Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Weird sounds. Potentially malicious websites?

Started by Getsugakure, Jul 17 2012 04:28 PM

This topic is locked
Go to first unread post

11 replies to this topic

#1
Getsugakure

Posted 17 July 2012 - 04:28 PM

New Member

Members
9 posts

My Alienware M17x is my gaming laptop. Recently, I found there were sounds playing with no applications running, downloaded Malware and AVG Pro. Malwarebytes continually pops up saying "Successfully blocked access to a potentially malicious website: 206.161.121.3 | Type: outgoing | Port: 59873, ProcessL svchost.exe". Decided it was time to seek help. Please and Thank you!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mike at 17:12:19 on 2012-07-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16332.12634 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files (x86)\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 10.1.10.1 192.168.0.1
TCP: Interfaces\{DFF67BDC-67BE-4CD2-9FC3-32A1E22E330A} : DhcpNameServer = 10.1.10.1 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun-x64: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\g5xi2azl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B76185820-38ca-49f5-b45a-e41da4444338%7D&mid=ff47a873bf9747d097a94dfe4bb609ca-5e7f89c4b940a95ad5bfa65298698b7a74485dc2&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-15%2017%3A49%3A54&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\system32\DRIVERS\bflwfx64.sys --> C:\Windows\system32\DRIVERS\bflwfx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-5 89600]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-3-22 15296]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-11-8 467456]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-5 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-5 1997416]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2012-3-5 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-26 378472]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-15 935008]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\system32\DRIVERS\Ak27x64.sys --> C:\Windows\system32\DRIVERS\Ak27x64.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-13 113120]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-17 20:37:53 20480 ----a-w- C:\Windows\svchost.exe
2012-07-17 12:08:58 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys
2012-07-17 12:08:26 -------- d-----w- C:\RkUnhooker
2012-07-17 11:57:47 -------- d-----w- C:\Users\Mike\AppData\Local\{A1F1F9BD-F417-4D59-B7BF-3F279AFB61CD}
2012-07-17 11:57:36 -------- d-----w- C:\Users\Mike\AppData\Local\{0A132535-9755-4203-A623-216AC1A79FDD}
2012-07-17 04:17:28 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-17 00:44:54 -------- d-----w- C:\Users\Mike\AppData\Roaming\AVG
2012-07-17 00:32:46 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2012-07-17 00:32:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-17 00:32:42 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-17 00:32:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-16 20:38:24 -------- d-----w- C:\Users\Mike\AppData\Local\{67C4C9D0-3A40-42E0-BB76-C0FACD339A98}
2012-07-16 20:38:13 -------- d-----w- C:\Users\Mike\AppData\Local\{A301D35D-28A1-4354-ADB5-4328D43A36B5}
2012-07-15 21:49:57 -------- d-----w- C:\Users\Mike\AppData\Local\AVG Secure Search
2012-07-15 21:49:54 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-15 21:49:54 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-15 21:49:53 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-15 21:49:50 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-15 21:49:43 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-15 21:49:43 -------- d-----w- C:\$AVG
2012-07-15 21:43:28 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2012-07-15 19:13:13 -------- d-----w- C:\Users\Mike\AppData\Local\{2EB5DE1C-44EE-415D-8025-2B5F9B888B21}
2012-07-15 19:13:02 -------- d-----w- C:\Users\Mike\AppData\Local\{96539822-02C8-4559-A875-09D7568B31C7}
2012-07-15 03:39:43 -------- d-----w- C:\Users\Mike\AppData\Local\{038237A0-8DC0-4870-A9EB-71AC8CA1D833}
2012-07-15 03:39:33 -------- d-----w- C:\Users\Mike\AppData\Local\{E3FD9DCD-8003-4CF5-AEE8-FD50D5CE49F1}
2012-07-14 15:49:42 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9070812E-7C8F-472E-A7EB-4F24695CD157}\mpengine.dll
2012-07-14 15:39:08 -------- d-----w- C:\Users\Mike\AppData\Local\{999F1D89-1E64-4AEC-A0BA-0AB75BAA3194}
2012-07-14 15:38:58 -------- d-----w- C:\Users\Mike\AppData\Local\{FC6E4C32-8AD5-44D0-9CF1-0A8921771937}
2012-07-12 11:45:50 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 21:02:12 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-11 21:02:12 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-11 20:40:11 -------- d-----w- C:\Users\Mike\AppData\Local\{7CA062AB-1136-457F-AD21-EC3602D481C5}
2012-07-11 20:40:00 -------- d-----w- C:\Users\Mike\AppData\Local\{8B08E07F-FF71-4424-86E3-A84587EFDE8A}
2012-07-10 23:50:17 -------- d-----w- C:\Users\Mike\AppData\Roaming\IDT
2012-07-10 23:34:54 -------- d-----w- C:\Users\Mike\AppData\Local\{1012B80F-8B4B-4BB3-8941-6307EF586C80}
2012-07-10 23:34:43 -------- d-----w- C:\Users\Mike\AppData\Local\{31679D84-3EF8-4D39-BB91-5F22B2847FE3}
2012-07-08 21:43:31 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-07-08 21:43:31 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-07-08 21:43:31 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-07-08 21:43:03 -------- d-----w- C:\ProgramData\Battle.net
2012-07-08 21:34:20 -------- d-----w- C:\Users\Mike\AppData\Local\{220060F2-D19C-482E-B02A-F4701E9B6C71}
2012-07-08 21:34:08 -------- d-----w- C:\Users\Mike\AppData\Local\{2B0E87B8-6B4A-4B5E-BEAE-747F24AEE784}
2012-06-23 00:21:42 -------- d-----w- C:\Users\Mike\AppData\Local\{389BBC0C-266C-48ED-A282-0DA6DDBD556A}
2012-06-22 11:24:58 -------- d-----w- C:\Users\Mike\AppData\Local\{B5622D7D-5F39-45F3-ADCE-FD26A7D7AA2E}
2012-06-22 11:24:47 -------- d-----w- C:\Users\Mike\AppData\Local\{47B7DFD3-5C27-4D95-8FCC-47E92D46AF79}
2012-06-21 17:52:50 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 17:52:48 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 17:52:48 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 17:52:48 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-12 00:25:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 00:25:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 00:25:02 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 17:12:36.94 ===============

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/10/2012 11:03:20 AM
System Uptime: 7/17/2012 4:36:30 PM (1 hours ago)
.
Motherboard: Alienware | | M17xR3
Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz | CPU1 | 2401/1600mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 229 GiB total, 88.269 GiB free.
D: is FIXED (NTFS) - 699 GiB total, 467.01 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Advanced Audio FX Engine
AlienRespawn
AlienRespawn - Support Software
Alienware M17x Manual
Alienware On-Screen Display
Apple Application Support
Apple Software Update
Assassin's Creed
Assassin's Creed II
AVG PC Tuneup
Banctec Service Agreement
Batman: Arkham Asylum
Batman: Arkham City™
Bigfoot Networks Killer Network Manager
Command Center
D3DX10
DC Universe Online Live
Diablo III
DirectX 9 Runtime
Dual-Core Optimizer
EMSC
IDT Audio
Integrated Webcam Live! Central
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 7 Update 1
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PhotoShowExpress
QuickTime
Rootkit Unhooker Uninstall
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sonic CinePlayer Decoder Pack
Star Wars: The Old Republic
Steam
The Elder Scrolls V: Skyrim
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/17/2012 8:08:58 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\rkhdrv40.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/17/2012 5:01:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service.
7/17/2012 4:37:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
7/17/2012 4:36:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa800d7faa10, 0xfffff80000b9c3d8, 0xfffffa801d7a7ab0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-23244-01.
7/16/2012 8:59:45 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/16/2012 8:59:26 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/16/2012 8:54:01 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

Attached Files

Attach.txt 5.53K 13 downloads
DDS.txt 24.5K 13 downloads

#2
Maniac

Posted 18 July 2012 - 06:50 AM

Forum Deity

Experts
17,088 posts

Gender:Male
Location:Bulgaria, EU

Hello Getsugakure and :welcome:

! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

TDSSKiller log
Malwarebytes' Anti-Malware log
a new fresh DDS log file

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#3
Getsugakure

Posted 18 July 2012 - 03:42 PM

New Member

Members
9 posts

Thanks for the speedy reply!

