Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect infomash malware/virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 ParkGord

ParkGord

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 23 June 2012 - 09:44 AM

Since last wek, I keep on getting redirected to other websites including infomash. I am using Internet Explorer and running Windows 7 Professional. I have tried several malawre programs but none have fixed the problem. Please help. I posted my DDS log below and also attached the Attach.txt file. Thank you for yoru help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by PGordon at 10:09:49 on 2012-06-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6092.3699 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Users\pgordon\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Defrag.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File
TB: {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Google Update] "C:\Users\pgordon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EPSON88DEAA] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S627C.tmp" /EF "HKCU"
uRun: [MusicManager] "C:\Users\pgordon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
uRun: [EPSON NX510 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SB0EA.tmp" /EF "HKCU"
uRun: [ExtractNow] rundll32.exe "C:\Users\pgordon\AppData\Local\Google\ExtractNow\dqzev.dll",CreateInstance
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7A80BA66-DC12-4618-86C2-7BBCC39C3236} : DhcpNameServer = 192.168.0.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO-X64: Advertising Cookie Opt-out - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File
TB-X64: {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 c2scsi64;c2scsi64;C:\Windows\system32\DRIVERS\c2scsi64.sys --> C:\Windows\system32\DRIVERS\c2scsi64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-12-3 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-3 13336]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-3 1692480]
R2 SlingAgentService;SlingAgentService;C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-3 94024]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-12-6 1775344]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-3 2656280]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\system32\drivers\btmaud.sys --> C:\Windows\system32\drivers\btmaud.sys [?]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-13 138360]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 tihub3;TI USB3 Hub Service;C:\Windows\system32\DRIVERS\tihub3.sys --> C:\Windows\system32\DRIVERS\tihub3.sys [?]
R3 tixhci;TI XHCI Service;C:\Windows\system32\DRIVERS\tixhci.sys --> C:\Windows\system32\DRIVERS\tixhci.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-6 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 253600]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-6 136176]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-23 14:00:32 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFB9A8C9-99FB-4A61-A588-334D062863A4}\offreg.dll
2012-06-23 13:53:28 -------- d-----w- C:\ProgramData\GFI Software
2012-06-23 13:22:33 -------- d-----w- C:\Users\pgordon\AppData\Roaming\SUPERAntiSpyware.com
2012-06-23 13:22:10 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-23 13:22:10 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-23 13:16:22 -------- d-----w- C:\ProgramData\HitmanPro
2012-06-23 13:15:14 -------- d-----w- C:\Program Files (x86)\Hitman Pro 3.5
2012-06-23 12:46:46 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2012-06-23 12:46:26 -------- d-----w- C:\Users\pgordon\AppData\Roaming\Systweak
2012-06-23 12:46:25 18832 ----a-w- C:\Windows\System32\roboot64.exe
2012-06-23 12:45:41 -------- d--h--w- C:\ProgramData\Common Files
2012-06-23 12:44:05 388096 ----a-r- C:\Users\pgordon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-23 12:44:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-23 11:53:07 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFB9A8C9-99FB-4A61-A588-334D062863A4}\mpengine.dll
2012-06-22 02:18:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-22 02:18:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-22 01:09:57 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-21 21:54:03 -------- d-----w- C:\ProgramData\AVAST Software
2012-06-21 21:54:03 -------- d-----w- C:\Program Files\AVAST Software
2012-06-21 00:17:21 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{254A7CE3-EB1E-4A19-8979-BBD1A86EEF13}\gapaengine.dll
2012-06-21 00:15:10 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-21 00:15:07 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-19 22:31:00 -------- d-----w- C:\Users\pgordon\AppData\Roaming\WinPatrol
2012-06-18 21:30:39 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-18 21:30:20 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-18 21:30:00 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-18 21:30:00 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-17 23:05:38 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-06-17 23:05:35 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-06-17 23:03:30 -------- d-----w- C:\Program Files (x86)\Plex
2012-06-15 00:47:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-06-15 00:47:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-06-08 10:58:15 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-06-08 10:58:12 -------- d-----w- C:\Users\pgordon\AppData\Roaming\DAEMON Tools Lite
2012-06-08 10:58:10 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-06-08 10:57:01 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-06-08 10:55:44 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-06-08 10:55:39 -------- d-----w- C:\ProgramData\Tarma Installer
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-13 02:35:27 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 02:35:27 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 10:10:26.47 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 23 June 2012 - 11:23 PM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Symantec Endpoint Protection
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ParkGord

ParkGord
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 25 June 2012 - 09:47 PM

Thank you for your help. I removed the extra anti-virus software as you instructed and I also ran the security check. The results are below. I am still getting redirected to other websietes when I click on google search results. Please help.

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 24
Java™ 6 Update 27
Java version out of Date!
Adobe Reader X (10.1.2)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 25 June 2012 - 10:20 PM

please run combofix as instructed in my last post


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 27 June 2012 - 11:31 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 01 July 2012 - 12:02 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ParkGord

ParkGord
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 02 July 2012 - 11:09 AM

Thanks for your help so far. I ran combofix. It removed a few suspicious files and my computer seems to be all better now.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 02 July 2012 - 09:22 PM

Hello

that is just a small part of the fix so please send me the report from combofix so we can get this computer cleaned up

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt

  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ParkGord

ParkGord
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 04 July 2012 - 08:14 PM

Thanks again for your help. Here is the ComboFix log...

