:36:54.0927 1684 NlaSvc - ok
14:36:54.0927 1684 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:36:54.0973 1684 Npfs - ok
14:36:55.0020 1684 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:36:55.0067 1684 nsi - ok
14:36:55.0083 1684 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:36:55.0129 1684 nsiproxy - ok
14:36:55.0239 1684 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:36:55.0285 1684 Ntfs - ok
14:36:55.0504 1684 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:36:55.0535 1684 Null - ok
14:36:55.0566 1684 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:36:55.0566 1684 nvraid - ok
14:36:55.0582 1684 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:36:55.0597 1684 nvstor - ok
14:36:55.0613 1684 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:36:55.0629 1684 nv_agp - ok
14:36:55.0644 1684 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:36:55.0660 1684 ohci1394 - ok
14:36:55.0738 1684 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:36:55.0785 1684 p2pimsvc - ok
14:36:55.0863 1684 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:36:55.0878 1684 p2psvc - ok
14:36:55.0956 1684 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:36:55.0972 1684 Parport - ok
14:36:56.0003 1684 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
14:36:56.0003 1684 partmgr - ok
14:36:56.0034 1684 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:36:56.0065 1684 PcaSvc - ok
14:36:56.0081 1684 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:36:56.0097 1684 pci - ok
14:36:56.0112 1684 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:36:56.0128 1684 pciide - ok
14:36:56.0143 1684 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:36:56.0159 1684 pcmcia - ok
14:36:56.0175 1684 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:36:56.0190 1684 pcw - ok
14:36:56.0237 1684 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:36:56.0299 1684 PEAUTH - ok
14:36:56.0440 1684 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:36:56.0455 1684 PerfHost - ok
14:36:56.0580 1684 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
14:36:56.0643 1684 pla - ok
14:36:56.0705 1684 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
14:36:56.0721 1684 PlugPlay - ok
14:36:56.0736 1684 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:36:56.0752 1684 PNRPAutoReg - ok
14:36:56.0799 1684 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:36:56.0799 1684 PNRPsvc - ok
14:36:56.0877 1684 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
14:36:56.0939 1684 PolicyAgent - ok
14:36:57.0017 1684 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:36:57.0033 1684 Power - ok
14:36:57.0173 1684 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:36:57.0204 1684 PptpMiniport - ok
14:36:57.0267 1684 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:36:57.0282 1684 Processor - ok
14:36:57.0329 1684 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
14:36:57.0360 1684 ProfSvc - ok
14:36:57.0376 1684 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:36:57.0376 1684 ProtectedStorage - ok
14:36:57.0454 1684 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:36:57.0485 1684 Psched - ok
14:36:57.0579 1684 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:36:57.0625 1684 ql2300 - ok
14:36:57.0906 1684 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:36:57.0922 1684 ql40xx - ok
14:36:57.0984 1684 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:36:58.0015 1684 QWAVE - ok
14:36:58.0031 1684 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:36:58.0062 1684 QWAVEdrv - ok
14:36:58.0078 1684 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:36:58.0109 1684 RasAcd - ok
14:36:58.0171 1684 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:36:58.0203 1684 RasAgileVpn - ok
14:36:58.0234 1684 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:36:58.0265 1684 RasAuto - ok
14:36:58.0281 1684 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:36:58.0327 1684 Rasl2tp - ok
14:36:58.0374 1684 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
14:36:58.0421 1684 RasMan - ok
14:36:58.0437 1684 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:36:58.0483 1684 RasPppoe - ok
14:36:58.0515 1684 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:36:58.0546 1684 RasSstp - ok
14:36:58.0577 1684 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:36:58.0639 1684 rdbss - ok
14:36:58.0655 1684 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:36:58.0686 1684 rdpbus - ok
14:36:58.0702 1684 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:36:58.0733 1684 RDPCDD - ok
14:36:58.0749 1684 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:36:58.0780 1684 RDPENCDD - ok
14:36:58.0811 1684 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:36:58.0842 1684 RDPREFMP - ok
14:36:58.0873 1684 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
14:36:58.0920 1684 RDPWD - ok
14:36:58.0951 1684 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:36:58.0967 1684 rdyboost - ok
14:36:59.0029 1684 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:36:59.0061 1684 RemoteAccess - ok
14:36:59.0139 1684 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:36:59.0185 1684 RemoteRegistry - ok
14:36:59.0373 1684 RichVideo (8cfca7e2fd4b57c2bef929c1c1a4c56e) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:36:59.0388 1684 RichVideo - ok
14:36:59.0466 1684 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:36:59.0497 1684 RpcEptMapper - ok
14:36:59.0560 1684 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:36:59.0575 1684 RpcLocator - ok
14:36:59.0622 1684 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:36:59.0653 1684 RpcSs - ok
14:36:59.0794 1684 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:36:59.0825 1684 rspndr - ok
14:36:59.0919 1684 RTHDMIAzAudService (116d03e901246ac7af006121e1e22842) C:\Windows\system32\drivers\RtHDMIVX.sys
14:36:59.0919 1684 RTHDMIAzAudService - ok
14:37:00.0012 1684 RTL8167 (47032c855ddcb5ad7236286689ede288) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:37:00.0028 1684 RTL8167 - ok
14:37:00.0043 1684 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:37:00.0043 1684 SamSs - ok
14:37:00.0059 1684 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:37:00.0075 1684 sbp2port - ok
14:37:00.0106 1684 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:37:00.0137 1684 SCardSvr - ok
14:37:00.0137 1684 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:37:00.0184 1684 scfilter - ok
14:37:00.0262 1684 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
14:37:00.0309 1684 Schedule - ok
14:37:00.0371 1684 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:37:00.0402 1684 SCPolicySvc - ok
14:37:00.0465 1684 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
14:37:00.0511 1684 SDRSVC - ok
14:37:00.0652 1684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:37:00.0683 1684 secdrv - ok
14:37:00.0683 1684 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
14:37:00.0730 1684 seclogon - ok
14:37:00.0761 1684 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:37:00.0792 1684 SENS - ok
14:37:00.0823 1684 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:37:00.0855 1684 SensrSvc - ok
14:37:00.0870 1684 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:37:00.0886 1684 Serenum - ok
14:37:00.0933 1684 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:37:00.0948 1684 Serial - ok
14:37:00.0979 1684 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:37:01.0011 1684 sermouse - ok
14:37:01.0026 1684 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
14:37:01.0057 1684 SessionEnv - ok
14:37:01.0073 1684 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:37:01.0089 1684 sffdisk - ok
14:37:01.0104 1684 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:37:01.0135 1684 sffp_mmc - ok
14:37:01.0151 1684 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:37:01.0167 1684 sffp_sd - ok
14:37:01.0182 1684 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:37:01.0198 1684 sfloppy - ok
14:37:01.0260 1684 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:37:01.0307 1684 SharedAccess - ok
14:37:01.0385 1684 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
14:37:01.0416 1684 ShellHWDetection - ok
14:37:01.0447 1684 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:37:01.0463 1684 SiSRaid2 - ok
14:37:01.0479 1684 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:37:01.0494 1684 SiSRaid4 - ok
14:37:01.0775 1684 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:37:01.0853 1684 Skype C2C Service - ok
14:37:01.0993 1684 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:37:01.0993 1684 SkypeUpdate - ok
14:37:02.0305 1684 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:37:02.0337 1684 Smb - ok
14:37:02.0415 1684 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:37:02.0430 1684 SNMPTRAP - ok
14:37:02.0446 1684 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:37:02.0461 1684 spldr - ok
14:37:02.0508 1684 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
14:37:02.0555 1684 Spooler - ok
14:37:02.0727 1684 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
14:37:02.0789 1684 sppsvc - ok
14:37:02.0961 1684 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:37:02.0992 1684 sppuinotify - ok
14:37:03.0179 1684 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
14:37:03.0195 1684 SRTSP - ok
14:37:03.0195 1684 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
14:37:03.0195 1684 SRTSPX - ok
14:37:03.0241 1684 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:37:03.0288 1684 srv - ok
14:37:03.0319 1684 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:37:03.0351 1684 srv2 - ok
14:37:03.0382 1684 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:37:03.0413 1684 srvnet - ok
14:37:03.0475 1684 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:37:03.0522 1684 SSDPSRV - ok
14:37:03.0553 1684 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:37:03.0569 1684 SstpSvc - ok
14:37:03.0663 1684 Steam Client Service - ok
14:37:03.0694 1684 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:37:03.0709 1684 stexstor - ok
14:37:03.0803 1684 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
14:37:03.0850 1684 stisvc - ok
14:37:03.0865 1684 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:37:03.0865 1684 swenum - ok
14:37:03.0912 1684 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:37:03.0959 1684 swprv - ok
14:37:04.0053 1684 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
14:37:04.0068 1684 SymDS - ok
14:37:04.0084 1684 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
14:37:04.0099 1684 SymEFA - ok
14:37:04.0131 1684 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:37:04.0146 1684 SymEvent - ok
14:37:04.0193 1684 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
14:37:04.0193 1684 SymIRON - ok
14:37:04.0224 1684 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
14:37:04.0240 1684 SYMTDIv - ok
14:37:04.0333 1684 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
14:37:04.0396 1684 SysMain - ok
14:37:04.0599 1684 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
14:37:04.0630 1684 TabletInputService - ok
14:37:04.0661 1684 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
14:37:04.0708 1684 TapiSrv - ok
14:37:04.0723 1684 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:37:04.0755 1684 TBS - ok
14:37:04.0926 1684 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
14:37:04.0973 1684 Tcpip - ok
14:37:05.0254 1684 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
14:37:05.0285 1684 TCPIP6 - ok
14:37:05.0379 1684 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:37:05.0410 1684 tcpipreg - ok
14:37:05.0457 1684 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:37:05.0488 1684 TDPIPE - ok
14:37:05.0503 1684 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
14:37:05.0535 1684 TDTCP - ok
14:37:05.0581 1684 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:37:05.0613 1684 tdx - ok
14:37:05.0628 1684 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:37:05.0644 1684 TermDD - ok
14:37:05.0737 1684 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
14:37:05.0784 1684 TermService - ok
14:37:05.0800 1684 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:37:05.0831 1684 Themes - ok
14:37:05.0893 1684 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:37:05.0909 1684 THREADORDER - ok
14:37:05.0940 1684 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:37:05.0971 1684 TrkWks - ok
14:37:06.0081 1684 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
14:37:06.0096 1684 TrustedInstaller - ok
14:37:06.0096 1684 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:37:06.0143 1684 tssecsrv - ok
14:37:06.0237 1684 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:37:06.0268 1684 tunnel - ok
14:37:06.0283 1684 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:37:06.0299 1684 uagp35 - ok
14:37:06.0330 1684 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:37:06.0377 1684 udfs - ok
14:37:06.0439 1684 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:37:06.0455 1684 UI0Detect - ok