08:03:56.0937 11116 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
08:03:56.0968 11116 ============================================================
08:03:56.0968 11116 Current date / time: 2012/07/18 08:03:56.0968
08:03:56.0968 11116 SystemInfo:
08:03:56.0968 11116
08:03:56.0968 11116 OS Version: 6.1.7601 ServicePack: 1.0
08:03:56.0968 11116 Product type: Workstation
08:03:56.0968 11116 ComputerName: MIKE-PC
08:03:56.0968 11116 UserName: Mike
08:03:56.0968 11116 Windows directory: C:\Windows
08:03:56.0968 11116 System windows directory: C:\Windows
08:03:56.0968 11116 Running under WOW64
08:03:56.0968 11116 Processor architecture: Intel x64
08:03:56.0968 11116 Number of processors: 8
08:03:56.0968 11116 Page size: 0x1000
08:03:56.0968 11116 Boot type: Normal boot
08:03:56.0968 11116 ============================================================
08:03:57.0124 11116 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:03:57.0421 11116 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:03:57.0483 11116 Drive \Device\Harddisk2\DR4 - Size: 0x78748E00 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:03:57.0483 11116 ============================================================
08:03:57.0483 11116 \Device\Harddisk0\DR0:
08:03:57.0483 11116 MBR partitions:
08:03:57.0483 11116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1378000
08:03:57.0483 11116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x138C000, BlocksNum 0x1C966000
08:03:57.0483 11116 \Device\Harddisk1\DR1:
08:03:57.0483 11116 MBR partitions:
08:03:57.0483 11116 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0x57542000
08:03:57.0483 11116 \Device\Harddisk2\DR4:
08:03:57.0483 11116 MBR partitions:
08:03:57.0483 11116 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3C0E76
08:03:57.0483 11116 ============================================================
08:03:57.0483 11116 C: <-> \Device\Harddisk0\DR0\Partition1
08:03:57.0499 11116 D: <-> \Device\Harddisk1\DR1\Partition0
08:03:57.0499 11116 ============================================================
08:03:57.0499 11116 Initialize success
08:03:57.0499 11116 ============================================================
08:04:15.0361 2824 ============================================================
08:04:15.0361 2824 Scan started
08:04:15.0361 2824 Mode: Manual; SigCheck; TDLFS;
08:04:15.0361 2824 ============================================================
08:04:15.0517 2824 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:04:15.0563 2824 1394ohci - ok
08:04:15.0563 2824 Acceler (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
08:04:15.0579 2824 Acceler - ok
08:04:15.0579 2824 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:04:15.0595 2824 ACPI - ok
08:04:15.0595 2824 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:04:15.0610 2824 AcpiPmi - ok
08:04:15.0626 2824 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:04:15.0641 2824 AdobeFlashPlayerUpdateSvc - ok
08:04:15.0657 2824 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:04:15.0673 2824 adp94xx - ok
08:04:15.0673 2824 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:04:15.0688 2824 adpahci - ok
08:04:15.0704 2824 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:04:15.0704 2824 adpu320 - ok
08:04:15.0704 2824 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:04:15.0735 2824 AeLookupSvc - ok
08:04:15.0735 2824 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
08:04:15.0751 2824 AESTFilters - ok
08:04:15.0766 2824 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:04:15.0782 2824 AFD - ok
08:04:15.0782 2824 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:04:15.0782 2824 agp440 - ok
08:04:15.0860 2824 Ak27x64 (3a6471dc6859ae05aa8bf63c10a95ec1) C:\Windows\system32\DRIVERS\Ak27x64.sys
08:04:15.0907 2824 Ak27x64 - ok
08:04:15.0922 2824 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:04:15.0922 2824 ALG - ok
08:04:15.0938 2824 AlienFusionService (73fd38c98996fa971bad46376610fa67) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
08:04:15.0938 2824 AlienFusionService - ok
08:04:15.0953 2824 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:04:15.0953 2824 aliide - ok
08:04:15.0953 2824 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:04:15.0969 2824 amdide - ok
08:04:15.0969 2824 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:04:15.0969 2824 AmdK8 - ok
08:04:15.0985 2824 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:04:15.0985 2824 AmdPPM - ok
08:04:15.0985 2824 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:04:16.0000 2824 amdsata - ok
08:04:16.0000 2824 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:04:16.0016 2824 amdsbs - ok
08:04:16.0016 2824 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:04:16.0016 2824 amdxata - ok
08:04:16.0031 2824 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:04:16.0047 2824 AppID - ok
08:04:16.0047 2824 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:04:16.0078 2824 AppIDSvc - ok
08:04:16.0078 2824 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:04:16.0094 2824 Appinfo - ok
08:04:16.0109 2824 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:04:16.0109 2824 arc - ok
08:04:16.0125 2824 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:04:16.0125 2824 arcsas - ok
08:04:16.0141 2824 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:04:16.0141 2824 aspnet_state - ok
08:04:16.0141 2824 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:04:16.0172 2824 AsyncMac - ok
08:04:16.0172 2824 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:04:16.0172 2824 atapi - ok
08:04:16.0203 2824 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:04:16.0219 2824 AudioEndpointBuilder - ok
08:04:16.0234 2824 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:04:16.0250 2824 AudioSrv - ok
08:04:16.0250 2824 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
08:04:16.0265 2824 Avgfwfd - ok
08:04:16.0328 2824 avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
08:04:16.0359 2824 avgfws - ok
08:04:16.0499 2824 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
08:04:16.0546 2824 AVGIDSAgent - ok
08:04:16.0577 2824 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
08:04:16.0593 2824 AVGIDSDriver - ok
08:04:16.0593 2824 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
08:04:16.0609 2824 AVGIDSFilter - ok
08:04:16.0609 2824 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
08:04:16.0624 2824 AVGIDSHA - ok
08:04:16.0624 2824 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
08:04:16.0640 2824 Avgldx64 - ok
08:04:16.0640 2824 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
08:04:16.0655 2824 Avgmfx64 - ok
08:04:16.0655 2824 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
08:04:16.0671 2824 Avgrkx64 - ok
08:04:16.0671 2824 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
08:04:16.0687 2824 Avgtdia - ok
08:04:16.0702 2824 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
08:04:16.0718 2824 avgwd - ok
08:04:16.0718 2824 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:04:16.0733 2824 AxInstSV - ok
08:04:16.0749 2824 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:04:16.0765 2824 b06bdrv - ok
08:04:16.0765 2824 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:04:16.0780 2824 b57nd60a - ok
08:04:16.0780 2824 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:04:16.0796 2824 BDESVC - ok
08:04:16.0796 2824 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:04:16.0827 2824 Beep - ok
08:04:16.0843 2824 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:04:16.0874 2824 BFE - ok
08:04:16.0874 2824 BfLwf (be24e62bed109ca1a53b8d8d380df02a) C:\Windows\system32\DRIVERS\bflwfx64.sys
08:04:16.0889 2824 BfLwf - ok
08:04:16.0905 2824 Bigfoot Networks Killer Service (6be709db43808f4d3e43621c8f4c764a) C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
08:04:16.0905 2824 Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - warning
08:04:16.0905 2824 Bigfoot Networks Killer Service - detected UnsignedFile.Multi.Generic (1)
08:04:16.0936 2824 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:04:16.0967 2824 BITS - ok
08:04:16.0967 2824 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:04:16.0967 2824 blbdrive - ok
08:04:16.0983 2824 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:04:16.0983 2824 bowser - ok
08:04:16.0983 2824 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:04:16.0999 2824 BrFiltLo - ok
08:04:16.0999 2824 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:04:17.0014 2824 BrFiltUp - ok
08:04:17.0014 2824 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:04:17.0030 2824 BridgeMP - ok
08:04:17.0045 2824 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:04:17.0061 2824 Browser - ok
08:04:17.0077 2824 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:04:17.0092 2824 Brserid - ok
08:04:17.0092 2824 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:04:17.0092 2824 BrSerWdm - ok
08:04:17.0092 2824 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:04:17.0108 2824 BrUsbMdm - ok
08:04:17.0108 2824 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:04:17.0123 2824 BrUsbSer - ok
08:04:17.0123 2824 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
08:04:17.0123 2824 BthEnum - ok
08:04:17.0139 2824 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:04:17.0139 2824 BTHMODEM - ok
08:04:17.0155 2824 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:04:17.0155 2824 BthPan - ok
08:04:17.0170 2824 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
08:04:17.0186 2824 BTHPORT - ok
08:04:17.0186 2824 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:04:17.0217 2824 bthserv - ok
08:04:17.0217 2824 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
08:04:17.0217 2824 BTHUSB - ok
08:04:17.0233 2824 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
08:04:17.0248 2824 btwampfl - ok
08:04:17.0248 2824 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
08:04:17.0264 2824 btwavdt - ok
08:04:17.0264 2824 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\drivers\btwrchid.sys
08:04:17.0279 2824 btwrchid - ok
