Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log


  • This topic is locked This topic is locked
73 replies to this topic

#1 tarreg01

tarreg01

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 23 March 2012 - 07:39 AM

Hello. So I have had a problem with some sort of redirect virus for about 2 weeks now. I have been using a different board to try to solve this problem and so far, no luck. I have used all of the following: OTL, ESET, Malwarebytes and aswMBR.

So, to start, here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:38:42 AM, on 3/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
C:\Program Files (x86)\NetWorx\networx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe
C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=1_0&u=0F63BFA6AB623D0867FF544F6A711432
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files (x86)\NetWorx\networx.exe" /auto
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -svchost.exe6.1 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -svchost.exe6.1 (User 'Default user')
O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Product - 2011/10/27 21:15:27 (CLKMSVC10_C6F09094) - CyberLink - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files (x86)\iWin Games\iWinTrusted.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16884 bytes

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:37 PM

Posted 24 March 2012 - 12:04 PM

Hi,

Please do the following:



Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 tarreg01

tarreg01
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 26 March 2012 - 07:22 AM

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_03
Run by Travis at 8:18:00 on 2012-03-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5270 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\Windows\runservice.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\java.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
C:\Program Files (x86)\NetWorx\networx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=1_0&u=0F63BFA6AB623D0867FF544F6A711432
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
mRun: [NetWorx] "C:\Program Files (x86)\NetWorx\networx.exe" /auto
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
dRunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -svchost.exe6.1
dRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
dRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BF9B3D83-6A01-43F5-A0E9-0624745288FA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BF9B3D83-6A01-43F5-A0E9-0624745288FA}\C696E6B6379737 : DhcpNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{BF9B3D83-6A01-43F5-A0E9-0624745288FA}\E4544574541425D25374 : DhcpNameServer = 192.168.1.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
mRun-x64: [NetWorx] "C:\Program Files (x86)\NetWorx\networx.exe" /auto
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\j1fmjcb3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1678857&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://drudgereport.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Travis\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120323.002\IDSviA64.sys [2012-3-23 488568]
R1 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\pssdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-8-31 192512]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-3-20 2152152]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2011-5-1 2560]
R2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2011-10-12 126400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-20 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-15 138360]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-3-21 17152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SSMO3v2Filter;MMO3v2 Mouse;C:\Windows\system32\drivers\MO3v2Driver.sys --> C:\Windows\system32\drivers\MO3v2Driver.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/10/27 21:15:27;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-10-27 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-6-10 23536]
S3 RzSynapse;Razer Naga Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-24 20:23:39 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-24 20:08:50 98816 ----a-w- C:\Windows\sed.exe
2012-03-24 20:08:50 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-24 20:08:50 256000 ----a-w- C:\Windows\PEV.exe
2012-03-24 20:08:50 208896 ----a-w- C:\Windows\MBR.exe
2012-03-23 11:46:38 -------- d-----w- C:\Users\Travis\AppData\Local\{4011BE46-1FFD-4A95-9B40-4A50EDE9752F}
2012-03-23 11:46:21 -------- d-----w- C:\Users\Travis\AppData\Local\{F5B84D6C-CB4C-4C42-A2ED-E1B7BE5B618A}
2012-03-22 18:01:31 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-22 13:28:50 -------- d-----w- C:\Users\Travis\AppData\Local\{D764234A-52A5-4D8A-9FE7-6C0106870CF4}
2012-03-22 13:28:39 -------- d-----w- C:\Users\Travis\AppData\Local\{00064B10-0BC4-4A7D-8F27-CBFA0CC32F4B}
2012-03-22 13:08:02 -------- d-----w- C:\_OTL
2012-03-22 11:50:34 12464 ----a-w- C:\Windows\SysWow64\drivers\SECDRV.SYS
2012-03-22 08:23:55 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-03-22 00:34:11 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-22 00:26:50 388096 ----a-r- C:\Users\Travis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-22 00:26:50 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-22 00:24:06 -------- d-----w- C:\Users\Travis\AppData\Local\adawarebp
2012-03-22 00:23:51 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-03-22 00:23:47 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-03-22 00:23:44 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-03-22 00:23:33 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-03-22 00:23:27 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-03-22 00:10:48 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-22 00:10:48 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-22 00:09:12 -------- d-----w- C:\Users\Travis\AppData\Local\{F664D594-B61A-4582-8BED-94DFE8FC1551}
2012-03-22 00:09:01 -------- d-----w- C:\Users\Travis\AppData\Local\{897C2435-2854-4665-8EEC-BA5F85778EE0}
2012-03-21 02:58:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-21 02:58:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-21 02:55:43 -------- d-----w- C:\ProgramData\AMD
2012-03-21 02:55:42 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-03-21 02:55:38 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-03-21 02:43:50 -------- d-----w- C:\AMD
2012-03-21 02:39:36 -------- d-----w- C:\Users\Travis\AppData\Local\{08ED4321-30E4-45C0-9CAE-EFD9CD6DB609}
2012-03-21 02:39:18 -------- d-----w- C:\Users\Travis\AppData\Local\{259EC4B8-D076-478E-AA85-DFCDE7234CBF}
2012-03-21 02:37:19 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-21 02:37:17 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-21 02:37:17 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-21 02:30:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-21 00:58:05 -------- d-----w- C:\Users\Travis\AppData\Local\{F44BE389-1620-4FFD-9FAE-B9C27E587094}
2012-03-21 00:57:18 -------- d-----w- C:\Users\Travis\AppData\Local\{F97B1298-8BF9-4D14-AF5D-8B28BA79BB5B}
2012-03-21 00:44:26 -------- d-----w- C:\Users\Travis\AppData\Roaming\Malwarebytes
2012-03-21 00:44:23 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-21 00:44:23 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-21 00:44:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-21 00:11:49 -------- d-----w- C:\bcfc72ca03d941dc4215a618a1
2012-03-21 00:11:22 -------- d-----w- C:\a1bd0fb052432ed4669e
2012-03-20 12:48:00 -------- d-----w- C:\Windows\System32\MpEngineStore
2012-03-20 12:47:26 -------- d-----w- C:\3ed8943729bfa6b0d7ce1b9872e83e
2012-03-20 12:02:29 -------- d-----w- C:\Users\Travis\AppData\Local\{42B3A74B-DBF0-4A9A-AC16-CC2F0E2F07D0}
2012-03-20 12:02:17 -------- d-----w- C:\Users\Travis\AppData\Local\{0A645C05-635F-43A8-A1AC-88819BBEFE23}
2012-03-20 11:36:34 -------- d-----w- C:\Users\Travis\AppData\Local\{8622D8E0-23A3-4F71-A610-F9ADF74B171C}
2012-03-20 11:35:59 -------- d-----w- C:\Users\Travis\AppData\Local\{CEEAAADA-5743-460D-B436-5421AC290CE0}
2012-03-19 12:11:06 53808 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2012-03-19 12:08:32 -------- d-----w- C:\Users\Travis\AppData\Local\{BF34A9A3-2CBF-4A4F-ADEE-EDAFC48A90E8}
2012-03-19 12:07:36 -------- d-----w- C:\Users\Travis\AppData\Local\{BBEE96BD-711A-46B1-A14D-F9DB9974C373}
2012-03-19 12:02:47 -------- d-----w- C:\Users\Travis\AppData\Local\{6FEBCE52-51D1-4943-95A5-14F8E16C7E3A}
2012-03-19 12:02:29 -------- d-----w- C:\Users\Travis\AppData\Local\{00F61D48-650A-4DBD-946C-86E94D1FD831}
2012-03-15 11:03:56 -------- d-----w- C:\Users\Travis\AppData\Local\{AACD0221-E884-4C31-89D4-E938535AEE6E}
2012-03-14 16:57:10 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 16:57:08 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 16:57:08 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 11:11:40 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 11:11:40 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 11:11:40 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 11:11:39 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 11:11:39 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 11:11:39 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 11:11:39 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-08 23:34:00 -------- d-----w- C:\Program Files\iPod
2012-03-08 23:33:59 -------- d-----w- C:\Program Files\iTunes
2012-03-06 12:06:52 -------- d-----w- C:\Users\Travis\AppData\Local\{65FD5153-E19C-4ACC-B6A8-1134670A1BD5}
2012-03-06 12:06:37 -------- d-----w- C:\Users\Travis\AppData\Local\{CCFE5A20-F93F-4A58-B011-FBA8B8DE5C38}
2012-02-29 12:21:05 -------- d-----w- C:\Users\Travis\AppData\Local\{1777AAFE-EE7E-49C1-9C80-A9128ABE155A}
2012-02-29 12:20:53 -------- d-----w- C:\Users\Travis\AppData\Local\{1CB9AC51-4805-469B-8B15-6E3938FB2D09}
.
==================== Find3M ====================
.
2012-03-26 12:03:26 865 --sha-w- C:\Windows\SysWow64\mmf.sys
2012-03-21 02:38:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-02-15 02:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-15 02:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-15 02:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-15 02:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-15 02:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-15 02:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-15 02:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-15 02:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-01-31 10:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-31 10:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2001-09-28 22:00:28 164864 ----a-w- C:\Program Files (x86)\UNWISE.EXE
.
============= FINISH: 8:19:09.72 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2009 2:04:29 AM
System Uptime: 3/26/2012 8:02:31 AM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Eureka3
Processor: Intel® Core™2 Quad CPU Q9300 @ 2.50GHz | CPU 1 | 2499/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 592.393 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.189 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
J: is Removable
K: is Removable
L: is Removable
M: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP344: 3/22/2012 5:38:04 AM - Scheduled Checkpoint
RP345: 3/23/2012 8:10:35 PM - Removed Heroes of Might & Magic V: Hammers of Fate
RP346: 3/23/2012 8:14:54 PM - Removed Heroes of Might and Magic V - Tribes of the East
RP347: 3/23/2012 8:15:46 PM - Removed Heroes of Might and Magic V
.
==== Installed Programs ======================
.
AAC Decoder
Activate Norton Online Backup
Ad-Aware
Ad-Aware Security Toolbar
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
Adobe Shockwave Player
Apple Application Support
Apple Software Update
ATI Catalyst Registration
AutoUpdate
Baseball Mogul 2008
Big Fish Games Client
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Capitalism II (remove only)
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chocolatier (remove only)
Compatibility Pack for the 2007 Office system
Curse Client
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Media Foundation Components
DivX Plus Web Player
DivX Version Checker
Download Manager 2.3.10
EA Download Manager
EA Download Manager UI
EA Shared Game Component: Activation
EA SPORTS online 2008
Empire: Total War
ESET Online Scanner v3
Europa Universalis III
Facebook Plug-In
FATE: The Cursed King
ffdshow [rev 2527] [2008-12-19]
H.264 Decoder
Hacker Evolution Untold
Heir to the Throne
Hewlett-Packard ACLM.NET v1.1.2.0
HiJackThis
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Easy Backup
HP Games
HP MAINSTREAM KEYBOARD
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HydraVision
Java Auto Updater
Java™ 6 Update 3
Junk Mail filter update
LabelPrint
LightScribe System Software
Linksys EasyLink Advisor
Madden NFL 08
Magic Online III
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
MKV Splitter
MotoHelper MergeModules
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NetWorx 5.0.9
Norton Internet Security
NVIDIA PhysX
Oblivion Deluxe
Pando Media Booster
PictureMover
Poker Academy Pro 2
Poker Academy Prospector
Pontiac GTO Screen Saver
Power2Go
PowerDirector
PowerRecover
PunkBuster Services
Pure Networks Platform
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sid Meier's Civilization V
SimCity 4
SPORE™
Spybot - Search & Destroy
Steam
System Requirements Lab
The Lord of the Rings FREE Trial
TorchED
Torchlight
Treasure Valley
Treasure Valley Site 02
Treasure Valley Site 03
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.4053
VoiceOver Kit
WebEx Support Manager for Internet Explorer
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
World of Warcraft
World of Warcraft Cataclysm MMO Gaming Mouse
Zip Motion Block Video codec (Remove Only)
.
==== Event Viewer Messages From Past Week ========
.
3/26/2012 8:07:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/24/2012 4:29:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/24/2012 4:26:49 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: A device attached to the system is not functioning.
3/24/2012 4:26:41 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
3/24/2012 4:21:29 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
3/24/2012 4:19:49 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/24/2012 4:19:22 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/24/2012 4:08:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
3/24/2012 4:08:02 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/24/2012 4:05:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/24/2012 4:05:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/24/2012 3:59:00 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/24/2012 3:58:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/24/2012 3:58:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/24/2012 3:58:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/24/2012 3:58:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/24/2012 3:58:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6
3/24/2012 3:57:46 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
3/24/2012 3:57:43 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/24/2012 3:57:43 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/24/2012 3:57:43 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/24/2012 3:57:43 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
3/24/2012 3:57:43 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
3/24/2012 3:57:43 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
3/23/2012 7:47:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
3/23/2012 7:47:26 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/23/2012 7:46:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
3/23/2012 7:46:23 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/23/2012 7:43:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pure Networks Platform Service service to connect.
3/23/2012 7:43:39 AM, Error: Service Control Manager [7000] - The Pure Networks Platform Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 5:04:52 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/22/2012 1:48:09 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: A system shutdown is in progress.
3/22/2012 1:48:08 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
3/20/2012 9:00:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 pavboot spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6
3/20/2012 9:00:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002caaf6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032012-31262-01.
3/20/2012 8:57:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
3/20/2012 8:57:30 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2012 8:29:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/20/2012 8:26:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb4f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032012-29889-01.
3/20/2012 8:23:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c70f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032012-49561-01.
3/20/2012 7:46:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000040, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca6e38). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032012-28875-01.
3/20/2012 7:41:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002d04b5a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032012-99045-01.
3/20/2012 7:36:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/20/2012 7:36:41 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2012 7:36:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/20/2012 11:41:44 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
3/20/2012 10:46:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
3/20/2012 10:46:46 PM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2012 10:33:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
3/20/2012 10:31:50 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
3/20/2012 10:31:50 PM, Error: SRTSP [4] - Error loading virus definitions.
3/20/2012 10:04:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/20/2012 1:50:54 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
3/20/2012 1:50:54 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
3/19/2012 8:40:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).
3/19/2012 8:15:11 AM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/19/2012 8:11:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
3/19/2012 8:03:03 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================