14:37:06.0471 1684 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:37:06.0486 1684 uliagpkx - ok
14:37:06.0517 1684 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:37:06.0533 1684 umbus - ok
14:37:06.0564 1684 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:37:06.0595 1684 UmPass - ok
14:37:06.0627 1684 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:37:06.0673 1684 upnphost - ok
14:37:06.0720 1684 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys
14:37:06.0751 1684 usbccgp - ok
14:37:06.0767 1684 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:37:06.0783 1684 usbcir - ok
14:37:06.0798 1684 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
14:37:06.0798 1684 usbehci - ok
14:37:06.0829 1684 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:37:06.0861 1684 usbhub - ok
14:37:06.0861 1684 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
14:37:06.0861 1684 usbohci - ok
14:37:06.0876 1684 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:37:06.0892 1684 usbprint - ok
14:37:06.0892 1684 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
14:37:06.0939 1684 USBSTOR - ok
14:37:06.0939 1684 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
14:37:06.0939 1684 usbuhci - ok
14:37:07.0001 1684 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:37:07.0048 1684 UxSms - ok
14:37:07.0063 1684 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:37:07.0079 1684 VaultSvc - ok
14:37:07.0110 1684 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:37:07.0110 1684 vdrvroot - ok
14:37:07.0157 1684 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
14:37:07.0188 1684 vds - ok
14:37:07.0204 1684 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:37:07.0219 1684 vga - ok
14:37:07.0235 1684 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:37:07.0282 1684 VgaSave - ok
14:37:07.0297 1684 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:37:07.0313 1684 vhdmp - ok
14:37:07.0438 1684 VIAHdAudAddService (627270f2103d41086bab9675a3315dab) C:\Windows\system32\drivers\viahduaa.sys
14:37:07.0500 1684 VIAHdAudAddService - ok
14:37:07.0516 1684 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:37:07.0516 1684 viaide - ok
14:37:07.0531 1684 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:37:07.0531 1684 volmgr - ok
14:37:07.0563 1684 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:37:07.0594 1684 volmgrx - ok
14:37:07.0609 1684 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:37:07.0641 1684 volsnap - ok
14:37:07.0687 1684 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:37:07.0687 1684 vsmraid - ok
14:37:07.0843 1684 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
14:37:07.0890 1684 VSS - ok
14:37:08.0124 1684 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:37:08.0140 1684 vwifibus - ok
14:37:08.0202 1684 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:37:08.0249 1684 W32Time - ok
14:37:08.0265 1684 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:37:08.0265 1684 WacomPen - ok
14:37:08.0311 1684 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:37:08.0343 1684 WANARP - ok
14:37:08.0358 1684 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:37:08.0389 1684 Wanarpv6 - ok
14:37:08.0514 1684 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:37:08.0545 1684 WatAdminSvc - ok
14:37:08.0639 1684 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
14:37:08.0701 1684 wbengine - ok
14:37:08.0873 1684 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:37:08.0889 1684 WbioSrvc - ok
14:37:08.0920 1684 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
14:37:08.0967 1684 wcncsvc - ok
14:37:08.0982 1684 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:37:09.0029 1684 WcsPlugInService - ok
14:37:09.0138 1684 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:37:09.0154 1684 Wd - ok
14:37:09.0185 1684 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:37:09.0216 1684 Wdf01000 - ok
14:37:09.0232 1684 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:37:09.0263 1684 WdiServiceHost - ok
14:37:09.0263 1684 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:37:09.0279 1684 WdiSystemHost - ok
14:37:09.0310 1684 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
14:37:09.0341 1684 WebClient - ok
14:37:09.0403 1684 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:37:09.0450 1684 Wecsvc - ok
14:37:09.0466 1684 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:37:09.0513 1684 wercplsupport - ok
14:37:09.0544 1684 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:37:09.0575 1684 WerSvc - ok
14:37:09.0700 1684 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:37:09.0731 1684 WfpLwf - ok
14:37:09.0731 1684 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:37:09.0747 1684 WIMMount - ok
14:37:09.0825 1684 WinDefend - ok
14:37:09.0825 1684 WinHttpAutoProxySvc - ok
14:37:09.0934 1684 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:37:09.0981 1684 Winmgmt - ok
14:37:10.0121 1684 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
14:37:10.0183 1684 WinRM - ok
14:37:10.0433 1684 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:37:10.0449 1684 Wlansvc - ok
14:37:10.0573 1684 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:37:10.0589 1684 WmiAcpi - ok
14:37:10.0698 1684 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:37:10.0714 1684 wmiApSrv - ok
14:37:10.0792 1684 WMPNetworkSvc - ok
14:37:10.0807 1684 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:37:10.0823 1684 WPCSvc - ok
14:37:10.0839 1684 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
14:37:10.0870 1684 WPDBusEnum - ok
14:37:10.0885 1684 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:37:10.0917 1684 ws2ifsl - ok
14:37:10.0948 1684 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
14:37:10.0963 1684 wscsvc - ok
14:37:10.0979 1684 WSearch - ok
14:37:11.0119 1684 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:37:11.0182 1684 wuauserv - ok
14:37:11.0463 1684 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:37:11.0509 1684 WudfPf - ok
14:37:11.0556 1684 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:37:11.0603 1684 WUDFRd - ok
14:37:11.0665 1684 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
14:37:11.0681 1684 wudfsvc - ok
14:37:11.0728 1684 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:37:11.0775 1684 WwanSvc - ok
14:37:11.0837 1684 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:37:11.0884 1684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:37:11.0884 1684 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:37:11.0946 1684 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:37:11.0946 1684 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:37:11.0946 1684 Boot (0x1200) (96650bdb6ba864ea1aede6ee2036234a) \Device\Harddisk0\DR0\Partition0
14:37:11.0946 1684 \Device\Harddisk0\DR0\Partition0 - ok
14:37:11.0993 1684 Boot (0x1200) (d9a7fd2f7b5ca724898329e876af955d) \Device\Harddisk0\DR0\Partition1
14:37:11.0993 1684 \Device\Harddisk0\DR0\Partition1 - ok
14:37:11.0993 1684 ============================================================
14:37:11.0993 1684 Scan finished
14:37:11.0993 1684 ============================================================
14:37:11.0993 1700 Detected object count: 2
14:37:11.0993 1700 Actual detected object count: 2
14:38:05.0049 1700 \Device\Harddisk0\DR0\# - copied to quarantine
14:38:05.0049 1700 \Device\Harddisk0\DR0 - copied to quarantine
14:38:05.0095 1700 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:38:05.0095 1700 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:38:05.0095 1700 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:38:05.0095 1700 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:38:05.0111 1700 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:38:05.0158 1700 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:38:05.0158 1700 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:38:05.0158 1700 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:38:05.0173 1700 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:38:05.0205 1700 \Device\Harddisk0\DR0 - ok
14:38:05.0251 1700 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:38:05.0251 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:38:05.0251 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:38:59.0040 1668 Deinitialize success
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.30.10
Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
alex :: ALEX-PC [administrator]
7/30/2012 2:50:46 PM
mbam-log-2012-07-30 (14-50-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193015
Time elapsed: 3 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.0
Run by alex at 15:10:50 on 2012-07-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.2445 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRunOnce: [SpybotDeletingB9224] command.com /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingD8855] cmd.exe /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingB9693] command.com /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingD8216] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [SpybotDeletingA7510] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingC5199] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingA5083] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingC4557] cmd.exe /c del "C:\Windows\svchost.exe_old"
StartupFolder: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{C586CC9B-EA3B-4DFF-8586-CAC24E85BA53} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C586CC9B-EA3B-4DFF-8586-CAC24E85BA53} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce-x64: [SpybotDeletingA7510] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingC5199] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingA5083] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingC4557] cmd.exe /c del "C:\Windows\svchost.exe_old"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\k15n400i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc494d9c3-4575-492f-a3fc-410b8d48ed66%7D&mid=80d92f78c6a647d0bcbc41b2e0095930-c85fc113044bd8c366b4bf06810b10f7f3da2474&ds=AVG&v=10.0.0.7&lang=en&pr=pr&d=2012-07-18%2001%3A54%3A00&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\k15n400i.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\components\dtTransparency.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-11 1161376]
S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120722.001\IDSviA64.sys [2012-7-23 509088]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2012-7-22 126400]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-24 250056]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-30 18:38:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-30 01:30:30 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-30 00:35:45 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-30 00:35:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-29 01:52:12 -------- d-----w- C:\$WINDOWS.~LS
2012-07-29 01:51:19 -------- d-----w- C:\$UPGRADE.~OS
2012-07-22 04:56:41 505392 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\srtsp64.sys
2012-07-22 04:56:41 451704 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys
2012-07-22 04:56:41 433200 ----a-r- C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys
2012-07-22 04:56:41 32304 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\srtspx64.sys
2012-07-22 04:56:41 221304 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys
2012-07-22 04:56:40 593544 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys
2012-07-22 04:56:40 150064 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys
2012-07-22 04:55:55 -------- d-----w- C:\Windows\System32\drivers\NISx64\1109000.00C
2012-07-19 01:17:55 -------- d-----w- C:\Users\alex\AppData\Local\CrashDumps
2012-07-18 21:50:59 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-07-18 21:50:56 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-07-18 21:46:21 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-18 21:27:47 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-07-18 21:27:46 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-07-18 20:52:37 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-07-18 20:52:36 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-07-18 20:52:36 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-07-18 20:52:36 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-07-18 20:52:36 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-07-18 20:52:35 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-07-18 20:52:35 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-07-18 20:47:10 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-07-18 20:41:57 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2012-07-18 20:40:06 552960 ----a-w- C:\Windows\System32\msdri.dll
2012-07-18 20:38:57 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2012-07-18 20:37:45 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2012-07-18 20:36:53 2870272 ----a-w- C:\Windows\explorer.exe
2012-07-18 20:35:51 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2012-07-18 20:34:57 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2012-07-18 20:33:59 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2012-07-18 20:32:58 640896 ----a-w- C:\Windows\System32\winload.efi