08:04:17.0279 2824 catchme - ok
08:04:17.0279 2824 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:04:17.0311 2824 cdfs - ok
08:04:17.0311 2824 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:04:17.0326 2824 cdrom - ok
08:04:17.0326 2824 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:04:17.0373 2824 CertPropSvc - ok
08:04:17.0389 2824 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:04:17.0389 2824 circlass - ok
08:04:17.0404 2824 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:04:17.0420 2824 CLFS - ok
08:04:17.0420 2824 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:04:17.0435 2824 clr_optimization_v2.0.50727_32 - ok
08:04:17.0435 2824 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:04:17.0435 2824 clr_optimization_v2.0.50727_64 - ok
08:04:17.0451 2824 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:04:17.0451 2824 clr_optimization_v4.0.30319_32 - ok
08:04:17.0467 2824 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:04:17.0467 2824 clr_optimization_v4.0.30319_64 - ok
08:04:17.0482 2824 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:04:17.0482 2824 CmBatt - ok
08:04:17.0482 2824 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:04:17.0498 2824 cmdide - ok
08:04:17.0513 2824 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
08:04:17.0529 2824 CNG - ok
08:04:17.0529 2824 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:04:17.0529 2824 Compbatt - ok
08:04:17.0529 2824 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:04:17.0545 2824 CompositeBus - ok
08:04:17.0545 2824 COMSysApp - ok
08:04:17.0545 2824 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:04:17.0560 2824 crcdisk - ok
08:04:17.0560 2824 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:04:17.0576 2824 CryptSvc - ok
08:04:17.0576 2824 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
08:04:17.0591 2824 CtClsFlt - ok
08:04:17.0607 2824 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:04:17.0623 2824 DcomLaunch - ok
08:04:17.0654 2824 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:04:17.0669 2824 defragsvc - ok
08:04:17.0685 2824 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:04:17.0701 2824 DfsC - ok
08:04:17.0716 2824 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:04:17.0732 2824 Dhcp - ok
08:04:17.0732 2824 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:04:17.0763 2824 discache - ok
08:04:17.0763 2824 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:04:17.0779 2824 Disk - ok
08:04:17.0779 2824 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:04:17.0794 2824 Dnscache - ok
08:04:17.0794 2824 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:04:17.0825 2824 dot3svc - ok
08:04:17.0825 2824 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:04:17.0841 2824 DPS - ok
08:04:17.0857 2824 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:04:17.0857 2824 drmkaud - ok
08:04:17.0888 2824 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:04:17.0903 2824 DXGKrnl - ok
08:04:17.0903 2824 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:04:17.0935 2824 EapHost - ok
08:04:18.0013 2824 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:04:18.0059 2824 ebdrv - ok
08:04:18.0075 2824 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:04:18.0075 2824 EFS - ok
08:04:18.0106 2824 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:04:18.0122 2824 ehRecvr - ok
08:04:18.0122 2824 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:04:18.0137 2824 ehSched - ok
08:04:18.0153 2824 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:04:18.0169 2824 elxstor - ok
08:04:18.0169 2824 EMSC (e47d9d7e6e53892fc97282482f4ae307) C:\Windows\system32\DRIVERS\EMSC.SYS
08:04:18.0169 2824 EMSC - ok
08:04:18.0169 2824 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:04:18.0184 2824 ErrDev - ok
08:04:18.0200 2824 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:04:18.0215 2824 EventSystem - ok
08:04:18.0231 2824 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:04:18.0247 2824 exfat - ok
08:04:18.0262 2824 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:04:18.0278 2824 fastfat - ok
08:04:18.0309 2824 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:04:18.0309 2824 Fax - ok
08:04:18.0325 2824 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:04:18.0325 2824 fdc - ok
08:04:18.0325 2824 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:04:18.0356 2824 fdPHost - ok
08:04:18.0356 2824 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:04:18.0371 2824 FDResPub - ok
08:04:18.0387 2824 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:04:18.0387 2824 FileInfo - ok
08:04:18.0387 2824 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:04:18.0418 2824 Filetrace - ok
08:04:18.0418 2824 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:04:18.0418 2824 flpydisk - ok
08:04:18.0434 2824 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:04:18.0434 2824 FltMgr - ok
08:04:18.0465 2824 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:04:18.0496 2824 FontCache - ok
08:04:18.0496 2824 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:04:18.0496 2824 FontCache3.0.0.0 - ok
08:04:18.0512 2824 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:04:18.0512 2824 FsDepends - ok
08:04:18.0512 2824 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:04:18.0527 2824 Fs_Rec - ok
08:04:18.0527 2824 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:04:18.0543 2824 fvevol - ok
08:04:18.0543 2824 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:04:18.0543 2824 gagp30kx - ok
08:04:18.0574 2824 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:04:18.0605 2824 gpsvc - ok
08:04:18.0605 2824 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:04:18.0605 2824 hcw85cir - ok
08:04:18.0621 2824 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:04:18.0621 2824 HDAudBus - ok
08:04:18.0621 2824 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:04:18.0637 2824 HidBatt - ok
08:04:18.0637 2824 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:04:18.0652 2824 HidBth - ok
08:04:18.0652 2824 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:04:18.0668 2824 HidIr - ok
08:04:18.0668 2824 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:04:18.0683 2824 hidserv - ok
08:04:18.0699 2824 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:04:18.0699 2824 HidUsb - ok
08:04:18.0699 2824 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:04:18.0730 2824 hkmsvc - ok
08:04:18.0730 2824 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:04:18.0746 2824 HomeGroupListener - ok
08:04:18.0761 2824 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:04:18.0761 2824 HomeGroupProvider - ok
08:04:18.0761 2824 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:04:18.0777 2824 HpSAMD - ok
08:04:18.0793 2824 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:04:18.0824 2824 HTTP - ok
08:04:18.0824 2824 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:04:18.0824 2824 hwpolicy - ok
08:04:18.0839 2824 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:04:18.0839 2824 i8042prt - ok
08:04:18.0855 2824 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
08:04:18.0871 2824 iaStor - ok
08:04:18.0871 2824 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
08:04:18.0886 2824 IAStorDataMgrSvc - ok
08:04:18.0886 2824 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:04:18.0902 2824 iaStorV - ok
08:04:18.0902 2824 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:04:18.0902 2824 IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:04:18.0902 2824 IDriverT - detected UnsignedFile.Multi.Generic (1)
08:04:18.0933 2824 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:04:18.0949 2824 idsvc - ok
08:04:19.0261 2824 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:04:19.0385 2824 igfx - ok
08:04:19.0401 2824 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:04:19.0401 2824 iirsp - ok
08:04:19.0432 2824 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:04:19.0463 2824 IKEEXT - ok
08:04:19.0463 2824 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
08:04:19.0479 2824 Impcd - ok
08:04:19.0479 2824 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
08:04:19.0495 2824 IntcDAud - ok
08:04:19.0495 2824 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:04:19.0495 2824 intelide - ok
08:04:19.0510 2824 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:04:19.0510 2824 intelppm - ok
08:04:19.0510 2824 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:04:19.0541 2824 IPBusEnum - ok
08:04:19.0541 2824 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:04:19.0557 2824 IpFilterDriver - ok
08:04:19.0573 2824 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:04:19.0604 2824 iphlpsvc - ok
08:04:19.0604 2824 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:04:19.0619 2824 IPMIDRV - ok
08:04:19.0619 2824 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:04:19.0651 2824 IPNAT - ok
08:04:19.0651 2824 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:04:19.0666 2824 IRENUM - ok
08:04:19.0666 2824 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:04:19.0666 2824 isapnp - ok
08:04:19.0682 2824 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:04:19.0682 2824 iScsiPrt - ok
08:04:19.0697 2824 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:04:19.0697 2824 kbdclass - ok
08:04:19.0697 2824 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:04:19.0713 2824 kbdhid - ok
08:04:19.0713 2824 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:04:19.0713 2824 KeyIso - ok
08:04:19.0729 2824 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
08:04:19.0729 2824 KSecDD - ok
08:04:19.0744 2824 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
08:04:19.0744 2824 KSecPkg - ok
08:04:19.0744 2824 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:04:19.0775 2824 ksthunk - ok
08:04:19.0791 2824 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:04:19.0807 2824 KtmRm - ok
08:04:19.0822 2824 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\Windows\system32\DRIVERS\L1C62x64.sys
08:04:19.0822 2824 L1C - ok