#4 tarreg01

tarreg01
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 26 March 2012 - 08:38 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-26 08:22:34
-----------------------------
08:22:34.275 OS Version: Windows x64 6.1.7601 Service Pack 1
08:22:34.275 Number of processors: 4 586 0x1707
08:22:34.276 ComputerName: TRAVIS-PC UserName: Travis
08:22:35.785 Initialize success
08:23:27.533 AVAST engine defs: 12032601
08:24:55.536 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:24:55.539 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA39D Size: 953869MB BusType: 3
08:24:55.551 Disk 0 MBR read successfully
08:24:55.553 Disk 0 MBR scan
08:24:55.559 Disk 0 unknown MBR code
08:24:55.566 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:24:55.580 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941396 MB offset 206848
08:24:55.617 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12371 MB offset 1928185856
08:24:55.669 Disk 0 scanning C:\Windows\system32\drivers
08:25:07.057 Service scanning
08:25:32.629 Modules scanning
08:25:32.630 Disk 0 trace - called modules:
08:25:32.645 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
08:25:32.647 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a99790]
08:25:32.647 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007489e40]
08:25:32.648 5 ACPI.sys[fffff88000f1d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800748e060]
08:25:34.093 AVAST engine scan C:\Windows
08:25:40.526 AVAST engine scan C:\Windows\system32
08:29:04.472 AVAST engine scan C:\Windows\system32\drivers
08:29:25.995 AVAST engine scan C:\Users\Travis
09:11:40.536 AVAST engine scan C:\ProgramData
09:29:03.850 Scan finished successfully
09:37:54.268 Disk 0 MBR has been saved successfully to "C:\Users\Travis\Desktop\MBR.dat"
09:37:54.274 The log file has been saved successfully to "C:\Users\Travis\Desktop\aswMBR.txt"

#5 tarreg01

tarreg01
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 26 March 2012 - 08:43 AM