2012-07-18 20:18:39 -------- d-----w- C:\Windows\Panther
2012-07-18 20:14:02 77312 ----a-w- C:\Windows\System32\packager.dll
2012-07-18 20:14:02 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-07-18 20:08:33 -------- d--h--w- C:\$WINDOWS.~Q
2012-07-18 20:02:15 -------- d--h--w- C:\$INPLACE.~TR
2012-07-18 18:15:14 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-07-18 18:13:13 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-07-18 18:13:05 -------- d-----w- C:\Program Files\Symantec
2012-07-18 18:13:05 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-07-18 18:10:55 -------- d-----w- C:\Windows\System32\drivers\NISx64
2012-07-18 18:10:52 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-07-18 18:10:51 -------- d-----w- C:\ProgramData\Norton
2012-07-18 18:10:07 -------- d-----w- C:\ProgramData\NortonInstaller
2012-07-18 18:10:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-07-18 17:25:15 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-07-18 17:25:15 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-07-18 17:25:15 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-07-18 17:25:15 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-07-18 17:25:15 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-07-18 17:25:15 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-07-18 17:25:15 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-07-18 17:25:15 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-07-18 17:25:15 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-07-18 17:25:14 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-07-18 17:16:29 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-07-18 17:16:29 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-07-18 17:16:27 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-07-18 17:16:27 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-07-18 17:16:27 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-07-18 17:12:39 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-18 17:04:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-18 17:04:49 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-18 17:04:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-18 16:23:39 -------- d-----w- C:\Program Files\Realtek
2012-07-18 16:23:34 0 ----a-w- C:\Windows\ativpsrm.bin
2012-07-18 07:09:40 -------- d-----w- C:\Users\alex\AppData\Local\uTorrent
2012-07-18 05:55:33 -------- d-----w- C:\Users\alex\AppData\Roaming\AVG2012
2012-07-18 05:51:35 -------- d-----w- C:\ProgramData\AVG2012
2012-07-18 05:49:59 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-18 05:42:15 -------- d--h--w- C:\ProgramData\Common Files
2012-07-18 05:41:44 -------- d-----w- C:\ProgramData\MFAData
2012-07-14 21:10:52 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-13 03:24:25 -------- d-----w- C:\Users\alex\AppData\Roaming\Malwarebytes
2012-07-13 03:23:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-13 03:23:57 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-13 03:23:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-11 07:02:28 2311680 ------w- C:\Windows\System32\jscript9.dll
2012-07-11 07:02:27 1800192 ------w- C:\Windows\SysWow64\jscript9.dll
2012-07-11 00:58:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{436673BF-C065-4016-BC46-1A05C39D19F8}\mpengine.dll
2012-07-05 22:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2012-07-12 03:13:43 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 03:13:43 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-24 17:39:06 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-24 17:39:06 687560 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 15:12:29.10 ===============
14:35:54.0040 1664 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:35:54.0305 1664 ============================================================
14:35:54.0305 1664 Current date / time: 2012/07/30 14:35:54.0305
14:35:54.0305 1664 SystemInfo:
14:35:54.0305 1664
14:35:54.0305 1664 OS Version: 6.1.7600 ServicePack: 0.0
14:35:54.0305 1664 Product type: Workstation
14:35:54.0305 1664 ComputerName: ALEX-PC
14:35:54.0305 1664 UserName: alex
14:35:54.0305 1664 Windows directory: C:\Windows
14:35:54.0305 1664 System windows directory: C:\Windows
14:35:54.0305 1664 Running under WOW64
14:35:54.0305 1664 Processor architecture: Intel x64
14:35:54.0305 1664 Number of processors: 2
14:35:54.0305 1664 Page size: 0x1000
14:35:54.0305 1664 Boot type: Safe boot with network
14:35:54.0305 1664 ============================================================
14:35:55.0896 1664 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
14:35:55.0912 1664 ============================================================
14:35:55.0912 1664 \Device\Harddisk0\DR0:
14:35:55.0927 1664 MBR partitions:
14:35:55.0927 1664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:35:55.0927 1664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
14:35:55.0927 1664 ============================================================
14:35:55.0974 1664 C: <-> \Device\Harddisk0\DR0\Partition1
14:35:55.0974 1664 ============================================================
14:35:55.0974 1664 Initialize success
14:35:55.0974 1664 ============================================================
14:36:35.0395 1684 ============================================================
14:36:35.0395 1684 Scan started
14:36:35.0395 1684 Mode: Manual; SigCheck; TDLFS;
14:36:35.0395 1684 ============================================================
14:36:36.0518 1684 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:36:36.0596 1684 1394ohci - ok
14:36:36.0659 1684 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:36:36.0674 1684 ACPI - ok
14:36:36.0706 1684 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:36:36.0752 1684 AcpiPmi - ok
14:36:36.0908 1684 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:36:36.0908 1684 AdobeARMservice - ok
14:36:37.0064 1684 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:36:37.0096 1684 AdobeFlashPlayerUpdateSvc - ok
14:36:37.0158 1684 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:36:37.0174 1684 adp94xx - ok
14:36:37.0236 1684 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:36:37.0252 1684 adpahci - ok
14:36:37.0283 1684 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:36:37.0298 1684 adpu320 - ok
14:36:37.0345 1684 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:36:37.0486 1684 AeLookupSvc - ok
14:36:37.0579 1684 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
14:36:37.0626 1684 AFD - ok
14:36:37.0688 1684 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:36:37.0704 1684 agp440 - ok
14:36:37.0720 1684 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:36:37.0766 1684 ALG - ok
14:36:37.0782 1684 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:36:37.0798 1684 aliide - ok
14:36:37.0876 1684 AMD External Events Utility (ee048ef96ee7f7fdf1dce45c9ebbf19a) C:\Windows\system32\atiesrxx.exe
14:36:37.0938 1684 AMD External Events Utility - ok
14:36:37.0954 1684 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:36:37.0969 1684 amdide - ok
14:36:38.0000 1684 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:36:38.0032 1684 AmdK8 - ok
14:36:38.0375 1684 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
14:36:38.0531 1684 amdkmdag - ok
14:36:38.0765 1684 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys
14:36:38.0796 1684 amdkmdap - ok
14:36:38.0874 1684 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:36:38.0905 1684 AmdPPM - ok
14:36:38.0936 1684 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:36:38.0952 1684 amdsata - ok
14:36:38.0983 1684 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:36:38.0999 1684 amdsbs - ok
14:36:38.0999 1684 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:36:39.0014 1684 amdxata - ok
14:36:39.0046 1684 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:36:39.0124 1684 AppID - ok
14:36:39.0170 1684 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:36:39.0217 1684 AppIDSvc - ok
14:36:39.0248 1684 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
14:36:39.0280 1684 Appinfo - ok
14:36:39.0420 1684 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:36:39.0436 1684 Apple Mobile Device - ok
14:36:39.0482 1684 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:36:39.0498 1684 arc - ok
14:36:39.0514 1684 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:36:39.0529 1684 arcsas - ok
14:36:39.0560 1684 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:36:39.0607 1684 AsyncMac - ok
14:36:39.0623 1684 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:36:39.0638 1684 atapi - ok
14:36:39.0748 1684 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:36:39.0810 1684 AudioEndpointBuilder - ok
14:36:39.0810 1684 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:36:39.0841 1684 AudioSrv - ok
14:36:39.0888 1684 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
14:36:39.0950 1684 AxInstSV - ok
14:36:40.0028 1684 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:36:40.0075 1684 b06bdrv - ok
14:36:40.0169 1684 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:36:40.0200 1684 b57nd60a - ok
14:36:40.0278 1684 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:36:40.0309 1684 BDESVC - ok
14:36:40.0325 1684 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:36:40.0372 1684 Beep - ok
14:36:40.0434 1684 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
14:36:40.0496 1684 BFE - ok
14:36:40.0730 1684 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
14:36:40.0793 1684 BHDrvx64 - ok
14:36:41.0027 1684 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
14:36:41.0136 1684 BITS - ok
14:36:41.0261 1684 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:36:41.0292 1684 blbdrive - ok
14:36:41.0448 1684 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:36:41.0464 1684 Bonjour Service - ok
14:36:41.0526 1684 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:36:41.0557 1684 bowser - ok
14:36:41.0588 1684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:36:41.0620 1684 BrFiltLo - ok
14:36:41.0635 1684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:36:41.0651 1684 BrFiltUp - ok
14:36:41.0729 1684 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
14:36:41.0760 1684 Browser - ok
14:36:41.0807 1684 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:36:41.0854 1684 Brserid - ok
14:36:41.0885 1684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:36:41.0916 1684 BrSerWdm - ok
14:36:41.0932 1684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:36:41.0963 1684 BrUsbMdm - ok
14:36:41.0978 1684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:36:41.0994 1684 BrUsbSer - ok
14:36:42.0010 1684 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:36:42.0025 1684 BTHMODEM - ok
14:36:42.0088 1684 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:36:42.0119 1684 bthserv - ok
14:36:42.0244 1684 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
14:36:42.0259 1684 ccHP - ok
14:36:42.0275 1684 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:36:42.0322 1684 cdfs - ok
14:36:42.0353 1684 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:36:42.0384 1684 cdrom - ok
14:36:42.0415 1684 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:36:42.0462 1684 CertPropSvc - ok
14:36:42.0493 1684 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:36:42.0509 1684 circlass - ok
14:36:42.0602 1684 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:36:42.0618 1684 CLFS - ok
14:36:42.0758 1684 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:36:42.0758 1684 clr_optimization_v2.0.50727_32 - ok
14:36:42.0883 1684 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:36:42.0899 1684 clr_optimization_v2.0.50727_64 - ok
14:36:43.0008 1684 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:36:43.0039 1684 clr_optimization_v4.0.30319_32 - ok
14:36:43.0071 1684 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:36:43.0102 1684 clr_optimization_v4.0.30319_64 - ok
14:36:43.0117 1684 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:36:43.0149 1684 CmBatt - ok
14:36:43.0195 1684 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:36:43.0195 1684 cmdide - ok
14:36:43.0273 1684 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
14:36:43.0320 1684 CNG - ok
14:36:43.0336 1684 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:36:43.0336 1684 Compbatt - ok
14:36:43.0383 1684 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:36:43.0398 1684 CompositeBus - ok
14:36:43.0398 1684 COMSysApp - ok
14:36:43.0429 1684 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:36:43.0429 1684 crcdisk - ok
14:36:43.0492 1684 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
14:36:43.0539 1684 CryptSvc - ok
14:36:43.0617 1684 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:36:43.0663 1684 DcomLaunch - ok
14:36:43.0741 1684 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:36:43.0788 1684 defragsvc - ok
14:36:43.0835 1684 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:36:43.0866 1684 DfsC - ok