08:04:19.0838 2824 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:04:19.0853 2824 LanmanServer - ok
08:04:19.0869 2824 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:04:19.0885 2824 LanmanWorkstation - ok
08:04:19.0885 2824 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:04:19.0916 2824 lltdio - ok
08:04:19.0931 2824 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:04:19.0947 2824 lltdsvc - ok
08:04:19.0947 2824 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:04:19.0978 2824 lmhosts - ok
08:04:19.0978 2824 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:04:19.0994 2824 LSI_FC - ok
08:04:19.0994 2824 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:04:19.0994 2824 LSI_SAS - ok
08:04:20.0009 2824 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:04:20.0009 2824 LSI_SAS2 - ok
08:04:20.0009 2824 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:04:20.0025 2824 LSI_SCSI - ok
08:04:20.0025 2824 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:04:20.0056 2824 luafv - ok
08:04:20.0056 2824 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
08:04:20.0072 2824 MBAMProtector - ok
08:04:20.0087 2824 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:04:20.0103 2824 MBAMService - ok
08:04:20.0103 2824 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:04:20.0119 2824 Mcx2Svc - ok
08:04:20.0119 2824 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:04:20.0119 2824 megasas - ok
08:04:20.0134 2824 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:04:20.0134 2824 MegaSR - ok
08:04:20.0150 2824 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
08:04:20.0150 2824 MEIx64 - ok
08:04:20.0165 2824 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:04:20.0181 2824 MMCSS - ok
08:04:20.0181 2824 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:04:20.0212 2824 Modem - ok
08:04:20.0212 2824 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:04:20.0212 2824 monitor - ok
08:04:20.0228 2824 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:04:20.0228 2824 mouclass - ok
08:04:20.0228 2824 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:04:20.0243 2824 mouhid - ok
08:04:20.0243 2824 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:04:20.0259 2824 mountmgr - ok
08:04:20.0259 2824 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:04:20.0259 2824 MozillaMaintenance - ok
08:04:20.0275 2824 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:04:20.0275 2824 mpio - ok
08:04:20.0290 2824 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:04:20.0306 2824 mpsdrv - ok
08:04:20.0321 2824 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:04:20.0353 2824 MpsSvc - ok
08:04:20.0368 2824 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:04:20.0368 2824 MRxDAV - ok
08:04:20.0384 2824 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:04:20.0384 2824 mrxsmb - ok
08:04:20.0399 2824 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:04:20.0399 2824 mrxsmb10 - ok
08:04:20.0415 2824 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:04:20.0415 2824 mrxsmb20 - ok
08:04:20.0415 2824 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:04:20.0431 2824 msahci - ok
08:04:20.0431 2824 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:04:20.0431 2824 msdsm - ok
08:04:20.0446 2824 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:04:20.0446 2824 MSDTC - ok
08:04:20.0462 2824 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:04:20.0477 2824 Msfs - ok
08:04:20.0477 2824 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:04:20.0509 2824 mshidkmdf - ok
08:04:20.0509 2824 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:04:20.0509 2824 msisadrv - ok
08:04:20.0524 2824 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:04:20.0540 2824 MSiSCSI - ok
08:04:20.0540 2824 msiserver - ok
08:04:20.0540 2824 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:04:20.0571 2824 MSKSSRV - ok
08:04:20.0571 2824 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:04:20.0587 2824 MSPCLOCK - ok
08:04:20.0602 2824 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:04:20.0618 2824 MSPQM - ok
08:04:20.0633 2824 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:04:20.0633 2824 MsRPC - ok
08:04:20.0649 2824 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:04:20.0649 2824 mssmbios - ok
08:04:20.0649 2824 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:04:20.0680 2824 MSTEE - ok
08:04:20.0680 2824 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:04:20.0680 2824 MTConfig - ok
08:04:20.0680 2824 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:04:20.0696 2824 Mup - ok
08:04:20.0711 2824 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:04:20.0727 2824 napagent - ok
08:04:20.0743 2824 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:04:20.0758 2824 NativeWifiP - ok
08:04:20.0789 2824 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
08:04:20.0805 2824 NDIS - ok
08:04:20.0805 2824 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:04:20.0821 2824 NdisCap - ok
08:04:20.0821 2824 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:04:20.0852 2824 NdisTapi - ok
08:04:20.0852 2824 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:04:20.0867 2824 Ndisuio - ok
08:04:20.0883 2824 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:04:20.0899 2824 NdisWan - ok
08:04:20.0899 2824 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:04:20.0930 2824 NDProxy - ok
08:04:20.0930 2824 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:04:20.0961 2824 NetBIOS - ok
08:04:20.0961 2824 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:04:20.0992 2824 NetBT - ok
08:04:20.0992 2824 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:04:20.0992 2824 Netlogon - ok
08:04:21.0008 2824 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:04:21.0039 2824 Netman - ok
08:04:21.0039 2824 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:04:21.0055 2824 NetMsmqActivator - ok
08:04:21.0055 2824 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:04:21.0055 2824 NetPipeActivator - ok
08:04:21.0070 2824 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:04:21.0101 2824 netprofm - ok
08:04:21.0101 2824 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:04:21.0101 2824 NetTcpActivator - ok
08:04:21.0101 2824 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:04:21.0117 2824 NetTcpPortSharing - ok
08:04:21.0117 2824 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:04:21.0117 2824 nfrd960 - ok
08:04:21.0133 2824 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:04:21.0164 2824 NlaSvc - ok
08:04:21.0164 2824 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:04:21.0179 2824 Npfs - ok
08:04:21.0179 2824 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:04:21.0211 2824 nsi - ok
08:04:21.0211 2824 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:04:21.0226 2824 nsiproxy - ok
08:04:21.0289 2824 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:04:21.0320 2824 Ntfs - ok
08:04:21.0335 2824 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:04:21.0367 2824 Null - ok
08:04:21.0367 2824 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
08:04:21.0367 2824 nusb3hub - ok
08:04:21.0382 2824 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:04:21.0382 2824 nusb3xhc - ok
08:04:21.0741 2824 nvlddmkm (a36c4ce37da2e80db2de20f604d3f417) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:04:21.0866 2824 nvlddmkm - ok
08:04:21.0897 2824 nvpciflt (a618b3d198611c1bcaa9e0f44aa65cb3) C:\Windows\system32\DRIVERS\nvpciflt.sys
08:04:21.0897 2824 nvpciflt - ok
08:04:21.0913 2824 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:04:21.0913 2824 nvraid - ok
08:04:21.0928 2824 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:04:21.0928 2824 nvstor - ok
08:04:21.0959 2824 NVSvc (540d760b87a2638f2f1e614e78acc08a) C:\Windows\system32\nvvsvc.exe
08:04:21.0975 2824 NVSvc - ok
08:04:22.0037 2824 nvUpdatusService (1bfc0ef8b25eeb49d924e444a4299193) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
08:04:22.0053 2824 nvUpdatusService - ok
08:04:22.0084 2824 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:04:22.0084 2824 nv_agp - ok
08:04:22.0100 2824 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:04:22.0100 2824 ohci1394 - ok
08:04:22.0115 2824 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:04:22.0131 2824 p2pimsvc - ok
08:04:22.0131 2824 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:04:22.0147 2824 p2psvc - ok
08:04:22.0147 2824 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:04:22.0162 2824 Parport - ok
08:04:22.0162 2824 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:04:22.0178 2824 partmgr - ok
08:04:22.0178 2824 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:04:22.0193 2824 PcaSvc - ok
08:04:22.0193 2824 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:04:22.0209 2824 pci - ok
08:04:22.0209 2824 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:04:22.0209 2824 pciide - ok
08:04:22.0225 2824 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:04:22.0240 2824 pcmcia - ok
08:04:22.0240 2824 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:04:22.0240 2824 pcw - ok
08:04:22.0256 2824 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:04:22.0287 2824 PEAUTH - ok
08:04:22.0303 2824 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:04:22.0318 2824 PerfHost - ok
08:04:22.0349 2824 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:04:22.0396 2824 pla - ok
08:04:22.0396 2824 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:04:22.0412 2824 PlugPlay - ok
08:04:22.0412 2824 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:04:22.0427 2824 PNRPAutoReg - ok
08:04:22.0427 2824 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:04:22.0443 2824 PNRPsvc - ok
08:04:22.0459 2824 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:04:22.0490 2824 PolicyAgent - ok
08:04:22.0490 2824 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
08:04:22.0505 2824 Power - ok
08:04:22.0505 2824 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:04:22.0537 2824 PptpMiniport - ok