09:39:24.0613 6008 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
09:39:26.0615 6008 ============================================================
09:39:26.0615 6008 Current date / time: 2012/03/26 09:39:26.0615
09:39:26.0615 6008 SystemInfo:
09:39:26.0615 6008
09:39:26.0616 6008 OS Version: 6.1.7601 ServicePack: 1.0
09:39:26.0616 6008 Product type: Workstation
09:39:26.0616 6008 ComputerName: TRAVIS-PC
09:39:26.0616 6008 UserName: Travis
09:39:26.0616 6008 Windows directory: C:\Windows
09:39:26.0616 6008 System windows directory: C:\Windows
09:39:26.0616 6008 Running under WOW64
09:39:26.0616 6008 Processor architecture: Intel x64
09:39:26.0616 6008 Number of processors: 4
09:39:26.0616 6008 Page size: 0x1000
09:39:26.0616 6008 Boot type: Normal boot
09:39:26.0616 6008 ============================================================
09:39:28.0064 6008 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:39:28.0086 6008 \Device\Harddisk0\DR0:
09:39:28.0110 6008 MBR used
09:39:28.0110 6008 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:39:28.0110 6008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72EAA000
09:39:28.0110 6008 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72EDC800, BlocksNum 0x1829800
09:39:28.0240 6008 Initialize success
09:39:28.0240 6008 ============================================================
09:40:20.0568 6108 ============================================================
09:40:20.0568 6108 Scan started
09:40:20.0568 6108 Mode: Manual; TDLFS;
09:40:20.0568 6108 ============================================================
09:40:21.0699 6108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:40:21.0702 6108 1394ohci - ok
09:40:21.0750 6108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:40:21.0753 6108 ACPI - ok
09:40:21.0838 6108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:40:21.0839 6108 AcpiPmi - ok
09:40:21.0877 6108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:40:21.0883 6108 adp94xx - ok
09:40:21.0947 6108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:40:21.0951 6108 adpahci - ok
09:40:22.0013 6108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:40:22.0016 6108 adpu320 - ok
09:40:22.0042 6108 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:40:22.0043 6108 AeLookupSvc - ok
09:40:22.0089 6108 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:40:22.0093 6108 AFD - ok
09:40:22.0174 6108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:40:22.0176 6108 agp440 - ok
09:40:22.0199 6108 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:40:22.0216 6108 ALG - ok
09:40:22.0265 6108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:40:22.0268 6108 aliide - ok
09:40:22.0342 6108 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
09:40:22.0344 6108 AMD External Events Utility - ok
09:40:22.0366 6108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:40:22.0367 6108 amdide - ok
09:40:22.0402 6108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:40:22.0403 6108 AmdK8 - ok
09:40:22.0645 6108 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
09:40:22.0807 6108 amdkmdag - ok
09:40:22.0895 6108 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
09:40:22.0898 6108 amdkmdap - ok
09:40:22.0929 6108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:40:22.0938 6108 AmdPPM - ok
09:40:22.0976 6108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:40:22.0978 6108 amdsata - ok
09:40:23.0055 6108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:40:23.0058 6108 amdsbs - ok
09:40:23.0073 6108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:40:23.0074 6108 amdxata - ok
09:40:23.0115 6108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:40:23.0116 6108 AppID - ok
09:40:23.0145 6108 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:40:23.0164 6108 AppIDSvc - ok
09:40:23.0242 6108 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:40:23.0243 6108 Appinfo - ok
09:40:23.0341 6108 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:40:23.0343 6108 Apple Mobile Device - ok
09:40:23.0427 6108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:40:23.0429 6108 arc - ok
09:40:23.0440 6108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:40:23.0441 6108 arcsas - ok
09:40:23.0492 6108 aspnet_state - ok
09:40:23.0564 6108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:40:23.0565 6108 AsyncMac - ok
09:40:23.0598 6108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:40:23.0599 6108 atapi - ok
09:40:23.0673 6108 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
09:40:23.0689 6108 athr - ok
09:40:23.0791 6108 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
09:40:23.0793 6108 AtiHdmiService - ok
09:40:23.0978 6108 atikmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
09:40:24.0033 6108 atikmdag - ok
09:40:24.0129 6108 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
09:40:24.0131 6108 atksgt - ok
09:40:24.0185 6108 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:40:24.0192 6108 AudioEndpointBuilder - ok
09:40:24.0203 6108 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:40:24.0207 6108 AudioSrv - ok
09:40:24.0296 6108 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:40:24.0316 6108 AxInstSV - ok
09:40:24.0375 6108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:40:24.0380 6108 b06bdrv - ok
09:40:24.0457 6108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:40:24.0460 6108 b57nd60a - ok
09:40:24.0481 6108 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:40:24.0504 6108 BDESVC - ok
09:40:24.0523 6108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:40:24.0523 6108 Beep - ok
09:40:24.0605 6108 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:40:24.0612 6108 BFE - ok
09:40:24.0750 6108 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
09:40:24.0761 6108 BHDrvx64 - ok
09:40:24.0876 6108 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:40:24.0885 6108 BITS - ok
09:40:24.0922 6108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:40:24.0923 6108 blbdrive - ok
09:40:24.0983 6108 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:40:24.0989 6108 Bonjour Service - ok
09:40:25.0072 6108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:40:25.0074 6108 bowser - ok
09:40:25.0087 6108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:40:25.0089 6108 BrFiltLo - ok
09:40:25.0102 6108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:40:25.0103 6108 BrFiltUp - ok
09:40:25.0192 6108 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:40:25.0193 6108 BridgeMP - ok
09:40:25.0228 6108 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:40:25.0230 6108 Browser - ok
09:40:25.0261 6108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:40:25.0265 6108 Brserid - ok
09:40:25.0278 6108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:40:25.0279 6108 BrSerWdm - ok
09:40:25.0349 6108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:40:25.0350 6108 BrUsbMdm - ok
09:40:25.0362 6108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:40:25.0363 6108 BrUsbSer - ok
09:40:25.0384 6108 BTCFilterService - ok
09:40:25.0413 6108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:40:25.0415 6108 BTHMODEM - ok
09:40:25.0475 6108 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:40:25.0506 6108 bthserv - ok
09:40:25.0564 6108 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
09:40:25.0566 6108 BVRPMPR5a64 - ok
09:40:25.0587 6108 catchme - ok
09:40:25.0669 6108 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
09:40:25.0676 6108 ccHP - ok
09:40:25.0748 6108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:40:25.0750 6108 cdfs - ok
09:40:25.0806 6108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:40:25.0808 6108 cdrom - ok
09:40:25.0897 6108 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:40:25.0899 6108 CertPropSvc - ok
09:40:25.0940 6108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:40:25.0941 6108 circlass - ok
09:40:25.0972 6108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:40:25.0976 6108 CLFS - ok
09:40:26.0076 6108 CLKMSVC10_C6F09094 (dede5ec7dc09d840d5d74e06ff4de127) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
09:40:26.0096 6108 CLKMSVC10_C6F09094 - ok
09:40:26.0175 6108 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:40:26.0188 6108 clr_optimization_v2.0.50727_32 - ok
09:40:26.0221 6108 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:40:26.0233 6108 clr_optimization_v2.0.50727_64 - ok
09:40:26.0342 6108 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:40:26.0345 6108 clr_optimization_v4.0.30319_32 - ok
09:40:26.0395 6108 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:40:26.0420 6108 clr_optimization_v4.0.30319_64 - ok
09:40:26.0498 6108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:40:26.0499 6108 CmBatt - ok
09:40:26.0536 6108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:40:26.0537 6108 cmdide - ok
09:40:26.0572 6108 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:40:26.0577 6108 CNG - ok
09:40:26.0605 6108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:40:26.0606 6108 Compbatt - ok
09:40:26.0698 6108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:40:26.0700 6108 CompositeBus - ok
09:40:26.0709 6108 COMSysApp - ok
09:40:26.0765 6108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:40:26.0766 6108 crcdisk - ok
09:40:26.0813 6108 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:40:26.0815 6108 CryptSvc - ok
09:40:26.0898 6108 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:40:26.0904 6108 DcomLaunch - ok
09:40:26.0938 6108 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:40:26.0960 6108 defragsvc - ok
09:40:27.0041 6108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:40:27.0043 6108 DfsC - ok
09:40:27.0098 6108 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:40:27.0102 6108 Dhcp - ok
09:40:27.0130 6108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:40:27.0131 6108 discache - ok
09:40:27.0597 6108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:40:27.0599 6108 Disk - ok
09:40:27.0635 6108 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:40:27.0637 6108 Dnscache - ok
09:40:27.0698 6108 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:40:27.0729 6108 dot3svc - ok
09:40:27.0765 6108 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:40:27.0768 6108 DPS - ok
09:40:27.0803 6108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:40:27.0804 6108 drmkaud - ok
09:40:27.0873 6108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:40:27.0884 6108 DXGKrnl - ok
09:40:27.0936 6108 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:40:27.0939 6108 EapHost - ok
09:40:28.0019 6108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:40:28.0051 6108 ebdrv - ok
09:40:28.0120 6108 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:40:28.0125 6108 eeCtrl - ok
09:40:28.0192 6108 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:40:28.0194 6108 EFS - ok
09:40:28.0255 6108 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:40:28.0274 6108 ehRecvr - ok
09:40:28.0323 6108 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:40:28.0336 6108 ehSched - ok
09:40:28.0391 6108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:40:28.0397 6108 elxstor - ok
09:40:28.0459 6108 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:40:28.0461 6108 EraserUtilRebootDrv - ok
09:40:28.0535 6108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:40:28.0536 6108 ErrDev - ok
09:40:28.0575 6108 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:40:28.0580 6108 EventSystem - ok
09:40:28.0610 6108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:40:28.0611 6108 exfat - ok
09:40:28.0632 6108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:40:28.0633 6108 fastfat - ok
09:40:28.0728 6108 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:40:28.0737 6108 Fax - ok
09:40:28.0766 6108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:40:28.0768 6108 fdc - ok
09:40:28.0790 6108 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:40:28.0791 6108 fdPHost - ok
09:40:28.0846 6108 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:40:28.0847 6108 FDResPub - ok
09:40:28.0875 6108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:40:28.0877 6108 FileInfo - ok
09:40:28.0897 6108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:40:28.0898 6108 Filetrace - ok
09:40:28.0922 6108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:40:28.0924 6108 flpydisk - ok
09:40:29.0011 6108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:40:29.0014 6108 FltMgr - ok
09:40:29.0064 6108 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:40:29.0077 6108 FontCache - ok
09:40:29.0133 6108 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:40:29.0135 6108 FontCache3.0.0.0 - ok
09:40:29.0196 6108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:40:29.0198 6108 FsDepends - ok
09:40:29.0252 6108 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
09:40:29.0253 6108 fssfltr - ok
09:40:29.0323 6108 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:40:29.0355 6108 fsssvc - ok
09:40:29.0416 6108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:40:29.0436 6108 Fs_Rec - ok
09:40:29.0489 6108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:40:29.0491 6108 fvevol - ok
09:40:29.0513 6108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:40:29.0515 6108 gagp30kx - ok
09:40:29.0570 6108 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
09:40:29.0591 6108 GameConsoleService - ok
09:40:29.0635 6108 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:40:29.0653 6108 GamesAppService - ok
09:40:29.0739 6108 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:40:29.0740 6108 GEARAspiWDM - ok
09:40:29.0783 6108 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:40:29.0791 6108 gpsvc - ok
09:40:29.0812 6108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:40:29.0814 6108 hcw85cir - ok
09:40:29.0862 6108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:40:29.0863 6108 HDAudBus - ok
09:40:29.0918 6108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:40:29.0919 6108 HidBatt - ok
09:40:29.0950 6108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:40:29.0952 6108 HidBth - ok
09:40:29.0983 6108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:40:29.0984 6108 HidIr - ok
09:40:30.0004 6108 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:40:30.0006 6108 hidserv - ok
09:40:30.0100 6108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
09:40:30.0101 6108 HidUsb - ok
09:40:30.0134 6108 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:40:30.0136 6108 hkmsvc - ok
09:40:30.0173 6108 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:40:30.0176 6108 HomeGroupListener - ok
09:40:30.0211 6108 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:40:30.0214 6108 HomeGroupProvider - ok
09:40:30.0290 6108 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:40:30.0292 6108 HP Support Assistant Service - ok
09:40:30.0315 6108 HPBtnSrv (deab3bf5aefbdc3f9ac0e020926ec81d) C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
09:40:30.0322 6108 HPBtnSrv - ok
09:40:30.0385 6108 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
09:40:30.0397 6108 HPDrvMntSvc.exe - ok
09:40:30.0455 6108 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
09:40:30.0481 6108 hpqwmiex - ok
09:40:30.0565 6108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:40:30.0567 6108 HpSAMD - ok
09:40:30.0639 6108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:40:30.0646 6108 HTTP - ok
09:40:30.0679 6108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:40:30.0680 6108 hwpolicy - ok
09:40:30.0764 6108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:40:30.0767 6108 i8042prt - ok
09:40:30.0819 6108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:40:30.0824 6108 iaStorV - ok
09:40:30.0909 6108 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:40:30.0947 6108 IDriverT - ok
09:40:31.0038 6108 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:40:31.0048 6108 idsvc - ok
09:40:31.0167 6108 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120323.002\IDSvia64.sys
09:40:31.0171 6108 IDSVia64 - ok
09:40:31.0249 6108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:40:31.0250 6108 iirsp - ok
09:40:31.0293 6108 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:40:31.0302 6108 IKEEXT - ok
09:40:31.0394 6108 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
09:40:31.0418 6108 IntcAzAudAddService - ok
09:40:31.0491 6108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:40:31.0492 6108 intelide - ok
09:40:31.0534 6108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:40:31.0535 6108 intelppm - ok
09:40:31.0558 6108 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:40:31.0590 6108 IPBusEnum - ok
09:40:31.0670 6108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:40:31.0671 6108 IpFilterDriver - ok
09:40:31.0689 6108 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:40:31.0695 6108 iphlpsvc - ok
09:40:31.0739 6108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:40:31.0741 6108 IPMIDRV - ok
09:40:31.0772 6108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:40:31.0774 6108 IPNAT - ok
09:40:31.0841 6108 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
09:40:31.0850 6108 iPod Service - ok
09:40:31.0926 6108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:40:31.0927 6108 IRENUM - ok
09:40:31.0960 6108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:40:31.0961 6108 isapnp - ok
09:40:31.0995 6108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:40:31.0999 6108 iScsiPrt - ok
09:40:32.0059 6108 iWinTrusted (fe1a970e7ce330bb844e333c374c6599) C:\Program Files (x86)\iWin Games\iWinTrusted.exe
09:40:32.0095 6108 iWinTrusted - ok
09:40:32.0179 6108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:40:32.0180 6108 kbdclass - ok
09:40:32.0219 6108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:40:32.0220 6108 kbdhid - ok
09:40:32.0242 6108 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:40:32.0244 6108 KeyIso - ok
09:40:32.0260 6108 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:40:32.0264 6108 KSecDD - ok
09:40:32.0333 6108 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:40:32.0335 6108 KSecPkg - ok
09:40:32.0366 6108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:40:32.0367 6108 ksthunk - ok
09:40:32.0400 6108 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:40:32.0427 6108 KtmRm - ok
09:40:32.0512 6108 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:40:32.0516 6108 LanmanServer - ok
09:40:32.0558 6108 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:40:32.0562 6108 LanmanWorkstation - ok
09:40:32.0727 6108 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
09:40:32.0796 6108 Lavasoft Ad-Aware Service - ok
09:40:32.0891 6108 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
09:40:32.0893 6108 Lbd - ok
09:40:32.0951 6108 LicCtrlService (29fab5363138f6e322f4cd780ed9d337) C:\Windows\runservice.exe
09:40:32.0952 6108 LicCtrlService - ok
09:40:32.0998 6108 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:40:33.0005 6108 LightScribeService - ok
09:40:33.0046 6108 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
09:40:33.0049 6108 LinksysUpdater - ok
09:40:33.0134 6108 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
09:40:33.0135 6108 lirsgt - ok
09:40:33.0169 6108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:40:33.0170 6108 lltdio - ok
09:40:33.0202 6108 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:40:33.0225 6108 lltdsvc - ok
09:40:33.0281 6108 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:40:33.0282 6108 lmhosts - ok
09:40:33.0324 6108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:40:33.0326 6108 LSI_FC - ok
09:40:33.0345 6108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:40:33.0347 6108 LSI_SAS - ok
09:40:33.0369 6108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:40:33.0371 6108 LSI_SAS2 - ok
09:40:33.0424 6108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:40:33.0426 6108 LSI_SCSI - ok
09:40:33.0466 6108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:40:33.0468 6108 luafv - ok
09:40:33.0560 6108 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
09:40:33.0579 6108 McComponentHostService - ok
09:40:33.0660 6108 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:40:33.0679 6108 Mcx2Svc - ok
09:40:33.0707 6108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:40:33.0708 6108 megasas - ok
09:40:33.0730 6108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:40:33.0733 6108 MegaSR - ok
09:40:33.0796 6108 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:40:33.0798 6108 MMCSS - ok
09:40:33.0821 6108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:40:33.0822 6108 Modem - ok
09:40:33.0852 6108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:40:33.0853 6108 monitor - ok
09:40:33.0907 6108 motandroidusb - ok
09:40:33.0927 6108 motccgp - ok
09:40:33.0937 6108 motccgpfl - ok
09:40:33.0948 6108 motmodem - ok
09:40:33.0957 6108 MotoSwitchService - ok
09:40:33.0966 6108 Motousbnet - ok
09:40:33.0975 6108 motusbdevice - ok
09:40:34.0015 6108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:40:34.0016 6108 mouclass - ok
09:40:34.0051 6108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:40:34.0052 6108 mouhid - ok
09:40:34.0128 6108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:40:34.0129 6108 mountmgr - ok
09:40:34.0168 6108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:40:34.0170 6108 mpio - ok
09:40:34.0201 6108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:40:34.0202 6108 mpsdrv - ok
09:40:34.0245 6108 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:40:34.0254 6108 MpsSvc - ok
09:40:34.0325 6108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:40:34.0327 6108 MRxDAV - ok
09:40:34.0368 6108 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:40:34.0371 6108 mrxsmb - ok
09:40:34.0409 6108 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:40:34.0413 6108 mrxsmb10 - ok
09:40:34.0426 6108 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:40:34.0429 6108 mrxsmb20 - ok
09:40:34.0499 6108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:40:34.0500 6108 msahci - ok
09:40:34.0535 6108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:40:34.0538 6108 msdsm - ok
09:40:34.0561 6108 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:40:34.0575 6108 MSDTC - ok
09:40:34.0656 6108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:40:34.0657 6108 Msfs - ok
09:40:34.0668 6108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:40:34.0669 6108 mshidkmdf - ok
09:40:34.0705 6108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:40:34.0707 6108 msisadrv - ok
09:40:34.0737 6108 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:40:34.0761 6108 MSiSCSI - ok
09:40:34.0815 6108 msiserver - ok
09:40:34.0851 6108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:40:34.0852 6108 MSKSSRV - ok
09:40:34.0876 6108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:40:34.0877 6108 MSPCLOCK - ok
09:40:34.0895 6108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:40:34.0897 6108 MSPQM - ok
09:40:34.0934 6108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:40:34.0936 6108 MsRPC - ok
09:40:35.0020 6108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:40:35.0021 6108 mssmbios - ok
09:40:35.0046 6108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:40:35.0047 6108 MSTEE - ok
09:40:35.0065 6108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:40:35.0067 6108 MTConfig - ok
09:40:35.0143 6108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:40:35.0145 6108 Mup - ok