14:36:43.0913 1684 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
14:36:43.0991 1684 Dhcp - ok
14:36:44.0053 1684 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:36:44.0100 1684 discache - ok
14:36:44.0131 1684 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:36:44.0147 1684 Disk - ok
14:36:44.0178 1684 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
14:36:44.0194 1684 Dnscache - ok
14:36:44.0256 1684 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
14:36:44.0303 1684 dot3svc - ok
14:36:44.0319 1684 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
14:36:44.0365 1684 DPS - ok
14:36:44.0428 1684 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:36:44.0443 1684 drmkaud - ok
14:36:44.0506 1684 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:36:44.0537 1684 DXGKrnl - ok
14:36:44.0599 1684 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:36:44.0646 1684 EapHost - ok
14:36:44.0833 1684 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:36:44.0911 1684 ebdrv - ok
14:36:45.0036 1684 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:36:45.0052 1684 eeCtrl - ok
14:36:45.0223 1684 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
14:36:45.0255 1684 EFS - ok
14:36:45.0364 1684 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
14:36:45.0411 1684 ehRecvr - ok
14:36:45.0473 1684 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:36:45.0504 1684 ehSched - ok
14:36:45.0676 1684 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:36:45.0691 1684 elxstor - ok
14:36:45.0707 1684 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:36:45.0738 1684 ErrDev - ok
14:36:45.0816 1684 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:36:45.0863 1684 EventSystem - ok
14:36:45.0910 1684 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:36:45.0957 1684 exfat - ok
14:36:45.0972 1684 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:36:46.0003 1684 fastfat - ok
14:36:46.0081 1684 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
14:36:46.0128 1684 Fax - ok
14:36:46.0175 1684 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:36:46.0206 1684 fdc - ok
14:36:46.0237 1684 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:36:46.0269 1684 fdPHost - ok
14:36:46.0284 1684 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:36:46.0315 1684 FDResPub - ok
14:36:46.0347 1684 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:36:46.0362 1684 FileInfo - ok
14:36:46.0378 1684 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:36:46.0393 1684 Filetrace - ok
14:36:46.0409 1684 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:36:46.0425 1684 flpydisk - ok
14:36:46.0440 1684 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:36:46.0456 1684 FltMgr - ok
14:36:46.0534 1684 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
14:36:46.0596 1684 FontCache - ok
14:36:46.0815 1684 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:36:46.0830 1684 FontCache3.0.0.0 - ok
14:36:46.0893 1684 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:36:46.0908 1684 FsDepends - ok
14:36:46.0939 1684 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
14:36:46.0939 1684 Fs_Rec - ok
14:36:47.0002 1684 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:36:47.0017 1684 fvevol - ok
14:36:47.0064 1684 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:36:47.0064 1684 gagp30kx - ok
14:36:47.0095 1684 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:36:47.0095 1684 GEARAspiWDM - ok
14:36:47.0205 1684 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
14:36:47.0236 1684 gpsvc - ok
14:36:47.0376 1684 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:36:47.0376 1684 gupdate - ok
14:36:47.0392 1684 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:36:47.0392 1684 gupdatem - ok
14:36:47.0407 1684 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:36:47.0439 1684 hcw85cir - ok
14:36:47.0485 1684 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:36:47.0517 1684 HDAudBus - ok
14:36:47.0517 1684 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:36:47.0532 1684 HidBatt - ok
14:36:47.0548 1684 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:36:47.0579 1684 HidBth - ok
14:36:47.0626 1684 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:36:47.0641 1684 HidIr - ok
14:36:47.0719 1684 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:36:47.0751 1684 hidserv - ok
14:36:47.0813 1684 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:36:47.0829 1684 HidUsb - ok
14:36:47.0907 1684 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
14:36:47.0938 1684 hkmsvc - ok
14:36:47.0969 1684 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
14:36:48.0000 1684 HomeGroupListener - ok
14:36:48.0063 1684 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
14:36:48.0094 1684 HomeGroupProvider - ok
14:36:48.0125 1684 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:36:48.0141 1684 HpSAMD - ok
14:36:48.0219 1684 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:36:48.0265 1684 HTTP - ok
14:36:48.0281 1684 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:36:48.0297 1684 hwpolicy - ok
14:36:48.0328 1684 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:36:48.0343 1684 i8042prt - ok
14:36:48.0406 1684 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:36:48.0421 1684 iaStorV - ok
14:36:48.0671 1684 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:36:48.0687 1684 idsvc - ok
14:36:48.0952 1684 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120722.001\IDSvia64.sys
14:36:48.0967 1684 IDSVia64 - ok
14:36:49.0170 1684 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:36:49.0186 1684 iirsp - ok
14:36:49.0279 1684 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
14:36:49.0342 1684 IKEEXT - ok
14:36:49.0357 1684 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:36:49.0357 1684 intelide - ok
14:36:49.0404 1684 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:36:49.0420 1684 intelppm - ok
14:36:49.0467 1684 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:36:49.0498 1684 IPBusEnum - ok
14:36:49.0529 1684 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:36:49.0560 1684 IpFilterDriver - ok
14:36:49.0623 1684 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
14:36:49.0654 1684 iphlpsvc - ok
14:36:49.0685 1684 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:36:49.0701 1684 IPMIDRV - ok
14:36:49.0732 1684 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:36:49.0763 1684 IPNAT - ok
14:36:49.0966 1684 iPod Service (b7cb0b121962cd89f98c0dd89331b0c0) C:\Program Files\iPod\bin\iPodService.exe
14:36:49.0981 1684 iPod Service - ok
14:36:50.0013 1684 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:36:50.0028 1684 IRENUM - ok
14:36:50.0044 1684 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:36:50.0044 1684 isapnp - ok
14:36:50.0059 1684 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:36:50.0075 1684 iScsiPrt - ok
14:36:50.0106 1684 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:36:50.0122 1684 kbdclass - ok
14:36:50.0153 1684 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:36:50.0169 1684 kbdhid - ok
14:36:50.0184 1684 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:36:50.0184 1684 KeyIso - ok
14:36:50.0200 1684 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
14:36:50.0215 1684 KSecDD - ok
14:36:50.0231 1684 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
14:36:50.0247 1684 KSecPkg - ok
14:36:50.0247 1684 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:36:50.0293 1684 ksthunk - ok
14:36:50.0356 1684 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:36:50.0403 1684 KtmRm - ok
14:36:50.0465 1684 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
14:36:50.0496 1684 LanmanServer - ok
14:36:50.0559 1684 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
14:36:50.0621 1684 LanmanWorkstation - ok
14:36:50.0652 1684 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:36:50.0699 1684 lltdio - ok
14:36:50.0761 1684 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:36:50.0793 1684 lltdsvc - ok
14:36:50.0839 1684 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:36:50.0855 1684 lmhosts - ok
14:36:50.0902 1684 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:36:50.0902 1684 LSI_FC - ok
14:36:50.0964 1684 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:36:50.0980 1684 LSI_SAS - ok
14:36:50.0995 1684 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:36:50.0995 1684 LSI_SAS2 - ok
14:36:51.0027 1684 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:36:51.0027 1684 LSI_SCSI - ok
14:36:51.0042 1684 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:36:51.0089 1684 luafv - ok
14:36:51.0105 1684 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
14:36:51.0120 1684 MBAMProtector - ok
14:36:51.0307 1684 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:36:51.0339 1684 MBAMService - ok
14:36:51.0385 1684 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
14:36:51.0417 1684 Mcx2Svc - ok
14:36:51.0432 1684 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:36:51.0448 1684 megasas - ok
14:36:51.0479 1684 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:36:51.0479 1684 MegaSR - ok
14:36:51.0557 1684 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:36:51.0588 1684 MMCSS - ok
14:36:51.0588 1684 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:36:51.0635 1684 Modem - ok
14:36:51.0666 1684 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:36:51.0682 1684 monitor - ok
14:36:51.0713 1684 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:36:51.0713 1684 mouclass - ok
14:36:51.0744 1684 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:36:51.0775 1684 mouhid - ok
14:36:51.0807 1684 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:36:51.0807 1684 mountmgr - ok
14:36:51.0947 1684 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:36:51.0963 1684 MozillaMaintenance - ok
14:36:51.0978 1684 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:36:51.0994 1684 mpio - ok
14:36:52.0009 1684 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:36:52.0041 1684 mpsdrv - ok
14:36:52.0134 1684 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
14:36:52.0181 1684 MpsSvc - ok
14:36:52.0197 1684 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:36:52.0228 1684 MRxDAV - ok
14:36:52.0259 1684 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:36:52.0306 1684 mrxsmb - ok
14:36:52.0321 1684 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:36:52.0353 1684 mrxsmb10 - ok
14:36:52.0384 1684 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:36:52.0399 1684 mrxsmb20 - ok
14:36:52.0462 1684 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:36:52.0462 1684 msahci - ok
14:36:52.0477 1684 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:36:52.0493 1684 msdsm - ok
14:36:52.0540 1684 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:36:52.0571 1684 MSDTC - ok
14:36:52.0587 1684 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:36:52.0618 1684 Msfs - ok
14:36:52.0649 1684 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:36:52.0665 1684 mshidkmdf - ok
14:36:52.0680 1684 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:36:52.0696 1684 msisadrv - ok
14:36:52.0758 1684 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:36:52.0805 1684 MSiSCSI - ok
14:36:52.0805 1684 msiserver - ok
14:36:52.0836 1684 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:36:52.0883 1684 MSKSSRV - ok
14:36:52.0914 1684 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:36:52.0961 1684 MSPCLOCK - ok
14:36:53.0008 1684 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:36:53.0039 1684 MSPQM - ok
14:36:53.0070 1684 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:36:53.0101 1684 MsRPC - ok
14:36:53.0117 1684 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:36:53.0117 1684 mssmbios - ok
14:36:53.0133 1684 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:36:53.0164 1684 MSTEE - ok
14:36:53.0179 1684 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:36:53.0211 1684 MTConfig - ok
14:36:53.0226 1684 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:36:53.0242 1684 Mup - ok
14:36:53.0320 1684 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
14:36:53.0367 1684 napagent - ok
14:36:53.0429 1684 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:36:53.0460 1684 NativeWifiP - ok
14:36:53.0585 1684 NAVENG - ok
14:36:53.0585 1684 NAVEX15 - ok
14:36:53.0679 1684 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:36:53.0710 1684 NDIS - ok
14:36:53.0725 1684 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:36:53.0757 1684 NdisCap - ok
14:36:53.0788 1684 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:36:53.0835 1684 NdisTapi - ok
14:36:53.0850 1684 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:36:53.0897 1684 Ndisuio - ok
14:36:53.0928 1684 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:36:53.0944 1684 NdisWan - ok
14:36:53.0975 1684 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:36:54.0006 1684 NDProxy - ok
14:36:54.0037 1684 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:36:54.0084 1684 NetBIOS - ok