08:04:22.0537 2824 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:04:22.0552 2824 Processor - ok
08:04:22.0552 2824 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:04:22.0568 2824 ProfSvc - ok
08:04:22.0568 2824 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:04:22.0568 2824 ProtectedStorage - ok
08:04:22.0583 2824 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:04:22.0599 2824 Psched - ok
08:04:22.0599 2824 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:04:22.0615 2824 PxHlpa64 - ok
08:04:22.0661 2824 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:04:22.0677 2824 ql2300 - ok
08:04:22.0708 2824 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:04:22.0708 2824 ql40xx - ok
08:04:22.0724 2824 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:04:22.0739 2824 QWAVE - ok
08:04:22.0739 2824 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:04:22.0755 2824 QWAVEdrv - ok
08:04:22.0755 2824 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:04:22.0771 2824 RasAcd - ok
08:04:22.0786 2824 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:04:22.0802 2824 RasAgileVpn - ok
08:04:22.0802 2824 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:04:22.0833 2824 RasAuto - ok
08:04:22.0833 2824 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:04:22.0864 2824 Rasl2tp - ok
08:04:22.0864 2824 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:04:22.0895 2824 RasMan - ok
08:04:22.0895 2824 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:04:22.0927 2824 RasPppoe - ok
08:04:22.0927 2824 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:04:22.0942 2824 RasSstp - ok
08:04:22.0958 2824 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:04:22.0989 2824 rdbss - ok
08:04:22.0989 2824 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
08:04:22.0989 2824 rdpbus - ok
08:04:22.0989 2824 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:04:23.0020 2824 RDPCDD - ok
08:04:23.0020 2824 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:04:23.0051 2824 RDPENCDD - ok
08:04:23.0051 2824 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:04:23.0067 2824 RDPREFMP - ok
08:04:23.0083 2824 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:04:23.0083 2824 RDPWD - ok
08:04:23.0098 2824 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:04:23.0098 2824 rdyboost - ok
08:04:23.0098 2824 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:04:23.0129 2824 RemoteAccess - ok
08:04:23.0129 2824 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:04:23.0161 2824 RemoteRegistry - ok
08:04:23.0161 2824 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:04:23.0176 2824 RFCOMM - ok
08:04:23.0176 2824 rkhdrv40 - ok
08:04:23.0223 2824 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
08:04:23.0239 2824 RoxMediaDB12OEM - ok
08:04:23.0254 2824 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
08:04:23.0254 2824 RoxWatch12 - ok
08:04:23.0285 2824 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:04:23.0301 2824 RpcEptMapper - ok
08:04:23.0301 2824 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:04:23.0317 2824 RpcLocator - ok
08:04:23.0332 2824 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:04:23.0348 2824 RpcSs - ok
08:04:23.0363 2824 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys
08:04:23.0379 2824 RSPCIESTOR - ok
08:04:23.0379 2824 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:04:23.0410 2824 rspndr - ok
08:04:23.0410 2824 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:04:23.0410 2824 SamSs - ok
08:04:23.0426 2824 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:04:23.0426 2824 sbp2port - ok
08:04:23.0441 2824 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:04:23.0457 2824 SCardSvr - ok
08:04:23.0473 2824 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:04:23.0488 2824 scfilter - ok
08:04:23.0504 2824 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:04:23.0535 2824 Schedule - ok
08:04:23.0551 2824 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:04:23.0566 2824 SCPolicySvc - ok
08:04:23.0566 2824 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
08:04:23.0582 2824 sdbus - ok
08:04:23.0582 2824 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:04:23.0597 2824 SDRSVC - ok
08:04:23.0597 2824 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:04:23.0629 2824 secdrv - ok
08:04:23.0629 2824 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:04:23.0644 2824 seclogon - ok
08:04:23.0660 2824 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:04:23.0675 2824 SENS - ok
08:04:23.0675 2824 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:04:23.0691 2824 SensrSvc - ok
08:04:23.0691 2824 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:04:23.0691 2824 Serenum - ok
08:04:23.0707 2824 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:04:23.0707 2824 Serial - ok
08:04:23.0707 2824 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:04:23.0722 2824 sermouse - ok
08:04:23.0722 2824 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:04:23.0753 2824 SessionEnv - ok
08:04:23.0753 2824 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:04:23.0769 2824 sffdisk - ok
08:04:23.0769 2824 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:04:23.0769 2824 sffp_mmc - ok
08:04:23.0785 2824 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:04:23.0785 2824 sffp_sd - ok
08:04:23.0785 2824 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:04:23.0800 2824 sfloppy - ok
08:04:23.0847 2824 SftService (29ddea72c5bdf61d62f4d438dc0e497c) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
08:04:23.0863 2824 SftService - ok
08:04:23.0909 2824 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:04:23.0941 2824 SharedAccess - ok
08:04:23.0941 2824 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:04:23.0972 2824 ShellHWDetection - ok
08:04:23.0972 2824 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:04:23.0987 2824 SiSRaid2 - ok
08:04:23.0987 2824 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:04:23.0987 2824 SiSRaid4 - ok
08:04:24.0003 2824 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:04:24.0019 2824 Smb - ok
08:04:24.0034 2824 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:04:24.0034 2824 SNMPTRAP - ok
08:04:24.0034 2824 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:04:24.0050 2824 spldr - ok
08:04:24.0065 2824 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:04:24.0097 2824 Spooler - ok
08:04:24.0175 2824 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:04:24.0237 2824 sppsvc - ok
08:04:24.0253 2824 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:04:24.0284 2824 sppuinotify - ok
08:04:24.0299 2824 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:04:24.0315 2824 srv - ok
08:04:24.0331 2824 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:04:24.0331 2824 srv2 - ok
08:04:24.0346 2824 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:04:24.0346 2824 srvnet - ok
08:04:24.0362 2824 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:04:24.0377 2824 SSDPSRV - ok
08:04:24.0377 2824 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:04:24.0409 2824 SstpSvc - ok
08:04:24.0424 2824 STacSV (e82994866a370a480607637f28b82835) C:\Program Files\IDT\WDM\STacSV64.exe
08:04:24.0424 2824 STacSV - ok
08:04:24.0424 2824 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
08:04:24.0440 2824 stdcfltn - ok
08:04:24.0440 2824 Steam Client Service - ok
08:04:24.0455 2824 Stereo Service (f52e2b5b8df49efbcedb54f698845ec0) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:04:24.0471 2824 Stereo Service - ok
08:04:24.0471 2824 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:04:24.0487 2824 stexstor - ok
08:04:24.0502 2824 STHDA (3ad0ed8b19cd76d2254de5fb298e3c26) C:\Windows\system32\DRIVERS\stwrt64.sys
08:04:24.0502 2824 STHDA - ok
08:04:24.0533 2824 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:04:24.0533 2824 stisvc - ok
08:04:24.0549 2824 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
08:04:24.0549 2824 stllssvr - ok
08:04:24.0549 2824 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:04:24.0565 2824 swenum - ok
08:04:24.0580 2824 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:04:24.0611 2824 swprv - ok
08:04:24.0643 2824 SynTP (d8205430cfd64fdb7d691d3bb74fd18f) C:\Windows\system32\DRIVERS\SynTP.sys
08:04:24.0674 2824 SynTP - ok
08:04:24.0736 2824 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:04:24.0767 2824 SysMain - ok
08:04:24.0783 2824 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:04:24.0799 2824 TabletInputService - ok
08:04:24.0814 2824 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:04:24.0830 2824 TapiSrv - ok
08:04:24.0830 2824 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:04:24.0861 2824 TBS - ok
08:04:24.0908 2824 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:04:24.0939 2824 Tcpip - ok
08:04:25.0017 2824 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:04:25.0033 2824 TCPIP6 - ok
08:04:25.0064 2824 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:04:25.0079 2824 tcpipreg - ok
08:04:25.0079 2824 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:04:25.0095 2824 TDPIPE - ok
08:04:25.0095 2824 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:04:25.0095 2824 TDTCP - ok
08:04:25.0111 2824 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:04:25.0126 2824 tdx - ok
08:04:25.0126 2824 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
08:04:25.0142 2824 TermDD - ok
08:04:25.0157 2824 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:04:25.0189 2824 TermService - ok
08:04:25.0189 2824 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:04:25.0204 2824 Themes - ok
08:04:25.0204 2824 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:04:25.0235 2824 THREADORDER - ok
08:04:25.0235 2824 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:04:25.0267 2824 TrkWks - ok
08:04:25.0267 2824 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:04:25.0298 2824 TrustedInstaller - ok
08:04:25.0298 2824 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:04:25.0313 2824 tssecsrv - ok