09:40:35.0185 6108 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:40:35.0191 6108 napagent - ok
09:40:35.0264 6108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:40:35.0268 6108 NativeWifiP - ok
09:40:35.0365 6108 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120325.018\ENG64.SYS
09:40:35.0366 6108 NAVENG - ok
09:40:35.0430 6108 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120325.018\EX64.SYS
09:40:35.0442 6108 NAVEX15 - ok
09:40:35.0550 6108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:40:35.0561 6108 NDIS - ok
09:40:35.0607 6108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:40:35.0609 6108 NdisCap - ok
09:40:35.0659 6108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:40:35.0661 6108 NdisTapi - ok
09:40:35.0698 6108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:40:35.0699 6108 Ndisuio - ok
09:40:35.0738 6108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:40:35.0741 6108 NdisWan - ok
09:40:35.0789 6108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:40:35.0790 6108 NDProxy - ok
09:40:35.0859 6108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:40:35.0861 6108 NetBIOS - ok
09:40:35.0905 6108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:40:35.0908 6108 NetBT - ok
09:40:35.0941 6108 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:40:35.0943 6108 Netlogon - ok
09:40:36.0016 6108 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:40:36.0022 6108 Netman - ok
09:40:36.0050 6108 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:40:36.0058 6108 netprofm - ok
09:40:36.0096 6108 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:40:36.0108 6108 NetTcpPortSharing - ok
09:40:36.0178 6108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:40:36.0180 6108 nfrd960 - ok
09:40:36.0252 6108 NIS (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
09:40:36.0255 6108 NIS - ok
09:40:36.0331 6108 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:40:36.0337 6108 NlaSvc - ok
09:40:36.0398 6108 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
09:40:36.0407 6108 nmservice - ok
09:40:36.0434 6108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:40:36.0435 6108 Npfs - ok
09:40:36.0504 6108 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:40:36.0506 6108 nsi - ok
09:40:36.0536 6108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:40:36.0537 6108 nsiproxy - ok
09:40:36.0598 6108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:40:36.0608 6108 Ntfs - ok
09:40:36.0666 6108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:40:36.0667 6108 Null - ok
09:40:36.0714 6108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:40:36.0716 6108 nvraid - ok
09:40:36.0748 6108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:40:36.0751 6108 nvstor - ok
09:40:36.0774 6108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:40:36.0776 6108 nv_agp - ok
09:40:36.0846 6108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:40:36.0848 6108 ohci1394 - ok
09:40:36.0886 6108 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:40:36.0890 6108 p2pimsvc - ok
09:40:36.0915 6108 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:40:36.0922 6108 p2psvc - ok
09:40:36.0970 6108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:40:36.0971 6108 Parport - ok
09:40:37.0014 6108 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:40:37.0016 6108 partmgr - ok
09:40:37.0052 6108 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:40:37.0056 6108 PcaSvc - ok
09:40:37.0127 6108 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
09:40:37.0220 6108 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
09:40:37.0305 6108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:40:37.0307 6108 pci - ok
09:40:37.0322 6108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:40:37.0323 6108 pciide - ok
09:40:37.0355 6108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:40:37.0359 6108 pcmcia - ok
09:40:37.0381 6108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:40:37.0383 6108 pcw - ok
09:40:37.0446 6108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:40:37.0453 6108 PEAUTH - ok
09:40:37.0490 6108 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:40:37.0511 6108 PerfHost - ok
09:40:37.0628 6108 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:40:37.0646 6108 pla - ok
09:40:37.0698 6108 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:40:37.0705 6108 PlugPlay - ok
09:40:37.0794 6108 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
09:40:37.0795 6108 pnarp - ok
09:40:37.0807 6108 PnkBstrA - ok
09:40:37.0850 6108 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:40:37.0872 6108 PNRPAutoReg - ok
09:40:37.0894 6108 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:40:37.0897 6108 PNRPsvc - ok
09:40:37.0986 6108 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:40:37.0993 6108 PolicyAgent - ok
09:40:38.0021 6108 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:40:38.0026 6108 Power - ok
09:40:38.0082 6108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:40:38.0085 6108 PptpMiniport - ok
09:40:38.0145 6108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:40:38.0146 6108 Processor - ok
09:40:38.0178 6108 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:40:38.0183 6108 ProfSvc - ok
09:40:38.0208 6108 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:40:38.0210 6108 ProtectedStorage - ok
09:40:38.0254 6108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:40:38.0256 6108 Psched - ok
09:40:38.0342 6108 PSSDK42 (cd33cb6fecf65520466f95ab89cc4af5) C:\Windows\system32\Drivers\pssdk42.sys
09:40:38.0343 6108 PSSDK42 - ok
09:40:38.0381 6108 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
09:40:38.0382 6108 purendis - ok
09:40:38.0438 6108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:40:38.0455 6108 ql2300 - ok
09:40:38.0520 6108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:40:38.0523 6108 ql40xx - ok
09:40:38.0557 6108 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:40:38.0582 6108 QWAVE - ok
09:40:38.0616 6108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:40:38.0618 6108 QWAVEdrv - ok
09:40:38.0671 6108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:40:38.0672 6108 RasAcd - ok
09:40:38.0701 6108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:40:38.0702 6108 RasAgileVpn - ok
09:40:38.0728 6108 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:40:38.0746 6108 RasAuto - ok
09:40:38.0829 6108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:40:38.0832 6108 Rasl2tp - ok
09:40:38.0868 6108 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:40:38.0874 6108 RasMan - ok
09:40:38.0897 6108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:40:38.0900 6108 RasPppoe - ok
09:40:38.0956 6108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:40:38.0958 6108 RasSstp - ok
09:40:38.0995 6108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:40:39.0000 6108 rdbss - ok
09:40:39.0032 6108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:40:39.0033 6108 rdpbus - ok
09:40:39.0054 6108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:40:39.0055 6108 RDPCDD - ok
09:40:39.0118 6108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:40:39.0119 6108 RDPENCDD - ok
09:40:39.0131 6108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:40:39.0132 6108 RDPREFMP - ok
09:40:39.0161 6108 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
09:40:39.0162 6108 RDPWD - ok
09:40:39.0200 6108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:40:39.0203 6108 rdyboost - ok
09:40:39.0225 6108 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:40:39.0240 6108 RemoteAccess - ok
09:40:39.0307 6108 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:40:39.0318 6108 RemoteRegistry - ok
09:40:39.0334 6108 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:40:39.0337 6108 RpcEptMapper - ok
09:40:39.0361 6108 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:40:39.0363 6108 RpcLocator - ok
09:40:39.0404 6108 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
09:40:39.0409 6108 RpcSs - ok
09:40:39.0494 6108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:40:39.0496 6108 rspndr - ok
09:40:39.0537 6108 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:40:39.0540 6108 RTL8167 - ok
09:40:39.0602 6108 RzSynapse (d2ceff3befe9c468717b6bb7fa4a5e44) C:\Windows\system32\DRIVERS\RzSynapse.sys
09:40:39.0604 6108 RzSynapse - ok
09:40:39.0649 6108 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:40:39.0650 6108 SamSs - ok
09:40:39.0712 6108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:40:39.0715 6108 sbp2port - ok
09:40:39.0818 6108 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
09:40:39.0836 6108 SBSDWSCService - ok
09:40:39.0897 6108 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:40:39.0943 6108 SCardSvr - ok
09:40:39.0996 6108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:40:39.0997 6108 scfilter - ok
09:40:40.0087 6108 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:40:40.0100 6108 Schedule - ok
09:40:40.0137 6108 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:40:40.0138 6108 SCPolicySvc - ok
09:40:40.0164 6108 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:40:40.0192 6108 SDRSVC - ok
09:40:40.0280 6108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:40:40.0282 6108 secdrv - ok
09:40:40.0319 6108 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:40:40.0321 6108 seclogon - ok
09:40:40.0355 6108 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:40:40.0358 6108 SENS - ok
09:40:40.0404 6108 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:40:40.0441 6108 SensrSvc - ok
09:40:40.0478 6108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:40:40.0479 6108 Serenum - ok
09:40:40.0548 6108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:40:40.0550 6108 Serial - ok
09:40:40.0581 6108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:40:40.0583 6108 sermouse - ok
09:40:40.0632 6108 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:40:40.0660 6108 SessionEnv - ok
09:40:40.0697 6108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:40:40.0699 6108 sffdisk - ok
09:40:40.0707 6108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:40:40.0708 6108 sffp_mmc - ok
09:40:40.0717 6108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:40:40.0718 6108 sffp_sd - ok
09:40:40.0736 6108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:40:40.0737 6108 sfloppy - ok
09:40:40.0834 6108 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:40:40.0865 6108 SharedAccess - ok
09:40:40.0970 6108 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:40:40.0996 6108 ShellHWDetection - ok
09:40:41.0046 6108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:40:41.0048 6108 SiSRaid2 - ok
09:40:41.0146 6108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:40:41.0148 6108 SiSRaid4 - ok
09:40:41.0228 6108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:40:41.0242 6108 Smb - ok
09:40:41.0287 6108 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:40:41.0306 6108 SNMPTRAP - ok
09:40:41.0416 6108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:40:41.0416 6108 spldr - ok
09:40:41.0499 6108 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:40:41.0508 6108 Spooler - ok
09:40:41.0865 6108 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:40:41.0924 6108 sppsvc - ok
09:40:42.0034 6108 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:40:42.0060 6108 sppuinotify - ok
09:40:42.0121 6108 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
09:40:42.0127 6108 SRTSP - ok
09:40:42.0315 6108 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
09:40:42.0316 6108 SRTSPX - ok
09:40:42.0424 6108 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:40:42.0435 6108 srv - ok
09:40:42.0661 6108 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:40:42.0666 6108 srv2 - ok
09:40:42.0705 6108 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:40:42.0707 6108 srvnet - ok
09:40:42.0791 6108 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:40:42.0794 6108 SSDPSRV - ok
09:40:42.0864 6108 SSMO3v2Filter (d1e083d50f354a1840c9df1c62437bc9) C:\Windows\system32\drivers\MO3v2Driver.sys
09:40:42.0866 6108 SSMO3v2Filter - ok
09:40:42.0937 6108 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:40:42.0947 6108 SstpSvc - ok
09:40:43.0037 6108 Steam Client Service - ok
09:40:43.0182 6108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:40:43.0183 6108 stexstor - ok
09:40:43.0296 6108 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:40:43.0306 6108 stisvc - ok
09:40:43.0606 6108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:40:43.0617 6108 swenum - ok
09:40:43.0663 6108 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:40:43.0671 6108 swprv - ok
09:40:43.0862 6108 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
09:40:43.0867 6108 SymDS - ok
09:40:43.0936 6108 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
09:40:43.0939 6108 SymEFA - ok
09:40:44.0169 6108 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
09:40:44.0184 6108 SymEvent - ok
09:40:44.0227 6108 SYMFW - ok
09:40:44.0295 6108 SymIM (f7f3deb5fdd6cea69a8d1544f7becaf1) C:\Windows\system32\DRIVERS\SymIMv.sys
09:40:44.0297 6108 SymIM - ok
09:40:44.0342 6108 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
09:40:44.0344 6108 SymIRON - ok
09:40:44.0377 6108 SYMNDISV - ok
09:40:44.0770 6108 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
09:40:44.0795 6108 SYMTDIv - ok
09:40:45.0129 6108 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:40:45.0150 6108 SysMain - ok
09:40:45.0283 6108 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:40:45.0313 6108 TabletInputService - ok
09:40:45.0370 6108 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:40:45.0376 6108 TapiSrv - ok
09:40:45.0457 6108 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:40:45.0460 6108 TBS - ok
09:40:45.0570 6108 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:40:45.0608 6108 Tcpip - ok
09:40:45.0676 6108 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:40:45.0686 6108 TCPIP6 - ok
09:40:45.0719 6108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:40:45.0738 6108 tcpipreg - ok
09:40:45.0789 6108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:40:45.0808 6108 TDPIPE - ok
09:40:45.0861 6108 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:40:45.0862 6108 TDTCP - ok
09:40:45.0995 6108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:40:46.0010 6108 tdx - ok
09:40:46.0176 6108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:40:46.0192 6108 TermDD - ok
09:40:46.0241 6108 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:40:46.0269 6108 TermService - ok
09:40:46.0332 6108 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:40:46.0335 6108 Themes - ok
09:40:46.0360 6108 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:40:46.0379 6108 THREADORDER - ok
09:40:46.0413 6108 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:40:46.0416 6108 TrkWks - ok
09:40:46.0514 6108 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:40:46.0516 6108 TrustedInstaller - ok
09:40:46.0606 6108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:40:46.0608 6108 tssecsrv - ok
09:40:46.0658 6108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:40:46.0660 6108 TsUsbFlt - ok
09:40:46.0701 6108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:40:46.0718 6108 tunnel - ok
09:40:46.0797 6108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:40:46.0798 6108 uagp35 - ok
09:40:46.0848 6108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:40:46.0852 6108 udfs - ok
09:40:46.0880 6108 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:40:46.0898 6108 UI0Detect - ok
09:40:46.0986 6108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:40:47.0003 6108 uliagpkx - ok
09:40:47.0064 6108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:40:47.0078 6108 umbus - ok
09:40:47.0121 6108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:40:47.0123 6108 UmPass - ok
09:40:47.0264 6108 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:40:47.0275 6108 upnphost - ok
09:40:47.0320 6108 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
09:40:47.0321 6108 USBAAPL64 - ok
09:40:47.0365 6108 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:40:47.0367 6108 usbccgp - ok
09:40:47.0512 6108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:40:47.0532 6108 usbcir - ok
09:40:47.0598 6108 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:40:47.0615 6108 usbehci - ok
09:40:47.0790 6108 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:40:47.0795 6108 usbhub - ok
09:40:47.0847 6108 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:40:47.0848 6108 usbohci - ok
09:40:47.0866 6108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:40:47.0869 6108 usbprint - ok
09:40:48.0012 6108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:40:48.0014 6108 USBSTOR - ok
09:40:48.0059 6108 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
09:40:48.0060 6108 usbuhci - ok
09:40:48.0083 6108 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
09:40:48.0084 6108 usb_rndisx - ok
09:40:48.0188 6108 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:40:48.0191 6108 UxSms - ok
09:40:48.0223 6108 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:40:48.0225 6108 VaultSvc - ok
09:40:48.0272 6108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:40:48.0287 6108 vdrvroot - ok
09:40:48.0384 6108 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:40:48.0402 6108 vds - ok
09:40:48.0446 6108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:40:48.0448 6108 vga - ok
09:40:48.0473 6108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:40:48.0475 6108 VgaSave - ok
09:40:48.0577 6108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:40:48.0594 6108 vhdmp - ok
09:40:48.0630 6108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:40:48.0632 6108 viaide - ok
09:40:48.0684 6108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:40:48.0686 6108 volmgr - ok
09:40:48.0731 6108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:40:48.0735 6108 volmgrx - ok
09:40:48.0810 6108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:40:48.0814 6108 volsnap - ok
09:40:48.0916 6108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:40:48.0921 6108 vsmraid - ok
09:40:49.0033 6108 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:40:49.0053 6108 VSS - ok
09:40:49.0087 6108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:40:49.0089 6108 vwifibus - ok
09:40:49.0146 6108 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:40:49.0148 6108 vwififlt - ok
09:40:49.0164 6108 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:40:49.0165 6108 vwifimp - ok
09:40:49.0200 6108 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:40:49.0208 6108 W32Time - ok
09:40:49.0241 6108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:40:49.0242 6108 WacomPen - ok
09:40:49.0347 6108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:40:49.0350 6108 WANARP - ok
09:40:49.0356 6108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:40:49.0357 6108 Wanarpv6 - ok
09:40:49.0496 6108 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:40:49.0518 6108 WatAdminSvc - ok
09:40:49.0636 6108 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:40:49.0671 6108 wbengine - ok
09:40:49.0796 6108 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:40:49.0827 6108 WbioSrvc - ok
09:40:49.0886 6108 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:40:49.0892 6108 wcncsvc - ok
09:40:49.0955 6108 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:40:49.0959 6108 WcsPlugInService - ok
09:40:49.0989 6108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:40:49.0990 6108 Wd - ok
09:40:50.0056 6108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:40:50.0064 6108 Wdf01000 - ok
09:40:50.0129 6108 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:40:50.0133 6108 WdiServiceHost - ok
09:40:50.0138 6108 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:40:50.0141 6108 WdiSystemHost - ok
09:40:50.0180 6108 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:40:50.0201 6108 WebClient - ok
09:40:50.0277 6108 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:40:50.0290 6108 Wecsvc - ok
09:40:50.0381 6108 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:40:50.0384 6108 wercplsupport - ok
09:40:50.0420 6108 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:40:50.0425 6108 WerSvc - ok
09:40:50.0530 6108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:40:50.0531 6108 WfpLwf - ok
09:40:50.0588 6108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:40:50.0589 6108 WIMMount - ok
09:40:50.0621 6108 WinDefend - ok
09:40:50.0634 6108 WinHttpAutoProxySvc - ok
09:40:50.0684 6108 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:40:50.0696 6108 Winmgmt - ok
09:40:50.0826 6108 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:40:50.0861 6108 WinRM - ok
09:40:51.0035 6108 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:40:51.0050 6108 winusb - ok
09:40:51.0207 6108 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:40:51.0219 6108 Wlansvc - ok
09:40:51.0283 6108 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:40:51.0306 6108 wlcrasvc - ok
09:40:51.0445 6108 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:40:51.0471 6108 wlidsvc - ok
09:40:51.0583 6108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:40:51.0585 6108 WmiAcpi - ok
09:40:51.0684 6108 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:40:51.0743 6108 wmiApSrv - ok
09:40:51.0793 6108 WMPNetworkSvc - ok
09:40:51.0883 6108 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:40:51.0919 6108 WPCSvc - ok
09:40:51.0981 6108 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:40:51.0984 6108 WPDBusEnum - ok
09:40:52.0046 6108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:40:52.0047 6108 ws2ifsl - ok
09:40:52.0140 6108 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:40:52.0158 6108 wscsvc - ok
09:40:52.0262 6108 WSearch - ok
09:40:52.0408 6108 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:40:52.0437 6108 wuauserv - ok
09:40:52.0498 6108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:40:52.0501 6108 WudfPf - ok
09:40:52.0570 6108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:40:52.0573 6108 WUDFRd - ok
09:40:52.0629 6108 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:40:52.0634 6108 wudfsvc - ok
09:40:52.0720 6108 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:40:52.0766 6108 WwanSvc - ok
09:40:52.0836 6108 MBR (0x1B8) (97c4241adcb2e49b23d35d9ba3da370c) \Device\Harddisk0\DR0
09:40:53.0974 6108 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:40:53.0974 6108 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:40:53.0983 6108 Boot (0x1200) (d6f7a9b5b9efc3a60f637bd61806edc8) \Device\Harddisk0\DR0\Partition0
09:40:53.0984 6108 \Device\Harddisk0\DR0\Partition0 - ok
09:40:53.0999 6108 Boot (0x1200) (d53efde084897c5098f255ab1f9c1455) \Device\Harddisk0\DR0\Partition1
09:40:54.0002 6108 \Device\Harddisk0\DR0\Partition1 - ok
09:40:54.0036 6108 Boot (0x1200) (e20307073b79529e116cd240b7831ffb) \Device\Harddisk0\DR0\Partition2
09:40:54.0083 6108 \Device\Harddisk0\DR0\Partition2 - ok
09:40:54.0097 6108 ============================================================
09:40:54.0098 6108 Scan finished
09:40:54.0098 6108 ============================================================
09:40:54.0121 3888 Detected object count: 1
09:40:54.0121 3888 Actual detected object count: 1
09:41:09.0584 3888 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:41:09.0584 3888 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:41:33.0502 2668 Deinitialize success