14:36:54.0100 1684 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:36:54.0147 1684 NetBT - ok
14:36:54.0193 1684 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:36:54.0193 1684 Netlogon - ok
14:36:54.0271 1684 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:36:54.0318 1684 Netman - ok
14:36:54.0365 1684 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:36:54.0412 1684 netprofm - ok
14:36:54.0630 1684 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:36:54.0646 1684 NetTcpPortSharing - ok
14:36:54.0677 1684 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:36:54.0677 1684 nfrd960 - ok
14:36:54.0833 1684 NIS (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
14:36:54.0833 1684 NIS - ok
14:36:54.0880 1684 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
14:36:54.0927 1684 NlaSvc - ok
14:36:54.0927 1684 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:36:54.0973 1684 Npfs - ok
14:36:55.0020 1684 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:36:55.0067 1684 nsi - ok
14:36:55.0083 1684 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:36:55.0129 1684 nsiproxy - ok
14:36:55.0239 1684 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:36:55.0285 1684 Ntfs - ok
14:36:55.0504 1684 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:36:55.0535 1684 Null - ok
14:36:55.0566 1684 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:36:55.0566 1684 nvraid - ok
14:36:55.0582 1684 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:36:55.0597 1684 nvstor - ok
14:36:55.0613 1684 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:36:55.0629 1684 nv_agp - ok
14:36:55.0644 1684 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:36:55.0660 1684 ohci1394 - ok
14:36:55.0738 1684 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:36:55.0785 1684 p2pimsvc - ok
14:36:55.0863 1684 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:36:55.0878 1684 p2psvc - ok
14:36:55.0956 1684 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:36:55.0972 1684 Parport - ok
14:36:56.0003 1684 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
14:36:56.0003 1684 partmgr - ok
14:36:56.0034 1684 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:36:56.0065 1684 PcaSvc - ok
14:36:56.0081 1684 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:36:56.0097 1684 pci - ok
14:36:56.0112 1684 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:36:56.0128 1684 pciide - ok
14:36:56.0143 1684 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:36:56.0159 1684 pcmcia - ok
14:36:56.0175 1684 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:36:56.0190 1684 pcw - ok
14:36:56.0237 1684 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:36:56.0299 1684 PEAUTH - ok
14:36:56.0440 1684 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:36:56.0455 1684 PerfHost - ok
14:36:56.0580 1684 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
14:36:56.0643 1684 pla - ok
14:36:56.0705 1684 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
14:36:56.0721 1684 PlugPlay - ok
14:36:56.0736 1684 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:36:56.0752 1684 PNRPAutoReg - ok
14:36:56.0799 1684 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:36:56.0799 1684 PNRPsvc - ok
14:36:56.0877 1684 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
14:36:56.0939 1684 PolicyAgent - ok
14:36:57.0017 1684 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:36:57.0033 1684 Power - ok
14:36:57.0173 1684 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:36:57.0204 1684 PptpMiniport - ok
14:36:57.0267 1684 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:36:57.0282 1684 Processor - ok
14:36:57.0329 1684 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
14:36:57.0360 1684 ProfSvc - ok
14:36:57.0376 1684 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:36:57.0376 1684 ProtectedStorage - ok
14:36:57.0454 1684 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:36:57.0485 1684 Psched - ok
14:36:57.0579 1684 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:36:57.0625 1684 ql2300 - ok
14:36:57.0906 1684 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:36:57.0922 1684 ql40xx - ok
14:36:57.0984 1684 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:36:58.0015 1684 QWAVE - ok
14:36:58.0031 1684 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:36:58.0062 1684 QWAVEdrv - ok
14:36:58.0078 1684 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:36:58.0109 1684 RasAcd - ok
14:36:58.0171 1684 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:36:58.0203 1684 RasAgileVpn - ok
14:36:58.0234 1684 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:36:58.0265 1684 RasAuto - ok
14:36:58.0281 1684 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:36:58.0327 1684 Rasl2tp - ok
14:36:58.0374 1684 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
14:36:58.0421 1684 RasMan - ok
14:36:58.0437 1684 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:36:58.0483 1684 RasPppoe - ok
14:36:58.0515 1684 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:36:58.0546 1684 RasSstp - ok
14:36:58.0577 1684 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:36:58.0639 1684 rdbss - ok
14:36:58.0655 1684 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:36:58.0686 1684 rdpbus - ok
14:36:58.0702 1684 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:36:58.0733 1684 RDPCDD - ok
14:36:58.0749 1684 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:36:58.0780 1684 RDPENCDD - ok
14:36:58.0811 1684 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:36:58.0842 1684 RDPREFMP - ok
14:36:58.0873 1684 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
14:36:58.0920 1684 RDPWD - ok
14:36:58.0951 1684 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:36:58.0967 1684 rdyboost - ok
14:36:59.0029 1684 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:36:59.0061 1684 RemoteAccess - ok
14:36:59.0139 1684 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:36:59.0185 1684 RemoteRegistry - ok
14:36:59.0373 1684 RichVideo (8cfca7e2fd4b57c2bef929c1c1a4c56e) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:36:59.0388 1684 RichVideo - ok
14:36:59.0466 1684 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:36:59.0497 1684 RpcEptMapper - ok
14:36:59.0560 1684 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:36:59.0575 1684 RpcLocator - ok
14:36:59.0622 1684 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:36:59.0653 1684 RpcSs - ok
14:36:59.0794 1684 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:36:59.0825 1684 rspndr - ok
14:36:59.0919 1684 RTHDMIAzAudService (116d03e901246ac7af006121e1e22842) C:\Windows\system32\drivers\RtHDMIVX.sys
14:36:59.0919 1684 RTHDMIAzAudService - ok
14:37:00.0012 1684 RTL8167 (47032c855ddcb5ad7236286689ede288) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:37:00.0028 1684 RTL8167 - ok
14:37:00.0043 1684 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:37:00.0043 1684 SamSs - ok
14:37:00.0059 1684 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:37:00.0075 1684 sbp2port - ok
14:37:00.0106 1684 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:37:00.0137 1684 SCardSvr - ok
14:37:00.0137 1684 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:37:00.0184 1684 scfilter - ok
14:37:00.0262 1684 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
14:37:00.0309 1684 Schedule - ok
14:37:00.0371 1684 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:37:00.0402 1684 SCPolicySvc - ok
14:37:00.0465 1684 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
14:37:00.0511 1684 SDRSVC - ok
14:37:00.0652 1684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:37:00.0683 1684 secdrv - ok
14:37:00.0683 1684 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
14:37:00.0730 1684 seclogon - ok
14:37:00.0761 1684 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:37:00.0792 1684 SENS - ok
14:37:00.0823 1684 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:37:00.0855 1684 SensrSvc - ok
14:37:00.0870 1684 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:37:00.0886 1684 Serenum - ok
14:37:00.0933 1684 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:37:00.0948 1684 Serial - ok
14:37:00.0979 1684 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:37:01.0011 1684 sermouse - ok
14:37:01.0026 1684 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
14:37:01.0057 1684 SessionEnv - ok
14:37:01.0073 1684 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:37:01.0089 1684 sffdisk - ok
14:37:01.0104 1684 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:37:01.0135 1684 sffp_mmc - ok
14:37:01.0151 1684 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:37:01.0167 1684 sffp_sd - ok
14:37:01.0182 1684 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:37:01.0198 1684 sfloppy - ok
14:37:01.0260 1684 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:37:01.0307 1684 SharedAccess - ok
14:37:01.0385 1684 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
14:37:01.0416 1684 ShellHWDetection - ok
14:37:01.0447 1684 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:37:01.0463 1684 SiSRaid2 - ok
14:37:01.0479 1684 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:37:01.0494 1684 SiSRaid4 - ok
14:37:01.0775 1684 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:37:01.0853 1684 Skype C2C Service - ok
14:37:01.0993 1684 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:37:01.0993 1684 SkypeUpdate - ok
14:37:02.0305 1684 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:37:02.0337 1684 Smb - ok
14:37:02.0415 1684 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:37:02.0430 1684 SNMPTRAP - ok
14:37:02.0446 1684 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:37:02.0461 1684 spldr - ok
14:37:02.0508 1684 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
14:37:02.0555 1684 Spooler - ok
14:37:02.0727 1684 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
14:37:02.0789 1684 sppsvc - ok
14:37:02.0961 1684 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:37:02.0992 1684 sppuinotify - ok
14:37:03.0179 1684 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
14:37:03.0195 1684 SRTSP - ok
14:37:03.0195 1684 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
14:37:03.0195 1684 SRTSPX - ok
14:37:03.0241 1684 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:37:03.0288 1684 srv - ok
14:37:03.0319 1684 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:37:03.0351 1684 srv2 - ok
14:37:03.0382 1684 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:37:03.0413 1684 srvnet - ok
14:37:03.0475 1684 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:37:03.0522 1684 SSDPSRV - ok
14:37:03.0553 1684 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:37:03.0569 1684 SstpSvc - ok
14:37:03.0663 1684 Steam Client Service - ok
14:37:03.0694 1684 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:37:03.0709 1684 stexstor - ok
14:37:03.0803 1684 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
14:37:03.0850 1684 stisvc - ok
14:37:03.0865 1684 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:37:03.0865 1684 swenum - ok
14:37:03.0912 1684 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:37:03.0959 1684 swprv - ok
14:37:04.0053 1684 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
14:37:04.0068 1684 SymDS - ok
14:37:04.0084 1684 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
14:37:04.0099 1684 SymEFA - ok
14:37:04.0131 1684 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:37:04.0146 1684 SymEvent - ok
14:37:04.0193 1684 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
14:37:04.0193 1684 SymIRON - ok
14:37:04.0224 1684 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
14:37:04.0240 1684 SYMTDIv - ok
14:37:04.0333 1684 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
14:37:04.0396 1684 SysMain - ok
14:37:04.0599 1684 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
14:37:04.0630 1684 TabletInputService - ok
14:37:04.0661 1684 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
14:37:04.0708 1684 TapiSrv - ok
14:37:04.0723 1684 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:37:04.0755 1684 TBS - ok
14:37:04.0926 1684 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
14:37:04.0973 1684 Tcpip - ok
14:37:05.0254 1684 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
14:37:05.0285 1684 TCPIP6 - ok
14:37:05.0379 1684 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:37:05.0410 1684 tcpipreg - ok
14:37:05.0457 1684 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:37:05.0488 1684 TDPIPE - ok
14:37:05.0503 1684 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
14:37:05.0535 1684 TDTCP - ok
14:37:05.0581 1684 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:37:05.0613 1684 tdx - ok
14:37:05.0628 1684 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:37:05.0644 1684 TermDD - ok
14:37:05.0737 1684 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
14:37:05.0784 1684 TermService - ok
14:37:05.0800 1684 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:37:05.0831 1684 Themes - ok