08:04:25.0329 2824 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:04:25.0329 2824 TsUsbFlt - ok
08:04:25.0329 2824 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:04:25.0345 2824 TsUsbGD - ok
08:04:25.0345 2824 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:04:25.0376 2824 tunnel - ok
08:04:25.0376 2824 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:04:25.0376 2824 uagp35 - ok
08:04:25.0407 2824 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:04:25.0423 2824 udfs - ok
08:04:25.0438 2824 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:04:25.0438 2824 UI0Detect - ok
08:04:25.0438 2824 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:04:25.0454 2824 uliagpkx - ok
08:04:25.0454 2824 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:04:25.0469 2824 umbus - ok
08:04:25.0469 2824 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:04:25.0469 2824 UmPass - ok
08:04:25.0485 2824 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:04:25.0516 2824 upnphost - ok
08:04:25.0516 2824 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
08:04:25.0516 2824 usbccgp - ok
08:04:25.0532 2824 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:04:25.0532 2824 usbcir - ok
08:04:25.0547 2824 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:04:25.0547 2824 usbehci - ok
08:04:25.0563 2824 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:04:25.0579 2824 usbhub - ok
08:04:25.0579 2824 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:04:25.0579 2824 usbohci - ok
08:04:25.0594 2824 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
08:04:25.0594 2824 usbprint - ok
08:04:25.0610 2824 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:04:25.0610 2824 USBSTOR - ok
08:04:25.0610 2824 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:04:25.0625 2824 usbuhci - ok
08:04:25.0625 2824 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
08:04:25.0641 2824 usbvideo - ok
08:04:25.0641 2824 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:04:25.0672 2824 UxSms - ok
08:04:25.0672 2824 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:04:25.0672 2824 VaultSvc - ok
08:04:25.0688 2824 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:04:25.0688 2824 vdrvroot - ok
08:04:25.0703 2824 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:04:25.0735 2824 vds - ok
08:04:25.0735 2824 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:04:25.0750 2824 vga - ok
08:04:25.0750 2824 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:04:25.0766 2824 VgaSave - ok
08:04:25.0781 2824 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:04:25.0781 2824 vhdmp - ok
08:04:25.0797 2824 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:04:25.0797 2824 viaide - ok
08:04:25.0797 2824 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:04:25.0813 2824 volmgr - ok
08:04:25.0828 2824 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:04:25.0828 2824 volmgrx - ok
08:04:25.0844 2824 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:04:25.0844 2824 volsnap - ok
08:04:25.0859 2824 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:04:25.0859 2824 vsmraid - ok
08:04:25.0906 2824 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:04:25.0953 2824 VSS - ok
08:04:25.0984 2824 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
08:04:26.0000 2824 vToolbarUpdater11.2.0 - ok
08:04:26.0015 2824 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:04:26.0031 2824 vwifibus - ok
08:04:26.0031 2824 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:04:26.0047 2824 vwififlt - ok
08:04:26.0047 2824 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:04:26.0078 2824 W32Time - ok
08:04:26.0078 2824 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:04:26.0093 2824 WacomPen - ok
08:04:26.0093 2824 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:04:26.0109 2824 WANARP - ok
08:04:26.0125 2824 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:04:26.0140 2824 Wanarpv6 - ok
08:04:26.0171 2824 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:04:26.0203 2824 WatAdminSvc - ok
08:04:26.0234 2824 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:04:26.0265 2824 wbengine - ok
08:04:26.0281 2824 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:04:26.0296 2824 WbioSrvc - ok
08:04:26.0312 2824 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:04:26.0327 2824 wcncsvc - ok
08:04:26.0327 2824 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:04:26.0327 2824 WcsPlugInService - ok
08:04:26.0343 2824 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:04:26.0343 2824 Wd - ok
08:04:26.0359 2824 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:04:26.0374 2824 Wdf01000 - ok
08:04:26.0390 2824 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:04:26.0390 2824 WdiServiceHost - ok
08:04:26.0390 2824 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:04:26.0405 2824 WdiSystemHost - ok
08:04:26.0421 2824 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:04:26.0437 2824 WebClient - ok
08:04:26.0437 2824 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:04:26.0468 2824 Wecsvc - ok
08:04:26.0468 2824 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:04:26.0483 2824 wercplsupport - ok
08:04:26.0499 2824 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:04:26.0515 2824 WerSvc - ok
08:04:26.0530 2824 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:04:26.0546 2824 WfpLwf - ok
08:04:26.0561 2824 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
08:04:26.0561 2824 WimFltr - ok
08:04:26.0561 2824 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:04:26.0577 2824 WIMMount - ok
08:04:26.0577 2824 WinDefend - ok
08:04:26.0577 2824 WinHttpAutoProxySvc - ok
08:04:26.0593 2824 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:04:26.0608 2824 Winmgmt - ok
08:04:26.0671 2824 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:04:26.0717 2824 WinRM - ok
08:04:26.0749 2824 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:04:26.0749 2824 WinUsb - ok
08:04:26.0780 2824 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:04:26.0795 2824 Wlansvc - ok
08:04:26.0873 2824 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:04:26.0889 2824 wlidsvc - ok
08:04:26.0920 2824 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:04:26.0920 2824 WmiAcpi - ok
08:04:26.0936 2824 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:04:26.0951 2824 wmiApSrv - ok
08:04:26.0951 2824 WMPNetworkSvc - ok
08:04:26.0951 2824 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:04:26.0967 2824 WPCSvc - ok
08:04:26.0967 2824 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:04:26.0983 2824 WPDBusEnum - ok
08:04:26.0983 2824 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:04:26.0998 2824 ws2ifsl - ok
08:04:27.0014 2824 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:04:27.0014 2824 wscsvc - ok
08:04:27.0014 2824 WSearch - ok
08:04:27.0092 2824 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:04:27.0123 2824 wuauserv - ok
08:04:27.0154 2824 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:04:27.0170 2824 WudfPf - ok
08:04:27.0185 2824 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:04:27.0201 2824 WUDFRd - ok
08:04:27.0201 2824 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:04:27.0232 2824 wudfsvc - ok
08:04:27.0232 2824 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:04:27.0248 2824 WwanSvc - ok
08:04:27.0263 2824 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
08:04:27.0263 2824 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
08:04:27.0263 2824 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
08:04:27.0295 2824 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:04:27.0295 2824 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:04:27.0622 2824 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
08:04:27.0841 2824 \Device\Harddisk1\DR1 - ok
08:04:27.0841 2824 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk2\DR4
08:04:30.0118 2824 \Device\Harddisk2\DR4 - ok
08:04:30.0118 2824 Boot (0x1200) (e3419eb8c50f42ea4f99814e7d867476) \Device\Harddisk0\DR0\Partition0
08:04:30.0118 2824 \Device\Harddisk0\DR0\Partition0 - ok
08:04:30.0118 2824 Boot (0x1200) (30d4a5491dc0796a2600e48e0f798374) \Device\Harddisk0\DR0\Partition1
08:04:30.0134 2824 \Device\Harddisk0\DR0\Partition1 - ok
08:04:30.0165 2824 Boot (0x1200) (2bd3842d5c7b2e0a669e3a6265342e08) \Device\Harddisk1\DR1\Partition0
08:04:30.0165 2824 \Device\Harddisk1\DR1\Partition0 - ok
08:04:30.0181 2824 Boot (0x1200) (f27ced69bffbeec7ebb30bfc88986791) \Device\Harddisk2\DR4\Partition0
08:04:30.0181 2824 \Device\Harddisk2\DR4\Partition0 - ok
08:04:30.0181 2824 ============================================================
08:04:30.0181 2824 Scan finished
08:04:30.0181 2824 ============================================================
08:04:30.0181 1776 Detected object count: 4
08:04:30.0181 1776 Actual detected object count: 4
08:05:07.0090 1776 Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:05:07.0090 1776 Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:05:07.0090 1776 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:05:07.0090 1776 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:05:07.0511 1776 \Device\Harddisk0\DR0\# - copied to quarantine
08:05:07.0511 1776 \Device\Harddisk0\DR0 - copied to quarantine
08:05:07.0527 1776 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
08:05:07.0527 1776 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:05:07.0543 1776 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
08:05:07.0543 1776 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
08:05:07.0558 1776 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
08:05:07.0589 1776 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
08:05:07.0589 1776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
08:05:07.0589 1776 \Device\Harddisk0\DR0 - ok
08:05:07.0621 1776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
08:05:07.0621 1776 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:05:07.0621 1776 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:05:11.0349 1692 Deinitialize success