#6 tarreg01

tarreg01
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 26 March 2012 - 08:44 AM

Thank you for the help. I should mention, since I failed to do so in my initial post, in addition to whatever else may be affecting me, I believe I have a google redirect virus..Happilli? Thanks again.

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:37 PM

Posted 26 March 2012 - 08:52 AM

Hi

Please go ahead and re-run TDSSKiller,
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan

Now when it finds that entry again
09:41:09.0584 3888 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:41:09.0584 3888 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

chooses DELETE


NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 tarreg01

tarreg01
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 26 March 2012 - 11:44 AM

what is the name of the log? after i ran the scan, it autorebooted. when it rebooted, i started getting a bunch of errors that wouldn't allow me to copy and paste the log onto anything...

#9 tarreg01

tarreg01
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 26 March 2012 - 11:53 AM

ComboFix 12-03-26.02 - Travis 03/26/2012 12:10:56.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.7370 [GMT -4:00]
Running from: c:\users\Travis\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 16:19 . 2012-03-26 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-22 18:01 . 2012-03-22 18:01 -------- d-----w- c:\program files (x86)\ESET
2012-03-22 13:08 . 2012-03-22 13:08 -------- d-----w- C:\_OTL
2012-03-22 11:50 . 2012-03-22 11:51 12464 ----a-w- c:\windows\SysWow64\drivers\SECDRV.SYS
2012-03-22 10:59 . 2012-03-22 11:00 -------- d-----w- c:\users\test admin
2012-03-22 08:23 . 2012-03-22 00:24 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-22 00:34 . 2012-03-22 00:24 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-22 00:26 . 2012-03-22 00:26 388096 ----a-r- c:\users\Travis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-22 00:26 . 2012-03-22 00:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-22 00:24 . 2012-03-22 00:28 -------- d-----w- c:\users\Travis\AppData\Local\adawarebp
2012-03-22 00:23 . 2012-03-26 12:05 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-03-22 00:23 . 2012-03-22 00:23 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-03-22 00:23 . 2012-03-22 00:23 -------- d-----w- c:\program files (x86)\adawaretb
2012-03-22 00:23 . 2012-03-20 17:41 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-22 00:23 . 2012-03-22 00:23 -------- d-----w- c:\programdata\Lavasoft
2012-03-22 00:23 . 2012-03-22 00:23 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-22 00:10 . 2012-03-22 00:10 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-22 00:10 . 2012-03-22 00:10 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-21 03:01 . 2012-03-21 03:01 -------- d-----w- c:\programdata\ATI
2012-03-21 02:58 . 2012-03-21 03:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-21 02:58 . 2012-03-21 02:59 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-21 02:55 . 2012-03-21 02:55 -------- d-----w- c:\programdata\AMD
2012-03-21 02:55 . 2012-03-21 02:55 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-21 02:55 . 2012-03-21 02:55 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-21 02:43 . 2012-03-21 02:43 -------- d-----w- C:\AMD
2012-03-21 02:37 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-21 02:37 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-21 02:37 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-21 02:30 . 2012-03-26 16:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-21 00:44 . 2012-03-21 00:44 -------- d-----w- c:\users\Travis\AppData\Roaming\Malwarebytes
2012-03-21 00:44 . 2012-03-21 01:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-21 00:44 . 2012-03-21 00:44 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 00:44 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:11 . 2012-03-21 00:11 -------- d-----w- C:\bcfc72ca03d941dc4215a618a1
2012-03-21 00:11 . 2012-03-21 00:11 -------- d-----w- C:\a1bd0fb052432ed4669e
2012-03-20 12:48 . 2012-03-20 12:48 -------- d-----w- c:\windows\system32\MpEngineStore
2012-03-20 12:47 . 2012-03-20 15:09 -------- d-----w- C:\3ed8943729bfa6b0d7ce1b9872e83e
2012-03-19 12:11 . 2010-05-06 04:01 53808 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-03-14 16:57 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 16:57 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 16:57 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 11:11 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:11 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:11 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:11 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:11 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 11:11 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:11 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-08 23:34 . 2012-03-08 23:34 -------- d-----w- c:\program files\iPod
2012-03-08 23:33 . 2012-03-08 23:35 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 02:38 . 2011-07-07 11:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2010-04-20 21:01 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2010-02-03 04:22 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2010-09-08 06:52 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2009-08-31 19:26 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2010-09-08 06:28 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2009-08-31 19:26 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2009-08-31 19:26 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2010-09-08 06:22 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-02-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2011-10-26 01:22 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-09-08 06:14 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2010-09-08 06:14 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2010-09-08 06:14 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-15 02:05 . 2012-02-15 02:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 02:05 . 2012-02-15 02:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 02:05 . 2012-02-15 02:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 02:05 . 2012-02-15 02:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 02:05 . 2012-02-15 02:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 02:04 . 2012-02-15 02:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 02:03 . 2012-02-15 02:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 02:03 . 2012-02-15 02:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-01 01:01 . 2012-02-01 01:01 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-31 10:02 . 2012-01-31 10:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 10:00 . 2012-01-31 10:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-04 10:44 . 2012-02-16 02:31 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 02:31 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 02:31 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 02:31 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 02:31 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2001-09-28 22:00 . 2010-01-29 01:25 164864 ----a-w- c:\program files (x86)\UNWISE.EXE
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-24_20.23.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-31 18:46 . 2012-03-26 16:25 66198 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-26 16:25 30206 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-06 00:58 . 2012-03-26 16:25 21726 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1390726574-1558118168-470798459-1001_UserData.bin
+ 2009-12-05 18:49 . 2012-03-26 14:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-05 18:49 . 2012-03-22 13:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-22 13:17 . 2012-03-22 13:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-22 13:17 . 2012-03-26 14:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-26 14:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-22 13:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-24 20:21 . 2012-03-24 20:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-26 16:21 . 2012-03-26 16:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-24 20:21 . 2012-03-24 20:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-26 16:21 . 2012-03-26 16:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-03-26 16:21 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-24 20:21 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-03-24 19:54 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-26 16:02 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-03-24 20:21 5931008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-26 16:21 5931008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-16 08:26 . 2012-03-26 16:02 4967920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-16 08:26 . 2012-03-24 19:55 4967920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 04:54 . 2012-03-26 16:21 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-24 20:21 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-06 00:55 . 2012-03-26 16:02 24122616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1390726574-1558118168-470798459-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-11 1242448]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-03-10 385024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShaPlus Bandwidth Meter"="c:\program files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" [X]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"NetWorx"="c:\program files (x86)\NetWorx\networx.exe" [2010-01-25 2892288]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse"="c:\program files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe" [2010-12-23 1987072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-02-28 198032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adawarebp"="reg.exe delete HKCU\Software\AppDataLow\Software\adawarebp" [X]
"adawarebp_XP"="reg.exe delete HKCU\Software\adawarebp" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/10/27 21:15;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-06-10 23536]
R3 RzSynapse;Razer Naga Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120323.002\IDSvia64.sys [2012-03-06 488568]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-22 2152152]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-05-01 2560]
S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-07 138360]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-22 17152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-03-20 00:24]
.
2012-03-21 c:\windows\Tasks\HPCeeScheduleForTravis.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-02-29 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=1_0&u=0F63BFA6AB623D0867FF544F6A711432
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\j1fmjcb3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1678857&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://drudgereport.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390726574-1558118168-470798459-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1390726574-1558118168-470798459-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1390726574-1558118168-470798459-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:67,6f,53,46,28,97,d2,3a,39,67,f6,99,47,b8,25,b0,04,5c,26,87,a1,5c,2f,
9f,4c,2e,b6,b2,40,a4,5b,a3,c8,a0,89,fd,bc,86,e1,50,12,84,fb,98,79,49,ec,af,\
"??"=hex:4a,72,cc,36,c2,36,47,bb,97,c7,9d,de,ff,5a,c2,15
.
[HKEY_USERS\S-1-5-21-1390726574-1558118168-470798459-1001\Software\SecuROM\License information*]
"datasecu"=hex:9f,b5,bf,8d,d0,ef,76,b8,e8,b1,40,7c,bf,eb,97,6a,19,a8,40,b5,9d,
5f,60,51,d3,de,9b,5c,34,02,54,24,3f,ef,1f,70,c6,28,f0,bb,24,31,5b,ef,02,b0,\
"rkeysecu"=hex:9d,64,f9,67,ca,0c,b3,6e,5d,9c,65,6b,69,ab,e1,3c
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\C86C7C0BEFF8CAE2B445F63B38B4A204]
"1"=hex:27,43,26,b3,e6,bd,3b,ee,e1,dc,ed,32,12,24,84,b4,4f,6f,ee,a0,59,e3,64,
0c,09,0e,69,20,36,0b,13,fc
"2"=hex:ff,46,a9,cd,53,d2,ef,98
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,22,9f,6b,c5,83,ff,ec,
50,c6,58,71,7d,25,ed,f0,d4,42,00,04,86,b9,87,77,63
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\java.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-03-26 12:30:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-26 16:30
ComboFix2.txt 2012-03-24 20:31
.
Pre-Run: 635,863,666,688 bytes free
Post-Run: 635,909,193,728 bytes free
.
- - End Of File - - B7E115BFE3643189DE380B3F695308C2

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:37 PM

Posted 26 March 2012 - 02:39 PM

did you run the TDSSKiller program again and delete what it found? There should be a log on your C:\ drive

the first ComboFix log should be at C:\Qoobox\combofix2.txt


please run the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 tarreg01

tarreg01
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 27 March 2012 - 06:51 AM