14:37:05.0893 1684 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:37:05.0909 1684 THREADORDER - ok
14:37:05.0940 1684 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:37:05.0971 1684 TrkWks - ok
14:37:06.0081 1684 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
14:37:06.0096 1684 TrustedInstaller - ok
14:37:06.0096 1684 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:37:06.0143 1684 tssecsrv - ok
14:37:06.0237 1684 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:37:06.0268 1684 tunnel - ok
14:37:06.0283 1684 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:37:06.0299 1684 uagp35 - ok
14:37:06.0330 1684 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:37:06.0377 1684 udfs - ok
14:37:06.0439 1684 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:37:06.0455 1684 UI0Detect - ok
14:37:06.0471 1684 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:37:06.0486 1684 uliagpkx - ok
14:37:06.0517 1684 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:37:06.0533 1684 umbus - ok
14:37:06.0564 1684 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:37:06.0595 1684 UmPass - ok
14:37:06.0627 1684 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:37:06.0673 1684 upnphost - ok
14:37:06.0720 1684 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys
14:37:06.0751 1684 usbccgp - ok
14:37:06.0767 1684 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:37:06.0783 1684 usbcir - ok
14:37:06.0798 1684 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
14:37:06.0798 1684 usbehci - ok
14:37:06.0829 1684 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:37:06.0861 1684 usbhub - ok
14:37:06.0861 1684 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
14:37:06.0861 1684 usbohci - ok
14:37:06.0876 1684 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:37:06.0892 1684 usbprint - ok
14:37:06.0892 1684 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
14:37:06.0939 1684 USBSTOR - ok
14:37:06.0939 1684 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
14:37:06.0939 1684 usbuhci - ok
14:37:07.0001 1684 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:37:07.0048 1684 UxSms - ok
14:37:07.0063 1684 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:37:07.0079 1684 VaultSvc - ok
14:37:07.0110 1684 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:37:07.0110 1684 vdrvroot - ok
14:37:07.0157 1684 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
14:37:07.0188 1684 vds - ok
14:37:07.0204 1684 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:37:07.0219 1684 vga - ok
14:37:07.0235 1684 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:37:07.0282 1684 VgaSave - ok
14:37:07.0297 1684 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:37:07.0313 1684 vhdmp - ok
14:37:07.0438 1684 VIAHdAudAddService (627270f2103d41086bab9675a3315dab) C:\Windows\system32\drivers\viahduaa.sys
14:37:07.0500 1684 VIAHdAudAddService - ok
14:37:07.0516 1684 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:37:07.0516 1684 viaide - ok
14:37:07.0531 1684 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:37:07.0531 1684 volmgr - ok
14:37:07.0563 1684 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:37:07.0594 1684 volmgrx - ok
14:37:07.0609 1684 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:37:07.0641 1684 volsnap - ok
14:37:07.0687 1684 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:37:07.0687 1684 vsmraid - ok
14:37:07.0843 1684 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
14:37:07.0890 1684 VSS - ok
14:37:08.0124 1684 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:37:08.0140 1684 vwifibus - ok
14:37:08.0202 1684 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:37:08.0249 1684 W32Time - ok
14:37:08.0265 1684 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:37:08.0265 1684 WacomPen - ok
14:37:08.0311 1684 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:37:08.0343 1684 WANARP - ok
14:37:08.0358 1684 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:37:08.0389 1684 Wanarpv6 - ok
14:37:08.0514 1684 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:37:08.0545 1684 WatAdminSvc - ok
14:37:08.0639 1684 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
14:37:08.0701 1684 wbengine - ok
14:37:08.0873 1684 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:37:08.0889 1684 WbioSrvc - ok
14:37:08.0920 1684 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
14:37:08.0967 1684 wcncsvc - ok
14:37:08.0982 1684 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:37:09.0029 1684 WcsPlugInService - ok
14:37:09.0138 1684 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:37:09.0154 1684 Wd - ok
14:37:09.0185 1684 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:37:09.0216 1684 Wdf01000 - ok
14:37:09.0232 1684 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:37:09.0263 1684 WdiServiceHost - ok
14:37:09.0263 1684 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:37:09.0279 1684 WdiSystemHost - ok
14:37:09.0310 1684 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
14:37:09.0341 1684 WebClient - ok
14:37:09.0403 1684 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:37:09.0450 1684 Wecsvc - ok
14:37:09.0466 1684 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:37:09.0513 1684 wercplsupport - ok
14:37:09.0544 1684 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:37:09.0575 1684 WerSvc - ok
14:37:09.0700 1684 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:37:09.0731 1684 WfpLwf - ok
14:37:09.0731 1684 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:37:09.0747 1684 WIMMount - ok
14:37:09.0825 1684 WinDefend - ok
14:37:09.0825 1684 WinHttpAutoProxySvc - ok
14:37:09.0934 1684 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:37:09.0981 1684 Winmgmt - ok
14:37:10.0121 1684 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
14:37:10.0183 1684 WinRM - ok
14:37:10.0433 1684 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:37:10.0449 1684 Wlansvc - ok
14:37:10.0573 1684 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:37:10.0589 1684 WmiAcpi - ok
14:37:10.0698 1684 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:37:10.0714 1684 wmiApSrv - ok
14:37:10.0792 1684 WMPNetworkSvc - ok
14:37:10.0807 1684 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:37:10.0823 1684 WPCSvc - ok
14:37:10.0839 1684 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
14:37:10.0870 1684 WPDBusEnum - ok
14:37:10.0885 1684 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:37:10.0917 1684 ws2ifsl - ok
14:37:10.0948 1684 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
14:37:10.0963 1684 wscsvc - ok
14:37:10.0979 1684 WSearch - ok
14:37:11.0119 1684 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:37:11.0182 1684 wuauserv - ok
14:37:11.0463 1684 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:37:11.0509 1684 WudfPf - ok
14:37:11.0556 1684 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:37:11.0603 1684 WUDFRd - ok
14:37:11.0665 1684 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
14:37:11.0681 1684 wudfsvc - ok
14:37:11.0728 1684 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:37:11.0775 1684 WwanSvc - ok
14:37:11.0837 1684 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:37:11.0884 1684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:37:11.0884 1684 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:37:11.0946 1684 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:37:11.0946 1684 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:37:11.0946 1684 Boot (0x1200) (96650bdb6ba864ea1aede6ee2036234a) \Device\Harddisk0\DR0\Partition0
14:37:11.0946 1684 \Device\Harddisk0\DR0\Partition0 - ok
14:37:11.0993 1684 Boot (0x1200) (d9a7fd2f7b5ca724898329e876af955d) \Device\Harddisk0\DR0\Partition1
14:37:11.0993 1684 \Device\Harddisk0\DR0\Partition1 - ok
14:37:11.0993 1684 ============================================================
14:37:11.0993 1684 Scan finished
14:37:11.0993 1684 ============================================================
14:37:11.0993 1700 Detected object count: 2
14:37:11.0993 1700 Actual detected object count: 2
14:38:05.0049 1700 \Device\Harddisk0\DR0\# - copied to quarantine
14:38:05.0049 1700 \Device\Harddisk0\DR0 - copied to quarantine
14:38:05.0095 1700 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:38:05.0095 1700 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:38:05.0095 1700 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:38:05.0095 1700 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:38:05.0111 1700 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:38:05.0158 1700 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:38:05.0158 1700 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:38:05.0158 1700 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:38:05.0173 1700 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:38:05.0205 1700 \Device\Harddisk0\DR0 - ok
14:38:05.0251 1700 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:38:05.0251 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:38:05.0251 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:38:59.0040 1668 Deinitialize success
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.30.10
Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
alex :: ALEX-PC [administrator]
7/30/2012 2:50:46 PM
mbam-log-2012-07-30 (14-50-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193015
Time elapsed: 3 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.0
Run by alex at 15:10:50 on 2012-07-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.2445 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRunOnce: [SpybotDeletingB9224] command.com /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingD8855] cmd.exe /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingB9693] command.com /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingD8216] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [SpybotDeletingA7510] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingC5199] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingA5083] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingC4557] cmd.exe /c del "C:\Windows\svchost.exe_old"
StartupFolder: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{C586CC9B-EA3B-4DFF-8586-CAC24E85BA53} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C586CC9B-EA3B-4DFF-8586-CAC24E85BA53} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce-x64: [SpybotDeletingA7510] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingC5199] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingA5083] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingC4557] cmd.exe /c del "C:\Windows\svchost.exe_old"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\k15n400i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc494d9c3-4575-492f-a3fc-410b8d48ed66%7D&mid=80d92f78c6a647d0bcbc41b2e0095930-c85fc113044bd8c366b4bf06810b10f7f3da2474&ds=AVG&v=10.0.0.7&lang=en&pr=pr&d=2012-07-18%2001%3A54%3A00&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\k15n400i.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\components\dtTransparency.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-11 1161376]
S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120722.001\IDSviA64.sys [2012-7-23 509088]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2012-7-22 126400]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-24 250056]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-30 18:38:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-30 01:30:30 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-30 00:35:45 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-30 00:35:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-29 01:52:12 -------- d-----w- C:\$WINDOWS.~LS
2012-07-29 01:51:19 -------- d-----w- C:\$UPGRADE.~OS
2012-07-22 04:56:41 505392 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\srtsp64.sys
2012-07-22 04:56:41 451704 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys
2012-07-22 04:56:41 433200 ----a-r- C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys
2012-07-22 04:56:41 32304 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\srtspx64.sys
2012-07-22 04:56:41 221304 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys
2012-07-22 04:56:40 593544 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys
2012-07-22 04:56:40 150064 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys
2012-07-22 04:55:55 -------- d-----w- C:\Windows\System32\drivers\NISx64\1109000.00C
2012-07-19 01:17:55 -------- d-----w- C:\Users\alex\AppData\Local\CrashDumps
2012-07-18 21:50:59 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-07-18 21:50:56 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-07-18 21:46:21 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-18 21:27:47 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-07-18 21:27:46 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-07-18 20:52:37 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-07-18 20:52:36 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-07-18 20:52:36 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-07-18 20:52:36 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-07-18 20:52:36 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-07-18 20:52:35 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-07-18 20:52:35 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-07-18 20:47:10 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-07-18 20:41:57 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2012-07-18 20:40:06 552960 ----a-w- C:\Windows\System32\msdri.dll