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.17.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKE-PC [administrator]

Protection: Enabled

7/18/2012 8:06:25 AM
mbam-log-2012-07-18 (08-06-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237376
Time elapsed: 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#4
Getsugakure

Posted 18 July 2012 - 03:44 PM

New Member

Members
9 posts

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mike at 8:09:07 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16332.14242 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files (x86)\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 10.1.10.1 192.168.0.1
TCP: Interfaces\{DFF67BDC-67BE-4CD2-9FC3-32A1E22E330A} : DhcpNameServer = 10.1.10.1 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun-x64: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\g5xi2azl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B76185820-38ca-49f5-b45a-e41da4444338%7D&mid=ff47a873bf9747d097a94dfe4bb609ca-5e7f89c4b940a95ad5bfa65298698b7a74485dc2&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-15%2017%3A49%3A54&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\system32\DRIVERS\bflwfx64.sys --> C:\Windows\system32\DRIVERS\bflwfx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-5 89600]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-11-8 467456]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\system32\DRIVERS\Ak27x64.sys --> C:\Windows\system32\DRIVERS\Ak27x64.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-3-22 15296]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-5 13336]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-5 1997416]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-13 113120]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2012-07-18 12:08:58 -------- d-----w- C:\Users\Mike\AppData\Local\{2D473A61-F10A-493B-BA28-1068E29D2877}
2012-07-18 12:06:18 -------- d-----w- C:\Users\Mike\AppData\Local\{AB6016D3-C0B5-4699-BFC9-4020EA337629}
2012-07-18 12:05:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-17 12:08:58 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys
2012-07-17 12:08:26 -------- d-----w- C:\RkUnhooker
2012-07-17 11:57:47 -------- d-----w- C:\Users\Mike\AppData\Local\{A1F1F9BD-F417-4D59-B7BF-3F279AFB61CD}
2012-07-17 11:57:36 -------- d-----w- C:\Users\Mike\AppData\Local\{0A132535-9755-4203-A623-216AC1A79FDD}
2012-07-17 04:17:28 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-17 00:44:54 -------- d-----w- C:\Users\Mike\AppData\Roaming\AVG
2012-07-17 00:32:46 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2012-07-17 00:32:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-17 00:32:42 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-17 00:32:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-16 20:38:24 -------- d-----w- C:\Users\Mike\AppData\Local\{67C4C9D0-3A40-42E0-BB76-C0FACD339A98}
2012-07-16 20:38:13 -------- d-----w- C:\Users\Mike\AppData\Local\{A301D35D-28A1-4354-ADB5-4328D43A36B5}
2012-07-15 21:49:57 -------- d-----w- C:\Users\Mike\AppData\Local\AVG Secure Search
2012-07-15 21:49:54 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-15 21:49:54 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-15 21:49:53 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-15 21:49:50 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-15 21:49:43 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-15 21:49:43 -------- d-----w- C:\$AVG
2012-07-15 21:43:28 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2012-07-15 19:13:13 -------- d-----w- C:\Users\Mike\AppData\Local\{2EB5DE1C-44EE-415D-8025-2B5F9B888B21}
2012-07-15 19:13:02 -------- d-----w- C:\Users\Mike\AppData\Local\{96539822-02C8-4559-A875-09D7568B31C7}
2012-07-15 03:39:43 -------- d-----w- C:\Users\Mike\AppData\Local\{038237A0-8DC0-4870-A9EB-71AC8CA1D833}
2012-07-15 03:39:33 -------- d-----w- C:\Users\Mike\AppData\Local\{E3FD9DCD-8003-4CF5-AEE8-FD50D5CE49F1}
2012-07-14 15:49:42 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9070812E-7C8F-472E-A7EB-4F24695CD157}\mpengine.dll
2012-07-14 15:39:08 -------- d-----w- C:\Users\Mike\AppData\Local\{999F1D89-1E64-4AEC-A0BA-0AB75BAA3194}
2012-07-14 15:38:58 -------- d-----w- C:\Users\Mike\AppData\Local\{FC6E4C32-8AD5-44D0-9CF1-0A8921771937}
2012-07-12 11:45:50 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 21:02:12 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-11 21:02:12 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-11 20:40:11 -------- d-----w- C:\Users\Mike\AppData\Local\{7CA062AB-1136-457F-AD21-EC3602D481C5}
2012-07-11 20:40:00 -------- d-----w- C:\Users\Mike\AppData\Local\{8B08E07F-FF71-4424-86E3-A84587EFDE8A}
2012-07-10 23:50:17 -------- d-----w- C:\Users\Mike\AppData\Roaming\IDT
2012-07-10 23:34:54 -------- d-----w- C:\Users\Mike\AppData\Local\{1012B80F-8B4B-4BB3-8941-6307EF586C80}
2012-07-10 23:34:43 -------- d-----w- C:\Users\Mike\AppData\Local\{31679D84-3EF8-4D39-BB91-5F22B2847FE3}
2012-07-08 21:43:31 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-07-08 21:43:31 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-07-08 21:43:31 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-07-08 21:43:03 -------- d-----w- C:\ProgramData\Battle.net
2012-07-08 21:34:20 -------- d-----w- C:\Users\Mike\AppData\Local\{220060F2-D19C-482E-B02A-F4701E9B6C71}
2012-07-08 21:34:08 -------- d-----w- C:\Users\Mike\AppData\Local\{2B0E87B8-6B4A-4B5E-BEAE-747F24AEE784}
2012-06-23 00:21:42 -------- d-----w- C:\Users\Mike\AppData\Local\{389BBC0C-266C-48ED-A282-0DA6DDBD556A}
2012-06-22 11:24:58 -------- d-----w- C:\Users\Mike\AppData\Local\{B5622D7D-5F39-45F3-ADCE-FD26A7D7AA2E}
2012-06-22 11:24:47 -------- d-----w- C:\Users\Mike\AppData\Local\{47B7DFD3-5C27-4D95-8FCC-47E92D46AF79}
2012-06-21 17:52:50 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 17:52:48 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 17:52:48 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 17:52:48 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-12 00:25:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 00:25:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 00:25:02 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 8:09:55.42 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/10/2012 11:03:20 AM
System Uptime: 7/18/2012 8:08:16 AM (0 hours ago)
.
Motherboard: Alienware | | M17xR3
Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz | CPU1 | 2401/1600mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 229 GiB total, 88.158 GiB free.
D: is FIXED (NTFS) - 699 GiB total, 467.01 GiB free.
E: is CDROM (UDF)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Advanced Audio FX Engine
AlienRespawn
AlienRespawn - Support Software
Alienware M17x Manual
Alienware On-Screen Display
Apple Application Support
Apple Software Update
Assassin's Creed
Assassin's Creed II
AVG PC Tuneup
Banctec Service Agreement
Batman: Arkham Asylum
Batman: Arkham City™
Bigfoot Networks Killer Network Manager
Command Center
D3DX10
DC Universe Online Live
Diablo III
DirectX 9 Runtime
Dual-Core Optimizer
EMSC
IDT Audio
Integrated Webcam Live! Central
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 7 Update 1
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PhotoShowExpress
QuickTime
Rootkit Unhooker Uninstall
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sonic CinePlayer Decoder Pack
Star Wars: The Old Republic
Steam
The Elder Scrolls V: Skyrim
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/18/2012 8:09:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
7/17/2012 8:08:58 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\rkhdrv40.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/17/2012 5:01:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service.
7/17/2012 4:36:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa800d7faa10, 0xfffff80000b9c3d8, 0xfffffa801d7a7ab0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-23244-01.
7/16/2012 8:59:45 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/16/2012 8:59:26 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/16/2012 8:54:01 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

#5
Maniac

Posted 18 July 2012 - 05:03 PM

Forum Deity

Experts
17,088 posts

Gender:Male
Location:Bulgaria, EU

Step 1

Please re-run TDSSKiller, but this time use Delete option for this entry:

08:05:07.0621 1776 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:05:07.0621 1776 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#6
Getsugakure

Posted 18 July 2012 - 08:03 PM

New Member

Members
9 posts

Again--thanks so much for the quick reply!