here is the tdsskiller log from yesterday:
11:59:54.0602 2696 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
11:59:54.0900 2696 ============================================================
11:59:54.0900 2696 Current date / time: 2012/03/26 11:59:54.0900
11:59:54.0900 2696 SystemInfo:
11:59:54.0900 2696
11:59:54.0900 2696 OS Version: 6.1.7601 ServicePack: 1.0
11:59:54.0900 2696 Product type: Workstation
11:59:54.0901 2696 ComputerName: TRAVIS-PC
11:59:54.0901 2696 UserName: Travis
11:59:54.0901 2696 Windows directory: C:\Windows
11:59:54.0901 2696 System windows directory: C:\Windows
11:59:54.0901 2696 Running under WOW64
11:59:54.0901 2696 Processor architecture: Intel x64
11:59:54.0901 2696 Number of processors: 4
11:59:54.0901 2696 Page size: 0x1000
11:59:54.0901 2696 Boot type: Normal boot
11:59:54.0901 2696 ============================================================
11:59:55.0939 2696 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:59:55.0997 2696 \Device\Harddisk0\DR0:
11:59:56.0011 2696 MBR used
11:59:56.0011 2696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:59:56.0011 2696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72EAA000
11:59:56.0011 2696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72EDC800, BlocksNum 0x1829800
11:59:56.0123 2696 Initialize success
11:59:56.0123 2696 ============================================================
12:00:21.0162 2960 ============================================================
12:00:21.0162 2960 Scan started
12:00:21.0162 2960 Mode: Manual; TDLFS;
12:00:21.0162 2960 ============================================================
12:00:22.0029 2960 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:00:22.0031 2960 1394ohci - ok
12:00:22.0079 2960 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:00:22.0081 2960 ACPI - ok
12:00:22.0109 2960 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:00:22.0110 2960 AcpiPmi - ok
12:00:22.0199 2960 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:00:22.0201 2960 adp94xx - ok
12:00:22.0226 2960 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:00:22.0228 2960 adpahci - ok
12:00:22.0251 2960 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:00:22.0253 2960 adpu320 - ok
12:00:22.0279 2960 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:00:22.0280 2960 AeLookupSvc - ok
12:00:22.0368 2960 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:00:22.0371 2960 AFD - ok
12:00:22.0404 2960 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:00:22.0405 2960 agp440 - ok
12:00:22.0428 2960 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:00:22.0429 2960 ALG - ok
12:00:22.0520 2960 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:00:22.0520 2960 aliide - ok
12:00:22.0554 2960 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
12:00:22.0556 2960 AMD External Events Utility - ok
12:00:22.0571 2960 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:00:22.0571 2960 amdide - ok
12:00:22.0648 2960 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:00:22.0649 2960 AmdK8 - ok
12:00:22.0839 2960 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
12:00:22.0891 2960 amdkmdag - ok
12:00:22.0966 2960 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
12:00:22.0968 2960 amdkmdap - ok
12:00:22.0992 2960 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:00:22.0993 2960 AmdPPM - ok
12:00:23.0038 2960 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:00:23.0039 2960 amdsata - ok
12:00:23.0069 2960 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:00:23.0070 2960 amdsbs - ok
12:00:23.0128 2960 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:00:23.0128 2960 amdxata - ok
12:00:23.0169 2960 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:00:23.0170 2960 AppID - ok
12:00:23.0200 2960 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:00:23.0200 2960 AppIDSvc - ok
12:00:23.0238 2960 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:00:23.0239 2960 Appinfo - ok
12:00:23.0337 2960 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:00:23.0338 2960 Apple Mobile Device - ok
12:00:23.0423 2960 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:00:23.0424 2960 arc - ok
12:00:23.0444 2960 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:00:23.0445 2960 arcsas - ok
12:00:23.0496 2960 aspnet_state - ok
12:00:23.0568 2960 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:00:23.0569 2960 AsyncMac - ok
12:00:23.0603 2960 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:00:23.0603 2960 atapi - ok
12:00:23.0676 2960 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
12:00:23.0686 2960 athr - ok
12:00:23.0771 2960 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
12:00:23.0772 2960 AtiHdmiService - ok
12:00:23.0956 2960 atikmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
12:00:24.0011 2960 atikmdag - ok
12:00:24.0109 2960 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
12:00:24.0110 2960 atksgt - ok
12:00:24.0165 2960 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:00:24.0168 2960 AudioEndpointBuilder - ok
12:00:24.0178 2960 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:00:24.0182 2960 AudioSrv - ok
12:00:24.0267 2960 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:00:24.0268 2960 AxInstSV - ok
12:00:24.0305 2960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:00:24.0308 2960 b06bdrv - ok
12:00:24.0345 2960 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:00:24.0347 2960 b57nd60a - ok
12:00:24.0411 2960 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:00:24.0412 2960 BDESVC - ok
12:00:24.0427 2960 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:00:24.0428 2960 Beep - ok
12:00:24.0476 2960 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:00:24.0480 2960 BFE - ok
12:00:24.0629 2960 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
12:00:24.0636 2960 BHDrvx64 - ok
12:00:24.0713 2960 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:00:24.0719 2960 BITS - ok
12:00:24.0760 2960 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:00:24.0760 2960 blbdrive - ok
12:00:24.0822 2960 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:00:24.0825 2960 Bonjour Service - ok
12:00:24.0910 2960 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:00:24.0911 2960 bowser - ok
12:00:24.0925 2960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:00:24.0926 2960 BrFiltLo - ok
12:00:24.0940 2960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:00:24.0940 2960 BrFiltUp - ok
12:00:24.0989 2960 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:00:24.0989 2960 BridgeMP - ok
12:00:25.0066 2960 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:00:25.0067 2960 Browser - ok
12:00:25.0106 2960 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:00:25.0108 2960 Brserid - ok
12:00:25.0124 2960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:00:25.0125 2960 BrSerWdm - ok
12:00:25.0154 2960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:00:25.0154 2960 BrUsbMdm - ok
12:00:25.0208 2960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:00:25.0209 2960 BrUsbSer - ok
12:00:25.0240 2960 BTCFilterService - ok
12:00:25.0268 2960 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:00:25.0270 2960 BTHMODEM - ok
12:00:25.0296 2960 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:00:25.0297 2960 bthserv - ok
12:00:25.0394 2960 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
12:00:25.0395 2960 BVRPMPR5a64 - ok
12:00:25.0417 2960 catchme - ok
12:00:25.0454 2960 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
12:00:25.0458 2960 ccHP - ok
12:00:25.0527 2960 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:00:25.0528 2960 cdfs - ok
12:00:25.0569 2960 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:00:25.0570 2960 cdrom - ok
12:00:25.0619 2960 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:00:25.0621 2960 CertPropSvc - ok
12:00:25.0703 2960 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:00:25.0703 2960 circlass - ok
12:00:25.0727 2960 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:00:25.0729 2960 CLFS - ok
12:00:25.0823 2960 CLKMSVC10_C6F09094 (dede5ec7dc09d840d5d74e06ff4de127) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
12:00:25.0824 2960 CLKMSVC10_C6F09094 - ok
12:00:25.0896 2960 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:00:25.0897 2960 clr_optimization_v2.0.50727_32 - ok
12:00:25.0926 2960 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:00:25.0927 2960 clr_optimization_v2.0.50727_64 - ok
12:00:26.0038 2960 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:00:26.0040 2960 clr_optimization_v4.0.30319_32 - ok
12:00:26.0091 2960 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:00:26.0093 2960 clr_optimization_v4.0.30319_64 - ok
12:00:26.0161 2960 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:00:26.0162 2960 CmBatt - ok
12:00:26.0199 2960 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:00:26.0200 2960 cmdide - ok
12:00:26.0226 2960 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:00:26.0232 2960 CNG - ok
12:00:26.0252 2960 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:00:26.0253 2960 Compbatt - ok
12:00:26.0337 2960 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:00:26.0338 2960 CompositeBus - ok
12:00:26.0347 2960 COMSysApp - ok
12:00:26.0370 2960 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:00:26.0371 2960 crcdisk - ok
12:00:26.0417 2960 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:00:26.0420 2960 CryptSvc - ok
12:00:26.0460 2960 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:00:26.0464 2960 DcomLaunch - ok
12:00:26.0534 2960 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:00:26.0538 2960 defragsvc - ok
12:00:26.0579 2960 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:00:26.0581 2960 DfsC - ok
12:00:26.0620 2960 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:00:26.0624 2960 Dhcp - ok
12:00:26.0685 2960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:00:26.0686 2960 discache - ok
12:00:26.0735 2960 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:00:26.0737 2960 Disk - ok
12:00:26.0773 2960 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:00:26.0776 2960 Dnscache - ok
12:00:26.0861 2960 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:00:26.0863 2960 dot3svc - ok
12:00:26.0878 2960 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:00:26.0880 2960 DPS - ok
12:00:26.0924 2960 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:00:26.0925 2960 drmkaud - ok
12:00:27.0020 2960 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:00:27.0029 2960 DXGKrnl - ok
12:00:27.0066 2960 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:00:27.0068 2960 EapHost - ok
12:00:27.0148 2960 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:00:27.0180 2960 ebdrv - ok
12:00:27.0241 2960 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:00:27.0246 2960 eeCtrl - ok
12:00:27.0313 2960 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:00:27.0315 2960 EFS - ok
12:00:27.0377 2960 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:00:27.0384 2960 ehRecvr - ok
12:00:27.0403 2960 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:00:27.0405 2960 ehSched - ok
12:00:27.0471 2960 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:00:27.0477 2960 elxstor - ok
12:00:27.0547 2960 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:00:27.0550 2960 EraserUtilRebootDrv - ok
12:00:27.0623 2960 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:00:27.0623 2960 ErrDev - ok
12:00:27.0662 2960 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:00:27.0667 2960 EventSystem - ok
12:00:27.0689 2960 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:00:27.0692 2960 exfat - ok
12:00:27.0712 2960 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:00:27.0714 2960 fastfat - ok
12:00:27.0808 2960 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:00:27.0815 2960 Fax - ok
12:00:27.0846 2960 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:00:27.0847 2960 fdc - ok
12:00:27.0870 2960 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:00:27.0871 2960 fdPHost - ok
12:00:27.0925 2960 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:00:27.0927 2960 FDResPub - ok
12:00:27.0946 2960 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:00:27.0948 2960 FileInfo - ok
12:00:27.0960 2960 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:00:27.0961 2960 Filetrace - ok
12:00:27.0985 2960 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:00:27.0987 2960 flpydisk - ok
12:00:28.0024 2960 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:00:28.0027 2960 FltMgr - ok
12:00:28.0128 2960 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:00:28.0140 2960 FontCache - ok
12:00:28.0196 2960 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:00:28.0197 2960 FontCache3.0.0.0 - ok
12:00:28.0259 2960 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:00:28.0261 2960 FsDepends - ok
12:00:28.0315 2960 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
12:00:28.0316 2960 fssfltr - ok
12:00:28.0385 2960 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:00:28.0400 2960 fsssvc - ok
12:00:28.0462 2960 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:00:28.0463 2960 Fs_Rec - ok
12:00:28.0502 2960 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:00:28.0505 2960 fvevol - ok
12:00:28.0534 2960 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:00:28.0535 2960 gagp30kx - ok
12:00:28.0591 2960 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
12:00:28.0594 2960 GameConsoleService - ok
12:00:28.0640 2960 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:00:28.0642 2960 GamesAppService - ok
12:00:28.0727 2960 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:00:28.0728 2960 GEARAspiWDM - ok
12:00:28.0771 2960 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:00:28.0780 2960 gpsvc - ok
12:00:28.0800 2960 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:00:28.0801 2960 hcw85cir - ok
12:00:28.0841 2960 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:00:28.0843 2960 HDAudBus - ok
12:00:28.0897 2960 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:00:28.0898 2960 HidBatt - ok
12:00:28.0930 2960 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:00:28.0932 2960 HidBth - ok
12:00:28.0962 2960 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:00:28.0964 2960 HidIr - ok
12:00:28.0992 2960 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:00:28.0994 2960 hidserv - ok
12:00:29.0088 2960 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:00:29.0089 2960 HidUsb - ok
12:00:29.0122 2960 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:00:29.0125 2960 hkmsvc - ok
12:00:29.0186 2960 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:00:29.0190 2960 HomeGroupListener - ok
12:00:29.0224 2960 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:00:29.0227 2960 HomeGroupProvider - ok
12:00:29.0303 2960 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
12:00:29.0305 2960 HP Support Assistant Service - ok
12:00:29.0328 2960 HPBtnSrv (deab3bf5aefbdc3f9ac0e020926ec81d) C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
12:00:29.0330 2960 HPBtnSrv - ok
12:00:29.0389 2960 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
12:00:29.0391 2960 HPDrvMntSvc.exe - ok
12:00:29.0451 2960 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
12:00:29.0459 2960 hpqwmiex - ok
12:00:29.0535 2960 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:00:29.0537 2960 HpSAMD - ok
12:00:29.0601 2960 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:00:29.0609 2960 HTTP - ok
12:00:29.0658 2960 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:00:29.0659 2960 hwpolicy - ok
12:00:29.0735 2960 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:00:29.0737 2960 i8042prt - ok
12:00:29.0781 2960 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:00:29.0786 2960 iaStorV - ok
12:00:29.0863 2960 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:00:29.0865 2960 IDriverT - ok
12:00:29.0949 2960 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:00:29.0958 2960 idsvc - ok
12:00:30.0070 2960 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120323.002\IDSvia64.sys
12:00:30.0076 2960 IDSVia64 - ok
12:00:30.0145 2960 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:00:30.0146 2960 iirsp - ok
12:00:30.0189 2960 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:00:30.0198 2960 IKEEXT - ok
12:00:30.0290 2960 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
12:00:30.0315 2960 IntcAzAudAddService - ok
12:00:30.0387 2960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:00:30.0388 2960 intelide - ok
12:00:30.0429 2960 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:00:30.0430 2960 intelppm - ok
12:00:30.0445 2960 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:00:30.0447 2960 IPBusEnum - ok
12:00:30.0482 2960 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:00:30.0483 2960 IpFilterDriver - ok
12:00:30.0560 2960 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:00:30.0567 2960 iphlpsvc - ok
12:00:30.0610 2960 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:00:30.0612 2960 IPMIDRV - ok
12:00:30.0634 2960 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:00:30.0636 2960 IPNAT - ok
12:00:30.0703 2960 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
12:00:30.0712 2960 iPod Service - ok
12:00:30.0788 2960 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:00:30.0789 2960 IRENUM - ok
12:00:30.0822 2960 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:00:30.0823 2960 isapnp - ok
12:00:30.0858 2960 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:00:30.0861 2960 iScsiPrt - ok
12:00:30.0921 2960 iWinTrusted (fe1a970e7ce330bb844e333c374c6599) C:\Program Files (x86)\iWin Games\iWinTrusted.exe
12:00:30.0922 2960 iWinTrusted - ok
12:00:31.0007 2960 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:00:31.0009 2960 kbdclass - ok
12:00:31.0048 2960 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:00:31.0049 2960 kbdhid - ok
12:00:31.0071 2960 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:00:31.0072 2960 KeyIso - ok
12:00:31.0089 2960 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:00:31.0091 2960 KSecDD - ok
12:00:31.0145 2960 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:00:31.0147 2960 KSecPkg - ok
12:00:31.0178 2960 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:00:31.0179 2960 ksthunk - ok
12:00:31.0212 2960 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:00:31.0215 2960 KtmRm - ok
12:00:31.0307 2960 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:00:31.0311 2960 LanmanServer - ok
12:00:31.0354 2960 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:00:31.0357 2960 LanmanWorkstation - ok
12:00:31.0439 2960 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
12:00:31.0451 2960 Lavasoft Ad-Aware Service - ok
12:00:31.0545 2960 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
12:00:31.0546 2960 Lbd - ok
12:00:31.0605 2960 LicCtrlService (29fab5363138f6e322f4cd780ed9d337) C:\Windows\runservice.exe
12:00:31.0606 2960 LicCtrlService - ok
12:00:31.0644 2960 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:00:31.0645 2960 LightScribeService - ok
12:00:31.0683 2960 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
12:00:31.0685 2960 LinksysUpdater - ok
12:00:31.0757 2960 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
12:00:31.0758 2960 lirsgt - ok
12:00:31.0798 2960 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:00:31.0799 2960 lltdio - ok
12:00:31.0830 2960 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:00:31.0832 2960 lltdsvc - ok
12:00:31.0893 2960 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:00:31.0895 2960 lmhosts - ok
12:00:31.0936 2960 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:00:31.0938 2960 LSI_FC - ok
12:00:31.0957 2960 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:00:31.0959 2960 LSI_SAS - ok
12:00:31.0981 2960 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:00:31.0983 2960 LSI_SAS2 - ok
12:00:32.0045 2960 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:00:32.0046 2960 LSI_SCSI - ok
12:00:32.0087 2960 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:00:32.0088 2960 luafv - ok
12:00:32.0180 2960 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
12:00:32.0183 2960 McComponentHostService - ok
12:00:32.0255 2960 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:00:32.0257 2960 Mcx2Svc - ok
12:00:32.0286 2960 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:00:32.0287 2960 megasas - ok
12:00:32.0309 2960 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:00:32.0313 2960 MegaSR - ok
12:00:32.0358 2960 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:00:32.0360 2960 MMCSS - ok
12:00:32.0391 2960 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:00:32.0393 2960 Modem - ok
12:00:32.0423 2960 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:00:32.0423 2960 monitor - ok
12:00:32.0464 2960 motandroidusb - ok
12:00:32.0480 2960 motccgp - ok
12:00:32.0489 2960 motccgpfl - ok
12:00:32.0498 2960 motmodem - ok
12:00:32.0507 2960 MotoSwitchService - ok
12:00:32.0516 2960 Motousbnet - ok
12:00:32.0524 2960 motusbdevice - ok
12:00:32.0569 2960 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:00:32.0570 2960 mouclass - ok
12:00:32.0596 2960 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:00:32.0597 2960 mouhid - ok
12:00:32.0632 2960 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:00:32.0634 2960 mountmgr - ok
12:00:32.0697 2960 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:00:32.0699 2960 mpio - ok
12:00:32.0738 2960 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:00:32.0740 2960 mpsdrv - ok
12:00:32.0782 2960 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:00:32.0791 2960 MpsSvc - ok
12:00:32.0845 2960 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:00:32.0848 2960 MRxDAV - ok
12:00:32.0880 2960 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:00:32.0883 2960 mrxsmb - ok
12:00:32.0930 2960 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:00:32.0933 2960 mrxsmb10 - ok
12:00:32.0947 2960 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:00:32.0949 2960 mrxsmb20 - ok
12:00:32.0977 2960 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:00:32.0979 2960 msahci - ok
12:00:33.0039 2960 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:00:33.0042 2960 msdsm - ok
12:00:33.0065 2960 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:00:33.0068 2960 MSDTC - ok
12:00:33.0110 2960 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:00:33.0111 2960 Msfs - ok
12:00:33.0122 2960 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:00:33.0123 2960 mshidkmdf - ok
12:00:33.0184 2960 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:00:33.0186 2960 msisadrv - ok
12:00:33.0216 2960 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:00:33.0218 2960 MSiSCSI - ok
12:00:33.0225 2960 msiserver - ok
12:00:33.0238 2960 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:00:33.0239 2960 MSKSSRV - ok
12:00:33.0288 2960 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:00:33.0289 2960 MSPCLOCK - ok
12:00:33.0333 2960 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:00:33.0334 2960 MSPQM - ok
12:00:33.0388 2960 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:00:33.0392 2960 MsRPC - ok
12:00:33.0441 2960 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:00:33.0441 2960 mssmbios - ok
12:00:33.0483 2960 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:00:33.0484 2960 MSTEE - ok
12:00:33.0535 2960 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:00:33.0537 2960 MTConfig - ok
12:00:33.0572 2960 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:00:33.0573 2960 Mup - ok
12:00:33.0639 2960 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:00:33.0645 2960 napagent - ok
12:00:33.0675 2960 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:00:33.0678 2960 NativeWifiP - ok
12:00:33.0794 2960 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120325.018\ENG64.SYS
12:00:33.0797 2960 NAVENG - ok
12:00:33.0839 2960 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120325.018\EX64.SYS
12:00:33.0860 2960 NAVEX15 - ok