2012-07-18 20:38:57 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2012-07-18 20:37:45 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2012-07-18 20:36:53 2870272 ----a-w- C:\Windows\explorer.exe
2012-07-18 20:35:51 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2012-07-18 20:34:57 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2012-07-18 20:33:59 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2012-07-18 20:32:58 640896 ----a-w- C:\Windows\System32\winload.efi
2012-07-18 20:18:39 -------- d-----w- C:\Windows\Panther
2012-07-18 20:14:02 77312 ----a-w- C:\Windows\System32\packager.dll
2012-07-18 20:14:02 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-07-18 20:08:33 -------- d--h--w- C:\$WINDOWS.~Q
2012-07-18 20:02:15 -------- d--h--w- C:\$INPLACE.~TR
2012-07-18 18:15:14 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-07-18 18:13:13 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-07-18 18:13:05 -------- d-----w- C:\Program Files\Symantec
2012-07-18 18:13:05 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-07-18 18:10:55 -------- d-----w- C:\Windows\System32\drivers\NISx64
2012-07-18 18:10:52 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-07-18 18:10:51 -------- d-----w- C:\ProgramData\Norton
2012-07-18 18:10:07 -------- d-----w- C:\ProgramData\NortonInstaller
2012-07-18 18:10:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-07-18 17:25:15 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-07-18 17:25:15 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-07-18 17:25:15 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-07-18 17:25:15 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-07-18 17:25:15 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-07-18 17:25:15 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-07-18 17:25:15 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-07-18 17:25:15 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-07-18 17:25:15 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-07-18 17:25:14 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-07-18 17:16:29 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-07-18 17:16:29 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-07-18 17:16:27 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-07-18 17:16:27 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-07-18 17:16:27 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-07-18 17:12:39 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-18 17:04:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-18 17:04:49 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-18 17:04:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-18 16:23:39 -------- d-----w- C:\Program Files\Realtek
2012-07-18 16:23:34 0 ----a-w- C:\Windows\ativpsrm.bin
2012-07-18 07:09:40 -------- d-----w- C:\Users\alex\AppData\Local\uTorrent
2012-07-18 05:55:33 -------- d-----w- C:\Users\alex\AppData\Roaming\AVG2012
2012-07-18 05:51:35 -------- d-----w- C:\ProgramData\AVG2012
2012-07-18 05:49:59 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-18 05:42:15 -------- d--h--w- C:\ProgramData\Common Files
2012-07-18 05:41:44 -------- d-----w- C:\ProgramData\MFAData
2012-07-14 21:10:52 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-13 03:24:25 -------- d-----w- C:\Users\alex\AppData\Roaming\Malwarebytes
2012-07-13 03:23:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-13 03:23:57 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-13 03:23:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-11 07:02:28 2311680 ------w- C:\Windows\System32\jscript9.dll
2012-07-11 07:02:27 1800192 ------w- C:\Windows\SysWow64\jscript9.dll
2012-07-11 00:58:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{436673BF-C065-4016-BC46-1A05C39D19F8}\mpengine.dll
2012-07-05 22:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2012-07-12 03:13:43 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 03:13:43 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-24 17:39:06 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-24 17:39:06 687560 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 15:12:29.10 ===============
#4
Posted 30 July 2012 - 04:17 PM
-
- Experts
-
- 16,958 posts
Forum Deity
- Gender:Male
- Location:Bulgaria, EU
Why don't you uninstall Avast or Norton?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
#6
Posted 30 July 2012 - 04:24 PM
-
- Experts
-
- 16,958 posts
Forum Deity
- Gender:Male
- Location:Bulgaria, EU
Please re-run TDSSKiller, but this time use Delete option for this entry:
14:38:05.0251 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:38:05.0251 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Next:
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingc...to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please post the C:\ComboFix.txt in your next reply for further review.
Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
14:38:05.0251 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:38:05.0251 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Next:
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingc...to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please post the C:\ComboFix.txt in your next reply for further review.
Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
#7
Posted 30 July 2012 - 05:24 PM
-
- Members
-
- 6 posts
New Member
ComboFix 12-07-30.01 - alex 07/30/2012 18:06:53.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1520 [GMT -4:00]
Running from: c:\users\alex\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\k15n400i.default\searchplugins\bing-zugo.xml
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\@
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\L\00000004.@
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\L\201d3dde
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\00000004.@
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\000000cb.@
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trz1170.tmp
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trzA0AB.tmp
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trzA2AF.tmp
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trzD32F.tmp
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trzFCF3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 22:12 . 2012-07-30 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-30 18:38 . 2012-07-30 21:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-30 01:30 . 2012-07-30 01:30 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-30 00:35 . 2012-07-30 06:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-30 00:35 . 2012-07-30 06:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-29 01:52 . 2012-07-29 01:52 -------- d-----w- C:\$WINDOWS.~LS
2012-07-29 01:51 . 2012-07-29 02:05 -------- d-----w- C:\$UPGRADE.~OS
2012-07-18 21:50 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-07-18 21:50 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-07-18 21:46 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-18 21:27 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-07-18 21:27 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-07-18 21:02 . 2012-07-03 07:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-18 20:52 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-18 20:52 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-18 20:52 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-18 20:52 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-18 20:52 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-18 20:52 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-18 20:52 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-18 20:47 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-07-18 20:41 . 2010-06-26 05:31 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-07-18 20:40 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2012-07-18 20:38 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2012-07-18 20:37 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll
2012-07-18 20:36 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2012-07-18 20:35 . 2011-06-15 09:58 106496 ----a-w- c:\windows\system32\odbccu32.dll
2012-07-18 20:34 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-07-18 20:33 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2012-07-18 20:32 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi
2012-07-18 20:18 . 2012-07-18 17:24 -------- d-----w- c:\windows\Panther
2012-07-18 20:14 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-07-18 20:14 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-07-18 20:08 . 2012-07-29 03:15 -------- d-----w- C:\$WINDOWS.~Q
2012-07-18 20:02 . 2012-07-29 03:15 -------- d-----w- C:\$INPLACE.~TR
2012-07-18 18:15 . 2012-07-29 03:15 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-07-18 18:13 . 2012-07-18 18:13 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-07-18 18:13 . 2012-07-29 03:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-07-18 18:13 . 2012-07-18 18:13 -------- d-----w- c:\program files\Symantec
2012-07-18 18:10 . 2012-07-29 03:15 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-07-18 18:10 . 2012-07-29 03:15 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-07-18 18:10 . 2012-07-29 03:15 -------- d-----w- c:\programdata\Norton
2012-07-18 18:10 . 2012-07-18 18:10 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-07-18 17:27 . 2012-07-18 17:27 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-07-18 17:25 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-07-18 17:25 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-07-18 17:25 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-18 17:25 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-07-18 17:25 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-07-18 17:25 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-07-18 17:25 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-07-18 17:25 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-07-18 17:25 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-07-18 17:25 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-07-18 17:16 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-07-18 17:16 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-07-18 17:16 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-07-18 17:16 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-07-18 17:16 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-07-18 17:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-18 17:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-18 17:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-18 17:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-18 17:04 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-18 17:04 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-18 17:04 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-18 17:04 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-18 17:04 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-18 16:24 . 2012-07-29 05:10 -------- d-----w- c:\users\alex
2012-07-18 16:23 . 2012-07-18 16:23 -------- d-----w- c:\program files\Realtek
2012-07-18 16:23 . 2012-07-18 16:23 0 ----a-w- c:\windows\ativpsrm.bin
2012-07-18 05:51 . 2012-07-18 16:31 -------- d-----w- c:\programdata\AVG2012
2012-07-18 05:49 . 2012-07-18 16:26 -------- d-----w- c:\program files (x86)\AVG
2012-07-18 05:42 . 2012-07-18 16:31 -------- d--h--w- c:\programdata\Common Files
2012-07-18 05:41 . 2012-07-18 16:31 -------- d-----w- c:\programdata\MFAData
2012-07-14 21:10 . 2012-07-18 16:35 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-13 03:23 . 2012-07-18 16:31 -------- d-----w- c:\programdata\Malwarebytes
2012-07-13 03:23 . 2012-07-29 03:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-13 03:23 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 07:02 . 2012-06-02 12:12 2311680 ------w- c:\windows\system32\jscript9.dll
2012-07-11 07:02 . 2012-06-02 08:33 1800192 ------w- c:\windows\SysWow64\jscript9.dll
2012-07-11 00:58 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{436673BF-C065-4016-BC46-1A05C39D19F8}\mpengine.dll
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 03:13 . 2012-05-24 17:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 03:13 . 2011-09-08 00:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2011-01-16 03:30 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-24 17:39 . 2012-05-24 17:39 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-24 17:39 . 2010-12-20 22:09 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 2245120]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-30 210216]
.