ComboFix 12-07-18.04 - Mike 07/18/2012 20:58:31.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16332.13620 [GMT -4:00]
Running from: c:\users\Mike\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-19 01:00 . 2012-07-19 01:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-19 01:00 . 2012-07-19 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 00:44 . 2012-07-17 00:46 -------- d-----w- c:\users\Mike\AppData\Roaming\AVG
2012-07-17 00:32 . 2012-07-17 00:32 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2012-07-17 00:32 . 2012-07-17 00:32 -------- d-----w- c:\programdata\Malwarebytes
2012-07-17 00:32 . 2012-07-17 00:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-17 00:32 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-15 21:49 . 2012-07-15 21:49 -------- d-----w- c:\users\Mike\AppData\Local\AVG Secure Search
2012-07-15 21:49 . 2012-07-15 21:49 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-15 21:49 . 2012-07-15 21:49 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-15 21:49 . 2012-07-15 21:49 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-15 21:49 . 2012-07-15 21:49 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-15 21:49 . 2012-07-17 12:01 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-15 21:49 . 2012-07-15 21:49 -------- d-----w- C:\$AVG
2012-07-15 21:43 . 2003-06-13 03:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd
2012-07-15 21:43 . 2012-07-15 21:43 -------- d-----w- c:\programdata\Creative
2012-07-14 15:49 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9070812E-7C8F-472E-A7EB-4F24695CD157}\mpengine.dll
2012-07-12 11:45 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 21:02 . 2012-07-11 21:02 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-11 21:02 . 2012-07-11 21:02 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-10 23:50 . 2012-07-10 23:50 -------- d-----w- c:\users\Mike\AppData\Roaming\IDT
2012-07-08 21:43 . 2012-07-12 11:50 -------- d-----w- c:\program files (x86)\Diablo III
2012-07-08 21:43 . 2012-07-08 21:43 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-07-08 21:43 . 2012-07-08 21:43 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-07-08 21:43 . 2012-07-08 21:43 -------- d-----w- c:\programdata\Battle.net
2012-06-21 17:52 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 17:52 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 17:52 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 17:52 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 17:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 17:52 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 17:52 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 17:52 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 17:52 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 11:44 . 2012-04-05 19:28 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-12 00:25 . 2012-04-18 19:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 00:25 . 2012-03-06 00:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 00:25 . 2012-04-18 19:25 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-12 21:41 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 21:41 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 21:41 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 21:41 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 21:41 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 21:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 21:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 21:41 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 21:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 21:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 21:41 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 21:41 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 21:41 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 21:41 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-19_00.54.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-17 20:36 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-19 00:56 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-07-19 00:59 660318 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-19 00:48 660318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-19 00:59 121214 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-19 00:48 121214 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:54 . 2012-07-19 00:56 2408448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 20:36 2408448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-19 00:56 1654784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 20:36 1654784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-15 21:49 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-15 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-23 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-09-03 1636208]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-15 1107552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2011-11-8 568832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-17 344616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-11 113120]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-17 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-07-05 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [2011-11-08 69224]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-03-22 15296]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-11-08 467456]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-07-05 1997416]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-09-22 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-27 378472]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-15 935008]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-07 27760]
S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys [2011-11-08 2740328]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-30 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-12-09 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-03-04 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-03-04 181760]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-04 337512]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 39061743
*Deregistered* - 39061743
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 00:25]
.
2012-07-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\AlienAutopsy\uaclauncher.exe [2012-04-13 05:57]
.
2012-07-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\AlienAutopsy\uaclauncher.exe [2012-04-13 05:57]
.
2012-07-19 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\AlienAutopsy\uaclauncher.exe [2012-04-13 05:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-26 315496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-13 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-13 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-13 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-04-13 13256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.1.10.1 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\g5xi2azl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B76185820-38ca-49f5-b45a-e41da4444338%7D&mid=ff47a873bf9747d097a94dfe4bb609ca-5e7f89c4b940a95ad5bfa65298698b7a74485dc2&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-15%2017%3A49%3A54&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-18 21:01:24
ComboFix-quarantined-files.txt 2012-07-19 01:01
ComboFix2.txt 2012-07-19 00:55
ComboFix3.txt 2012-07-17 01:01
.
Pre-Run: 94,081,810,432 bytes free
Post-Run: 94,027,280,384 bytes free
.
- - End Of File - - 33F6B5C9C889903C0227656A15E68FD9

#7
Maniac

Posted 19 July 2012 - 06:03 AM

Forum Deity

Experts
17,088 posts

Gender:Male
Location:Bulgaria, EU

Good!

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#8
Getsugakure

Posted 19 July 2012 - 07:12 AM

New Member

Members
9 posts

Here it is! Thank you!

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=324257af08ee4548b9a7eb034feb1772
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-19 12:06:56
# local_time=2012-07-19 08:06:56 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 94242343 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=146054
# found=18
# cleaned=18
# scan_time=723
C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.MY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.MY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#9
Maniac

Posted 19 July 2012 - 04:01 PM

Forum Deity

Experts
17,088 posts

Gender:Male
Location:Bulgaria, EU

Looks good!

How is your PC now?

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#10
Getsugakure

Posted 22 July 2012 - 10:06 AM

New Member

Members
9 posts

Sorry for the late reply--I didn't get an email for this one. Everything seemed fine after I turned the internet capability back onto my computer, but about three hours in, I got another notification from Malaware Bytes saying:

"Successfully blocked access to a potentially malicious website: 173.192.183.196 | Type: outgoing | Port: 52139, Process: firefox.exe"

The IP and program changed. Don't know what to do.

#11
Maniac

Posted 22 July 2012 - 10:34 AM

Forum Deity

Experts
17,088 posts

Gender:Male
Location:Bulgaria, EU

Please try on this way:
http://www.youtube.c...d&v=OukBlXfOP8Y

Hope this help.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#12
Maurice Naggar

Posted 26 July 2012 - 05:54 AM

Eradicator de logiciels malveillants

Moderators
13,214 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

~Maurice Naggar

I close my threads if there is 5 days without a response.

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes

Weird sounds. Potentially malicious websites?

#1
Getsugakure

Posted 17 July 2012 - 04:28 PM

Attached Files

#2
Maniac

Posted 18 July 2012 - 06:50 AM

#3
Getsugakure

Posted 18 July 2012 - 03:42 PM

#4
Getsugakure

Posted 18 July 2012 - 03:44 PM

#5
Maniac

Posted 18 July 2012 - 05:03 PM

#6
Getsugakure

Posted 18 July 2012 - 08:03 PM

#7
Maniac

Posted 19 July 2012 - 06:03 AM

#8
Getsugakure

Posted 19 July 2012 - 07:12 AM

#9
Maniac

Posted 19 July 2012 - 04:01 PM

#10
Getsugakure

Posted 22 July 2012 - 10:06 AM

#11
Maniac

Posted 22 July 2012 - 10:34 AM

#12
Maurice Naggar

Posted 26 July 2012 - 05:54 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

Malwarebytes

Weird sounds. Potentially malicious websites?

#1 Getsugakure Posted 17 July 2012 - 04:28 PM

Attached Files

#2 Maniac Posted 18 July 2012 - 06:50 AM

#3 Getsugakure Posted 18 July 2012 - 03:42 PM

#4 Getsugakure Posted 18 July 2012 - 03:44 PM

#5 Maniac Posted 18 July 2012 - 05:03 PM

#6 Getsugakure Posted 18 July 2012 - 08:03 PM

#7 Maniac Posted 19 July 2012 - 06:03 AM

#8 Getsugakure Posted 19 July 2012 - 07:12 AM

#9 Maniac Posted 19 July 2012 - 04:01 PM

#10 Getsugakure Posted 22 July 2012 - 10:06 AM

#11 Maniac Posted 22 July 2012 - 10:34 AM

#12 Maurice Naggar Posted 26 July 2012 - 05:54 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

#1
Getsugakure

Posted 17 July 2012 - 04:28 PM

#2
Maniac

Posted 18 July 2012 - 06:50 AM

#3
Getsugakure

Posted 18 July 2012 - 03:42 PM

#4
Getsugakure

Posted 18 July 2012 - 03:44 PM

#5
Maniac

Posted 18 July 2012 - 05:03 PM

#6
Getsugakure

Posted 18 July 2012 - 08:03 PM

#7
Maniac

Posted 19 July 2012 - 06:03 AM

#8
Getsugakure

Posted 19 July 2012 - 07:12 AM

#9
Maniac

Posted 19 July 2012 - 04:01 PM

#10
Getsugakure

Posted 22 July 2012 - 10:06 AM

#11
Maniac

Posted 22 July 2012 - 10:34 AM

#12
Maurice Naggar

Posted 26 July 2012 - 05:54 AM