12:00:33.0961 2960 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:00:33.0970 2960 NDIS - ok
12:00:33.0995 2960 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:00:33.0996 2960 NdisCap - ok
12:00:34.0022 2960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:00:34.0023 2960 NdisTapi - ok
12:00:34.0101 2960 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:00:34.0103 2960 Ndisuio - ok
12:00:34.0134 2960 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:00:34.0136 2960 NdisWan - ok
12:00:34.0176 2960 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:00:34.0177 2960 NDProxy - ok
12:00:34.0196 2960 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:00:34.0198 2960 NetBIOS - ok
12:00:34.0284 2960 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:00:34.0288 2960 NetBT - ok
12:00:34.0312 2960 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:00:34.0313 2960 Netlogon - ok
12:00:34.0345 2960 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:00:34.0350 2960 Netman - ok
12:00:34.0412 2960 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:00:34.0418 2960 netprofm - ok
12:00:34.0449 2960 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:00:34.0451 2960 NetTcpPortSharing - ok
12:00:34.0482 2960 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:00:34.0483 2960 nfrd960 - ok
12:00:34.0556 2960 NIS (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
12:00:34.0557 2960 NIS - ok
12:00:34.0635 2960 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:00:34.0639 2960 NlaSvc - ok
12:00:34.0702 2960 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
12:00:34.0709 2960 nmservice - ok
12:00:34.0729 2960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:00:34.0731 2960 Npfs - ok
12:00:34.0791 2960 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:00:34.0793 2960 nsi - ok
12:00:34.0807 2960 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:00:34.0808 2960 nsiproxy - ok
12:00:34.0877 2960 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:00:34.0895 2960 Ntfs - ok
12:00:34.0953 2960 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:00:34.0954 2960 Null - ok
12:00:34.0993 2960 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:00:34.0995 2960 nvraid - ok
12:00:35.0019 2960 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:00:35.0021 2960 nvstor - ok
12:00:35.0036 2960 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:00:35.0038 2960 nv_agp - ok
12:00:35.0075 2960 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:00:35.0077 2960 ohci1394 - ok
12:00:35.0131 2960 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:00:35.0136 2960 p2pimsvc - ok
12:00:35.0168 2960 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:00:35.0175 2960 p2psvc - ok
12:00:35.0199 2960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:00:35.0201 2960 Parport - ok
12:00:35.0235 2960 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:00:35.0237 2960 partmgr - ok
12:00:35.0289 2960 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:00:35.0292 2960 PcaSvc - ok
12:00:35.0372 2960 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
12:00:35.0377 2960 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
12:00:35.0467 2960 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:00:35.0469 2960 pci - ok
12:00:35.0501 2960 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:00:35.0502 2960 pciide - ok
12:00:35.0526 2960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:00:35.0529 2960 pcmcia - ok
12:00:35.0560 2960 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:00:35.0562 2960 pcw - ok
12:00:35.0592 2960 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:00:35.0600 2960 PEAUTH - ok
12:00:35.0660 2960 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:00:35.0662 2960 PerfHost - ok
12:00:35.0740 2960 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:00:35.0756 2960 pla - ok
12:00:35.0819 2960 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:00:35.0825 2960 PlugPlay - ok
12:00:35.0890 2960 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
12:00:35.0891 2960 pnarp - ok
12:00:35.0902 2960 PnkBstrA - ok
12:00:35.0921 2960 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:00:35.0923 2960 PNRPAutoReg - ok
12:00:35.0956 2960 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:00:35.0959 2960 PNRPsvc - ok
12:00:35.0999 2960 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:00:36.0005 2960 PolicyAgent - ok
12:00:36.0050 2960 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:00:36.0054 2960 Power - ok
12:00:36.0127 2960 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:00:36.0129 2960 PptpMiniport - ok
12:00:36.0157 2960 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:00:36.0159 2960 Processor - ok
12:00:36.0224 2960 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:00:36.0227 2960 ProfSvc - ok
12:00:36.0270 2960 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:00:36.0271 2960 ProtectedStorage - ok
12:00:36.0316 2960 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:00:36.0318 2960 Psched - ok
12:00:36.0388 2960 PSSDK42 (cd33cb6fecf65520466f95ab89cc4af5) C:\Windows\system32\Drivers\pssdk42.sys
12:00:36.0389 2960 PSSDK42 - ok
12:00:36.0435 2960 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
12:00:36.0436 2960 purendis - ok
12:00:36.0482 2960 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:00:36.0498 2960 ql2300 - ok
12:00:36.0541 2960 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:00:36.0543 2960 ql40xx - ok
12:00:36.0594 2960 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:00:36.0599 2960 QWAVE - ok
12:00:36.0628 2960 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:00:36.0630 2960 QWAVEdrv - ok
12:00:36.0642 2960 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:00:36.0643 2960 RasAcd - ok
12:00:36.0688 2960 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:00:36.0689 2960 RasAgileVpn - ok
12:00:36.0732 2960 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:00:36.0734 2960 RasAuto - ok
12:00:36.0775 2960 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:00:36.0777 2960 Rasl2tp - ok
12:00:36.0814 2960 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:00:36.0820 2960 RasMan - ok
12:00:36.0868 2960 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:00:36.0870 2960 RasPppoe - ok
12:00:36.0910 2960 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:00:36.0912 2960 RasSstp - ok
12:00:36.0949 2960 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:00:36.0953 2960 rdbss - ok
12:00:36.0977 2960 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:00:36.0979 2960 rdpbus - ok
12:00:37.0000 2960 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:00:37.0001 2960 RDPCDD - ok
12:00:37.0050 2960 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:00:37.0051 2960 RDPENCDD - ok
12:00:37.0080 2960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:00:37.0081 2960 RDPREFMP - ok
12:00:37.0098 2960 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:00:37.0101 2960 RDPWD - ok
12:00:37.0137 2960 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:00:37.0140 2960 rdyboost - ok
12:00:37.0162 2960 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:00:37.0165 2960 RemoteAccess - ok
12:00:37.0202 2960 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:00:37.0205 2960 RemoteRegistry - ok
12:00:37.0247 2960 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:00:37.0249 2960 RpcEptMapper - ok
12:00:37.0273 2960 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:00:37.0275 2960 RpcLocator - ok
12:00:37.0325 2960 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
12:00:37.0329 2960 RpcSs - ok
12:00:37.0381 2960 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:00:37.0383 2960 rspndr - ok
12:00:37.0433 2960 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:00:37.0435 2960 RTL8167 - ok
12:00:37.0473 2960 RzSynapse (d2ceff3befe9c468717b6bb7fa4a5e44) C:\Windows\system32\DRIVERS\RzSynapse.sys
12:00:37.0474 2960 RzSynapse - ok
12:00:37.0520 2960 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:00:37.0521 2960 SamSs - ok
12:00:37.0558 2960 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:00:37.0560 2960 sbp2port - ok
12:00:37.0656 2960 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
12:00:37.0668 2960 SBSDWSCService - ok
12:00:37.0734 2960 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:00:37.0737 2960 SCardSvr - ok
12:00:37.0783 2960 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:00:37.0784 2960 scfilter - ok
12:00:37.0834 2960 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:00:37.0847 2960 Schedule - ok
12:00:37.0925 2960 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:00:37.0926 2960 SCPolicySvc - ok
12:00:37.0943 2960 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:00:37.0946 2960 SDRSVC - ok
12:00:37.0976 2960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:00:37.0977 2960 secdrv - ok
12:00:37.0989 2960 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:00:37.0991 2960 seclogon - ok
12:00:38.0059 2960 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:00:38.0061 2960 SENS - ok
12:00:38.0075 2960 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:00:38.0077 2960 SensrSvc - ok
12:00:38.0098 2960 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:00:38.0099 2960 Serenum - ok
12:00:38.0127 2960 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:00:38.0129 2960 Serial - ok
12:00:38.0202 2960 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:00:38.0204 2960 sermouse - ok
12:00:38.0246 2960 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:00:38.0248 2960 SessionEnv - ok
12:00:38.0277 2960 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:00:38.0278 2960 sffdisk - ok
12:00:38.0292 2960 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:00:38.0293 2960 sffp_mmc - ok
12:00:38.0306 2960 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:00:38.0307 2960 sffp_sd - ok
12:00:38.0366 2960 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:00:38.0367 2960 sfloppy - ok
12:00:38.0404 2960 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:00:38.0409 2960 SharedAccess - ok
12:00:38.0450 2960 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:00:38.0455 2960 ShellHWDetection - ok
12:00:38.0485 2960 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:00:38.0486 2960 SiSRaid2 - ok
12:00:38.0543 2960 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:00:38.0545 2960 SiSRaid4 - ok
12:00:38.0575 2960 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:00:38.0577 2960 Smb - ok
12:00:38.0617 2960 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:00:38.0620 2960 SNMPTRAP - ok
12:00:38.0638 2960 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:00:38.0639 2960 spldr - ok
12:00:38.0721 2960 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:00:38.0727 2960 Spooler - ok
12:00:38.0815 2960 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:00:38.0851 2960 sppsvc - ok
12:00:38.0914 2960 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:00:38.0916 2960 sppuinotify - ok
12:00:38.0959 2960 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
12:00:38.0965 2960 SRTSP - ok
12:00:38.0979 2960 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
12:00:38.0980 2960 SRTSPX - ok
12:00:39.0016 2960 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:00:39.0022 2960 srv - ok
12:00:39.0075 2960 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:00:39.0080 2960 srv2 - ok
12:00:39.0102 2960 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:00:39.0104 2960 srvnet - ok
12:00:39.0138 2960 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:00:39.0141 2960 SSDPSRV - ok
12:00:39.0218 2960 SSMO3v2Filter (d1e083d50f354a1840c9df1c62437bc9) C:\Windows\system32\drivers\MO3v2Driver.sys
12:00:39.0219 2960 SSMO3v2Filter - ok
12:00:39.0227 2960 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:00:39.0230 2960 SstpSvc - ok
12:00:39.0259 2960 Steam Client Service - ok
12:00:39.0304 2960 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:00:39.0305 2960 stexstor - ok
12:00:39.0360 2960 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:00:39.0367 2960 stisvc - ok
12:00:39.0445 2960 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:00:39.0446 2960 swenum - ok
12:00:39.0477 2960 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:00:39.0484 2960 swprv - ok
12:00:39.0559 2960 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
12:00:39.0564 2960 SymDS - ok
12:00:39.0600 2960 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
12:00:39.0603 2960 SymEFA - ok
12:00:39.0633 2960 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:00:39.0635 2960 SymEvent - ok
12:00:39.0683 2960 SYMFW - ok
12:00:39.0726 2960 SymIM (f7f3deb5fdd6cea69a8d1544f7becaf1) C:\Windows\system32\DRIVERS\SymIMv.sys
12:00:39.0727 2960 SymIM - ok
12:00:39.0760 2960 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
12:00:39.0762 2960 SymIRON - ok
12:00:39.0816 2960 SYMNDISV - ok
12:00:39.0842 2960 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
12:00:39.0847 2960 SYMTDIv - ok
12:00:39.0923 2960 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:00:39.0943 2960 SysMain - ok
12:00:39.0972 2960 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:00:39.0974 2960 TabletInputService - ok
12:00:40.0018 2960 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:00:40.0023 2960 TapiSrv - ok
12:00:40.0046 2960 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:00:40.0049 2960 TBS - ok
12:00:40.0109 2960 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:00:40.0129 2960 Tcpip - ok
12:00:40.0197 2960 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:00:40.0208 2960 TCPIP6 - ok
12:00:40.0241 2960 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:00:40.0243 2960 tcpipreg - ok
12:00:40.0278 2960 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:00:40.0279 2960 TDPIPE - ok
12:00:40.0300 2960 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:00:40.0301 2960 TDTCP - ok
12:00:40.0375 2960 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:00:40.0377 2960 tdx - ok
12:00:40.0415 2960 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:00:40.0417 2960 TermDD - ok
12:00:40.0439 2960 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:00:40.0447 2960 TermService - ok
12:00:40.0463 2960 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:00:40.0465 2960 Themes - ok
12:00:40.0524 2960 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:00:40.0526 2960 THREADORDER - ok
12:00:40.0551 2960 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:00:40.0555 2960 TrkWks - ok
12:00:40.0595 2960 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:00:40.0597 2960 TrustedInstaller - ok
12:00:40.0645 2960 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:00:40.0647 2960 tssecsrv - ok
12:00:40.0739 2960 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:00:40.0740 2960 TsUsbFlt - ok
12:00:40.0782 2960 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:00:40.0784 2960 tunnel - ok
12:00:40.0811 2960 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:00:40.0812 2960 uagp35 - ok
12:00:40.0854 2960 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:00:40.0858 2960 udfs - ok
12:00:40.0927 2960 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:00:40.0930 2960 UI0Detect - ok
12:00:40.0966 2960 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:00:40.0968 2960 uliagpkx - ok
12:00:41.0011 2960 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:00:41.0013 2960 umbus - ok
12:00:41.0035 2960 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:00:41.0037 2960 UmPass - ok
12:00:41.0102 2960 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:00:41.0108 2960 upnphost - ok
12:00:41.0148 2960 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:00:41.0149 2960 USBAAPL64 - ok
12:00:41.0187 2960 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:00:41.0189 2960 usbccgp - ok
12:00:41.0272 2960 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:00:41.0275 2960 usbcir - ok
12:00:41.0303 2960 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:00:41.0305 2960 usbehci - ok
12:00:41.0358 2960 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:00:41.0362 2960 usbhub - ok
12:00:41.0435 2960 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:00:41.0437 2960 usbohci - ok
12:00:41.0471 2960 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:00:41.0472 2960 usbprint - ok
12:00:41.0492 2960 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:00:41.0494 2960 USBSTOR - ok
12:00:41.0522 2960 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:00:41.0523 2960 usbuhci - ok
12:00:41.0596 2960 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
12:00:41.0597 2960 usb_rndisx - ok
12:00:41.0617 2960 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:00:41.0620 2960 UxSms - ok
12:00:41.0636 2960 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:00:41.0638 2960 VaultSvc - ok
12:00:41.0685 2960 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:00:41.0686 2960 vdrvroot - ok
12:00:41.0772 2960 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:00:41.0780 2960 vds - ok
12:00:41.0809 2960 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:00:41.0810 2960 vga - ok
12:00:41.0828 2960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:00:41.0830 2960 VgaSave - ok
12:00:41.0865 2960 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:00:41.0868 2960 vhdmp - ok
12:00:41.0943 2960 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:00:41.0945 2960 viaide - ok
12:00:41.0998 2960 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:00:41.0999 2960 volmgr - ok
12:00:42.0035 2960 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:00:42.0040 2960 volmgrx - ok
12:00:42.0072 2960 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:00:42.0076 2960 volsnap - ok
12:00:42.0149 2960 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:00:42.0151 2960 vsmraid - ok
12:00:42.0209 2960 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:00:42.0226 2960 VSS - ok
12:00:42.0242 2960 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:00:42.0243 2960 vwifibus - ok
12:00:42.0301 2960 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:00:42.0303 2960 vwififlt - ok
12:00:42.0320 2960 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:00:42.0321 2960 vwifimp - ok
12:00:42.0346 2960 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:00:42.0352 2960 W32Time - ok
12:00:42.0379 2960 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:00:42.0380 2960 WacomPen - ok
12:00:42.0471 2960 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:00:42.0473 2960 WANARP - ok
12:00:42.0477 2960 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:00:42.0478 2960 Wanarpv6 - ok
12:00:42.0543 2960 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:00:42.0551 2960 WatAdminSvc - ok
12:00:42.0649 2960 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:00:42.0667 2960 wbengine - ok
12:00:42.0684 2960 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:00:42.0687 2960 WbioSrvc - ok
12:00:42.0719 2960 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:00:42.0724 2960 wcncsvc - ok
12:00:42.0740 2960 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:00:42.0743 2960 WcsPlugInService - ok
12:00:42.0811 2960 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:00:42.0812 2960 Wd - ok
12:00:42.0845 2960 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:00:42.0852 2960 Wdf01000 - ok
12:00:42.0875 2960 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:00:42.0878 2960 WdiServiceHost - ok
12:00:42.0883 2960 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:00:42.0885 2960 WdiSystemHost - ok
12:00:42.0927 2960 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:00:42.0931 2960 WebClient - ok
12:00:42.0986 2960 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:00:42.0990 2960 Wecsvc - ok
12:00:43.0003 2960 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:00:43.0006 2960 wercplsupport - ok
12:00:43.0037 2960 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:00:43.0040 2960 WerSvc - ok
12:00:43.0076 2960 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:00:43.0077 2960 WfpLwf - ok
12:00:43.0135 2960 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:00:43.0136 2960 WIMMount - ok
12:00:43.0159 2960 WinDefend - ok
12:00:43.0165 2960 WinHttpAutoProxySvc - ok
12:00:43.0214 2960 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:00:43.0217 2960 Winmgmt - ok
12:00:43.0320 2960 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:00:43.0342 2960 WinRM - ok
12:00:43.0407 2960 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:00:43.0408 2960 winusb - ok
12:00:43.0480 2960 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:00:43.0490 2960 Wlansvc - ok
12:00:43.0538 2960 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:00:43.0540 2960 wlcrasvc - ok
12:00:43.0624 2960 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:00:43.0647 2960 wlidsvc - ok
12:00:43.0721 2960 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:00:43.0723 2960 WmiAcpi - ok
12:00:43.0771 2960 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:00:43.0774 2960 wmiApSrv - ok
12:00:43.0809 2960 WMPNetworkSvc - ok
12:00:43.0869 2960 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:00:43.0872 2960 WPCSvc - ok
12:00:43.0911 2960 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:00:43.0914 2960 WPDBusEnum - ok
12:00:43.0942 2960 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:00:43.0944 2960 ws2ifsl - ok
12:00:43.0962 2960 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:00:43.0965 2960 wscsvc - ok
12:00:44.0017 2960 WSearch - ok
12:00:44.0091 2960 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:00:44.0117 2960 wuauserv - ok
12:00:44.0161 2960 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:00:44.0181 2960 WudfPf - ok
12:00:44.0258 2960 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:00:44.0261 2960 WUDFRd - ok
12:00:44.0301 2960 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:00:44.0304 2960 wudfsvc - ok
12:00:44.0332 2960 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:00:44.0334 2960 WwanSvc - ok
12:00:44.0349 2960 MBR (0x1B8) (97c4241adcb2e49b23d35d9ba3da370c) \Device\Harddisk0\DR0
12:00:44.0543 2960 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:00:44.0544 2960 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:00:44.0547 2960 Boot (0x1200) (d6f7a9b5b9efc3a60f637bd61806edc8) \Device\Harddisk0\DR0\Partition0
12:00:44.0548 2960 \Device\Harddisk0\DR0\Partition0 - ok
12:00:44.0578 2960 Boot (0x1200) (d53efde084897c5098f255ab1f9c1455) \Device\Harddisk0\DR0\Partition1
12:00:44.0579 2960 \Device\Harddisk0\DR0\Partition1 - ok
12:00:44.0615 2960 Boot (0x1200) (e20307073b79529e116cd240b7831ffb) \Device\Harddisk0\DR0\Partition2
12:00:44.0616 2960 \Device\Harddisk0\DR0\Partition2 - ok
12:00:44.0617 2960 ============================================================
12:00:44.0617 2960 Scan finished
12:00:44.0617 2960 ============================================================
12:00:44.0631 5172 Detected object count: 1
12:00:44.0631 5172 Actual detected object count: 1
12:00:52.0759 5172 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:00:52.0843 5172 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
12:00:52.0905 5172 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:00:52.0916 5172 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
12:00:52.0978 5172 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:00:53.0055 5172 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:00:53.0065 5172 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:00:53.0069 5172 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:00:53.0111 5172 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
12:00:53.0130 5172 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:00:53.0134 5172 \Device\Harddisk0\DR0\TDLFS\ubxw - copied to quarantine
12:00:53.0151 5172 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:00:53.0185 5172 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:00:53.0192 5172 \Device\Harddisk0\DR0\TDLFS - deleted
12:00:53.0192 5172 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
12:01:44.0476 4784 Deinitialize success