c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-1-11 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-6-23 510464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-19 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [2009-08-30 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-11 1161376]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120722.001\IDSvia64.sys [2012-07-18 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [2010-04-29 150064]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 203264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 7451648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 268288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-20 349800]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1222144]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswFsBlk
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswSnx
*Deregistered* - aswSP
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 03:13]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:00]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{C586CC9B-EA3B-4DFF-8586-CAC24E85BA53}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\k15n400i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc494d9c3-4575-492f-a3fc-410b8d48ed66%7D&mid=80d92f78c6a647d0bcbc41b2e0095930-c85fc113044bd8c366b4bf06810b10f7f3da2474&ds=AVG&v=10.0.0.7&lang=en&pr=pr&d=2012-07-18%2001%3A54%3A00&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-07-30 18:22:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 22:22
.
Pre-Run: 254,327,181,312 bytes free
Post-Run: 256,748,392,448 bytes free
.
- - End Of File - - 59135C4BB4EA48AB97A07B35894DB6EF
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1520 [GMT -4:00]
Running from: c:\users\alex\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\k15n400i.default\searchplugins\bing-zugo.xml
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\@
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\L\00000004.@
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\L\201d3dde
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\00000004.@
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\000000cb.@
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trz1170.tmp
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trzA0AB.tmp
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trzA2AF.tmp
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trzD32F.tmp
c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trzFCF3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 22:12 . 2012-07-30 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-30 18:38 . 2012-07-30 21:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-30 01:30 . 2012-07-30 01:30 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-30 00:35 . 2012-07-30 06:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-30 00:35 . 2012-07-30 06:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-29 01:52 . 2012-07-29 01:52 -------- d-----w- C:\$WINDOWS.~LS
2012-07-29 01:51 . 2012-07-29 02:05 -------- d-----w- C:\$UPGRADE.~OS
2012-07-18 21:50 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-07-18 21:50 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-07-18 21:46 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-18 21:27 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-07-18 21:27 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-07-18 21:02 . 2012-07-03 07:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-18 20:52 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-18 20:52 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-18 20:52 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-18 20:52 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-18 20:52 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-18 20:52 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-18 20:52 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-18 20:47 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-07-18 20:41 . 2010-06-26 05:31 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-07-18 20:40 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2012-07-18 20:38 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2012-07-18 20:37 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll
2012-07-18 20:36 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2012-07-18 20:35 . 2011-06-15 09:58 106496 ----a-w- c:\windows\system32\odbccu32.dll
2012-07-18 20:34 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-07-18 20:33 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2012-07-18 20:32 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi
2012-07-18 20:18 . 2012-07-18 17:24 -------- d-----w- c:\windows\Panther
2012-07-18 20:14 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-07-18 20:14 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-07-18 20:08 . 2012-07-29 03:15 -------- d-----w- C:\$WINDOWS.~Q
2012-07-18 20:02 . 2012-07-29 03:15 -------- d-----w- C:\$INPLACE.~TR
2012-07-18 18:15 . 2012-07-29 03:15 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-07-18 18:13 . 2012-07-18 18:13 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-07-18 18:13 . 2012-07-29 03:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-07-18 18:13 . 2012-07-18 18:13 -------- d-----w- c:\program files\Symantec
2012-07-18 18:10 . 2012-07-29 03:15 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-07-18 18:10 . 2012-07-29 03:15 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-07-18 18:10 . 2012-07-29 03:15 -------- d-----w- c:\programdata\Norton
2012-07-18 18:10 . 2012-07-18 18:10 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-07-18 17:27 . 2012-07-18 17:27 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-07-18 17:25 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-07-18 17:25 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-07-18 17:25 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-18 17:25 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-07-18 17:25 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-07-18 17:25 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-07-18 17:25 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-07-18 17:25 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-07-18 17:25 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-07-18 17:25 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-07-18 17:16 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-07-18 17:16 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-07-18 17:16 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-07-18 17:16 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-07-18 17:16 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-07-18 17:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-18 17:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-18 17:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-18 17:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-18 17:04 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-18 17:04 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-18 17:04 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-18 17:04 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-18 17:04 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-18 16:24 . 2012-07-29 05:10 -------- d-----w- c:\users\alex
2012-07-18 16:23 . 2012-07-18 16:23 -------- d-----w- c:\program files\Realtek
2012-07-18 16:23 . 2012-07-18 16:23 0 ----a-w- c:\windows\ativpsrm.bin
2012-07-18 05:51 . 2012-07-18 16:31 -------- d-----w- c:\programdata\AVG2012
2012-07-18 05:49 . 2012-07-18 16:26 -------- d-----w- c:\program files (x86)\AVG
2012-07-18 05:42 . 2012-07-18 16:31 -------- d--h--w- c:\programdata\Common Files
2012-07-18 05:41 . 2012-07-18 16:31 -------- d-----w- c:\programdata\MFAData
2012-07-14 21:10 . 2012-07-18 16:35 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-13 03:23 . 2012-07-18 16:31 -------- d-----w- c:\programdata\Malwarebytes
2012-07-13 03:23 . 2012-07-29 03:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-13 03:23 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 07:02 . 2012-06-02 12:12 2311680 ------w- c:\windows\system32\jscript9.dll
2012-07-11 07:02 . 2012-06-02 08:33 1800192 ------w- c:\windows\SysWow64\jscript9.dll
2012-07-11 00:58 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{436673BF-C065-4016-BC46-1A05C39D19F8}\mpengine.dll
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 03:13 . 2012-05-24 17:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 03:13 . 2011-09-08 00:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2011-01-16 03:30 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-24 17:39 . 2012-05-24 17:39 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-24 17:39 . 2010-12-20 22:09 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 2245120]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-30 210216]
.
c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-1-11 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-6-23 510464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-19 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [2009-08-30 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-11 1161376]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120722.001\IDSvia64.sys [2012-07-18 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [2010-04-29 150064]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 203264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 7451648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 268288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-20 349800]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1222144]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswFsBlk
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswSnx
*Deregistered* - aswSP
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 03:13]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:00]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{C586CC9B-EA3B-4DFF-8586-CAC24E85BA53}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\k15n400i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc494d9c3-4575-492f-a3fc-410b8d48ed66%7D&mid=80d92f78c6a647d0bcbc41b2e0095930-c85fc113044bd8c366b4bf06810b10f7f3da2474&ds=AVG&v=10.0.0.7&lang=en&pr=pr&d=2012-07-18%2001%3A54%3A00&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-07-30 18:22:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 22:22
.
Pre-Run: 254,327,181,312 bytes free
Post-Run: 256,748,392,448 bytes free
.
- - End Of File - - 59135C4BB4EA48AB97A07B35894DB6EF
#8
Posted 31 July 2012 - 04:43 AM
-
- Experts
-
- 16,958 posts
Forum Deity
- Gender:Male
- Location:Bulgaria, EU
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
#9
Posted 07 August 2012 - 12:55 PM
-
- Moderators
-
- 19,463 posts
MBAM Sentinel
- Gender:Male
- Location:New Haven, CT
Are you still with us? This topic will be closed in a few days if we do not hear back from you.
#10
Posted 09 August 2012 - 08:00 AM
-
- Moderators
-
- 13,141 posts
Eradicator de logiciels malveillants
- Gender:Male
- Location:USA
- Interests:Security, Windows, Windows Update, malware prevention
Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
Other members who need assistance please start your own topic in a new thread. Thanks!
~Maurice Naggar
I close my threads if there is 5 days without a response.
I close my threads if there is 5 days without a response.
#11
Posted 19 August 2012 - 08:06 AM
-
- Experts
-
- 16,958 posts
Forum Deity
- Gender:Male
- Location:Bulgaria, EU
Are you still with me?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
#12
Posted 20 August 2012 - 02:00 PM
-
- Moderators
-
- 19,463 posts
MBAM Sentinel
- Gender:Male
- Location:New Haven, CT
Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
Other members who need assistance please start your own topic in a new thread. Thanks!
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