#12 tarreg01

tarreg01
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 27 March 2012 - 07:03 AM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Travis :: TRAVIS-PC [administrator]

3/27/2012 7:53:08 AM
mbam-log-2012-03-27 (07-53-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219459
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\hdpkf.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

(end)

#13 tarreg01

tarreg01
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 27 March 2012 - 02:21 PM

C:\TDSSKiller_Quarantine\26.03.2012_11.59.54\tdlfs0000\tsk0006.dta Win64/Olmarik.AG trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T14M9YXB\google[1].htm JS/Kryptik.KP.Gen trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T14M9YXB\google[1].htm JS/Kryptik.KP.Gen trojan

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:37 PM

Posted 27 March 2012 - 05:20 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T14M9YXB\google[1].htm 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T14M9YXB\google[1].htm 


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 31
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT


Please advise how your computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 tarreg01

tarreg01
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 27 March 2012 - 06:27 PM

So it is worth noting, that I had no security software showing in the system tray. I went into the task manager and disabled norton and ad aware. The log I am about to post seems to imply that they were still running. Not sure what to do. Also, and I suspect this is a problem...I am unable to update adobe or JRE. The links supplied do not work. I suspect is a redirect/sypmtom.

ComboFix 12-03-27.03 - Travis 03/27/2012 18:43:22.3.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.7428 [GMT -4:00]
Running from: c:\users\Travis\Desktop\ComboFix.exe
Command switches used :: c:\users\Travis\Desktop\cfscript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T14M9YXB\google[1].htm"
"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T14M9YXB\google[1].htm"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T14M9YXB\google[1].htm
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 22:52 . 2012-03-27 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-22 18:01 . 2012-03-22 18:01 -------- d-----w- c:\program files (x86)\ESET
2012-03-22 13:08 . 2012-03-22 13:08 -------- d-----w- C:\_OTL
2012-03-22 11:50 . 2012-03-27 19:21 12464 ----a-w- c:\windows\SysWow64\drivers\SECDRV.SYS
2012-03-22 10:59 . 2012-03-22 11:00 -------- d-----w- c:\users\test admin
2012-03-22 08:23 . 2012-03-22 00:24 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-22 00:34 . 2012-03-22 00:24 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-22 00:26 . 2012-03-22 00:26 388096 ----a-r- c:\users\Travis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-22 00:26 . 2012-03-22 00:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-22 00:24 . 2012-03-22 00:28 -------- d-----w- c:\users\Travis\AppData\Local\adawarebp
2012-03-22 00:23 . 2012-03-26 16:38 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-03-22 00:23 . 2012-03-22 00:23 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-03-22 00:23 . 2012-03-22 00:23 -------- d-----w- c:\program files (x86)\adawaretb
2012-03-22 00:23 . 2012-03-20 17:41 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-22 00:23 . 2012-03-22 00:23 -------- d-----w- c:\programdata\Lavasoft
2012-03-22 00:23 . 2012-03-22 00:23 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-22 00:10 . 2012-03-22 00:10 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-22 00:10 . 2012-03-22 00:10 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-21 03:01 . 2012-03-21 03:01 -------- d-----w- c:\programdata\ATI
2012-03-21 02:58 . 2012-03-21 03:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-21 02:58 . 2012-03-21 02:59 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-21 02:55 . 2012-03-21 02:55 -------- d-----w- c:\programdata\AMD
2012-03-21 02:55 . 2012-03-21 02:55 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-21 02:55 . 2012-03-21 02:55 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-21 02:43 . 2012-03-21 02:43 -------- d-----w- C:\AMD
2012-03-21 02:37 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-21 02:37 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-21 02:37 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-21 02:30 . 2012-03-26 16:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-21 00:44 . 2012-03-21 00:44 -------- d-----w- c:\users\Travis\AppData\Roaming\Malwarebytes
2012-03-21 00:44 . 2012-03-21 01:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-21 00:44 . 2012-03-21 00:44 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 00:44 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:11 . 2012-03-21 00:11 -------- d-----w- C:\bcfc72ca03d941dc4215a618a1
2012-03-21 00:11 . 2012-03-21 00:11 -------- d-----w- C:\a1bd0fb052432ed4669e
2012-03-20 12:48 . 2012-03-20 12:48 -------- d-----w- c:\windows\system32\MpEngineStore
2012-03-20 12:47 . 2012-03-20 15:09 -------- d-----w- C:\3ed8943729bfa6b0d7ce1b9872e83e
2012-03-19 12:11 . 2010-05-06 04:01 53808 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-03-14 16:57 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 16:57 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 16:57 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 11:11 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:11 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:11 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:11 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:11 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 11:11 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:11 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-08 23:34 . 2012-03-08 23:34 -------- d-----w- c:\program files\iPod
2012-03-08 23:33 . 2012-03-08 23:35 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 02:38 . 2011-07-07 11:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2010-04-20 21:01 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2010-02-03 04:22 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2010-09-08 06:52 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2009-08-31 19:26 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2010-09-08 06:28 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2009-08-31 19:26 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2009-08-31 19:26 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2010-09-08 06:22 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-02-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2011-10-26 01:22 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-09-08 06:14 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2010-09-08 06:14 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2010-09-08 06:14 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-15 02:05 . 2012-02-15 02:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 02:05 . 2012-02-15 02:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 02:05 . 2012-02-15 02:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 02:05 . 2012-02-15 02:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 02:05 . 2012-02-15 02:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 02:04 . 2012-02-15 02:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 02:03 . 2012-02-15 02:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 02:03 . 2012-02-15 02:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-01 01:01 . 2012-02-01 01:01 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-31 10:02 . 2012-01-31 10:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 10:00 . 2012-01-31 10:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-04 10:44 . 2012-02-16 02:31 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 02:31 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 02:31 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 02:31 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2001-09-28 22:00 . 2010-01-29 01:25 164864 ----a-w- c:\program files (x86)\UNWISE.EXE
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-24_20.23.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-31 18:46 . 2012-03-27 22:56 66962 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-27 22:56 30318 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-06 00:58 . 2012-03-27 22:56 22074 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1390726574-1558118168-470798459-1001_UserData.bin
- 2009-12-05 18:49 . 2012-03-22 13:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 18:49 . 2012-03-26 14:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-22 13:17 . 2012-03-26 14:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-22 13:17 . 2012-03-22 13:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-22 13:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-26 14:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-24 20:21 . 2012-03-24 20:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-27 22:54 . 2012-03-27 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-24 20:21 . 2012-03-24 20:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-27 22:54 . 2012-03-27 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-03-27 22:54 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-24 20:21 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 23:34 . 2012-03-26 18:06 411196 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 05:01 . 2012-03-27 22:30 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-24 19:54 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-03-24 20:21 5931008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-27 22:54 5931008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-16 08:26 . 2012-03-27 22:30 4967920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-16 08:26 . 2012-03-24 19:55 4967920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 04:54 . 2012-03-27 22:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-24 20:21 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-06 00:55 . 2012-03-27 22:30 24157248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1390726574-1558118168-470798459-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-11 1242448]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-03-10 385024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShaPlus Bandwidth Meter"="c:\program files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" [X]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"NetWorx"="c:\program files (x86)\NetWorx\networx.exe" [2010-01-25 2892288]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse"="c:\program files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe" [2010-12-23 1987072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-02-28 198032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adawarebp"="reg.exe delete HKCU\Software\AppDataLow\Software\adawarebp" [X]
"adawarebp_XP"="reg.exe delete HKCU\Software\adawarebp" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/10/27 21:15;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-22 17152]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-06-10 23536]
R3 RzSynapse;Razer Naga Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120324.004\IDSvia64.sys [2012-03-06 488568]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-22 2152152]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-05-01 2560]
S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-07 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-21 c:\windows\Tasks\HPCeeScheduleForTravis.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-02-29 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=1_0&u=0F63BFA6AB623D0867FF544F6A711432
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\j1fmjcb3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1678857&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://drudgereport.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390726574-1558118168-470798459-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1390726574-1558118168-470798459-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1390726574-1558118168-470798459-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:67,6f,53,46,28,97,d2,3a,39,67,f6,99,47,b8,25,b0,04,5c,26,87,a1,5c,2f,
9f,4c,2e,b6,b2,40,a4,5b,a3,c8,a0,89,fd,bc,86,e1,50,12,84,fb,98,79,49,ec,af,\
"??"=hex:4a,72,cc,36,c2,36,47,bb,97,c7,9d,de,ff,5a,c2,15
.
[HKEY_USERS\S-1-5-21-1390726574-1558118168-470798459-1001\Software\SecuROM\License information*]
"datasecu"=hex:9f,b5,bf,8d,d0,ef,76,b8,e8,b1,40,7c,bf,eb,97,6a,19,a8,40,b5,9d,
5f,60,51,d3,de,9b,5c,34,02,54,24,3f,ef,1f,70,c6,28,f0,bb,24,31,5b,ef,02,b0,\
"rkeysecu"=hex:9d,64,f9,67,ca,0c,b3,6e,5d,9c,65,6b,69,ab,e1,3c
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\C86C7C0BEFF8CAE2B445F63B38B4A204]
"1"=hex:27,43,26,b3,e6,bd,3b,ee,e1,dc,ed,32,12,24,84,b4,4f,6f,ee,a0,59,e3,64,
0c,09,0e,69,20,36,0b,13,fc
"2"=hex:ff,46,a9,cd,53,d2,ef,98
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,22,9f,6b,c5,83,ff,ec,
50,c6,58,71,7d,25,ed,f0,d4,42,00,04,86,b9,87,77,63
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\java.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-03-27 19:02:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 23:02
ComboFix2.txt 2012-03-26 16:30
ComboFix3.txt 2012-03-24 20:31
.
Pre-Run: 633,833,668,608 bytes free
Post-Run: 633,742,917,632 bytes free
.
- - End Of File - - B06655A06B7DEA9DA697B91B703C5606




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users