ComboFix 12-06-26.01 - PGordon 06/26/2012 11:38:39.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6092.4077 [GMT -4:00]
Running from: c:\users\pgordon\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\430266g8g434x342c241p4vjs8y0
c:\programdata\4a84036088yxr260
c:\programdata\Roaming
c:\users\pgordon\AppData\Local\Google\ExtractNow\dqzev.dll
c:\users\TEMP\prf8229.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-26 15:43 . 2012-06-26 15:43 -------- d-----w- c:\users\tnucifore\AppData\Local\temp
2012-06-23 13:53 . 2012-06-23 13:53 -------- d-----w- c:\programdata\GFI Software
2012-06-23 13:16 . 2012-06-23 13:19 -------- d-----w- c:\programdata\HitmanPro
2012-06-23 13:15 . 2012-06-23 13:15 -------- d-----w- c:\program files (x86)\Hitman Pro 3.5
2012-06-23 12:46 . 2008-11-21 04:08 16896 ----a-w- c:\windows\system32\sasnative64.exe
2012-06-23 12:46 . 2012-06-23 12:53 -------- d-----w- c:\users\pgordon\AppData\Roaming\Systweak
2012-06-23 12:46 . 2012-06-05 17:34 18832 ----a-w- c:\windows\system32\roboot64.exe
2012-06-23 12:45 . 2012-06-23 12:45 -------- d--h--w- c:\programdata\Common Files
2012-06-22 02:18 . 2012-06-25 22:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-22 02:18 . 2012-06-25 22:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-21 21:56 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-21 21:54 . 2012-06-22 00:57 -------- d-----w- c:\programdata\AVAST Software
2012-06-21 21:54 . 2012-06-21 21:55 -------- d-----w- c:\program files\AVAST Software
2012-06-19 22:31 . 2012-06-19 22:31 -------- d-----w- c:\users\pgordon\AppData\Roaming\WinPatrol
2012-06-18 21:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-18 21:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-18 21:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-18 21:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-18 21:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-18 21:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-18 21:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-18 21:30 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 21:30 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 23:05 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-06-17 23:05 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-06-17 23:03 . 2012-06-18 21:21 -------- d-----w- c:\program files (x86)\Plex
2012-06-15 00:47 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-15 00:47 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-08 10:58 . 2012-06-08 10:58 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-08 10:58 . 2012-06-08 10:59 -------- d-----w- c:\users\pgordon\AppData\Roaming\DAEMON Tools Lite
2012-06-08 10:58 . 2012-06-08 10:58 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-06-08 10:57 . 2012-06-08 10:57 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-06-08 10:55 . 2012-06-22 02:25 -------- d-----w- c:\program files (x86)\Yontoo
2012-06-08 10:55 . 2012-06-08 10:55 -------- d-----w- c:\programdata\Tarma Installer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 02:35 . 2012-04-13 02:35 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 02:35 . 2011-12-04 00:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-12-28 02:09 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-12 22:29 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\pgordon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-12-06 115560]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515967899-1500820517-682003330-1120\Scripts\Logon\0\0]
"Script"=logonscript.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515967899-1500820517-682003330-1153\Scripts\Logon\0\0]
"Script"=logonscript.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-06 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253600]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-06 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 c2scsi64;c2scsi64;c:\windows\system32\DRIVERS\c2scsi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-04 94024]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-23 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-13 138360]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 02:35]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-06 23:19]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-06 23:19]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1500820517-682003330-1153Core.job
- c:\users\pgordon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 00:00]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1500820517-682003330-1153UA.job
- c:\users\pgordon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 00:00]
.
2012-06-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2012-06-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-06-14 7233640]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-14 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-14 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-02-11 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-07-15 6517104]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.10.10
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-SPMTray - c:\program files (x86)\PC Speed Maximizer\SPMTray.exe
Wow6432Node-HKCU-Run-ExtractNow - c:\users\pgordon\AppData\Local\Google\ExtractNow\dqzev.dll
Wow6432Node-HKLM-Run-WinPatrol - c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
WebBrowser-{66BD2442-241B-44CD-8C7A-B51037053CDB} - (no file)
WebBrowser-{124D001A-BDCB-472F-AA59-BBE7E4BC3204} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Advanced System Protector_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-26 11:45:20
ComboFix-quarantined-files.txt 2012-06-26 15:45
.
Pre-Run: 291,529,703,424 bytes free
Post-Run: 291,599,179,776 bytes free
.
- - End Of File - - AD39254C81B6491AEB328547AABF39B3

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 04 July 2012 - 08:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ParkGord

ParkGord
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 05 July 2012 - 08:21 PM

Below is the Kaspersky Log. No Threats were found.

21:14:37.0539 7184 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
21:14:37.0814 7184 ============================================================
21:14:37.0814 7184 Current date / time: 2012/07/05 21:14:37.0814
21:14:37.0814 7184 SystemInfo:
21:14:37.0814 7184
21:14:37.0814 7184 OS Version: 6.1.7601 ServicePack: 1.0
21:14:37.0814 7184 Product type: Workstation
21:14:37.0814 7184 ComputerName: PGORDON-PC
21:14:37.0814 7184 UserName: PGordon
21:14:37.0814 7184 Windows directory: C:\Windows
21:14:37.0814 7184 System windows directory: C:\Windows
21:14:37.0814 7184 Running under WOW64
21:14:37.0814 7184 Processor architecture: Intel x64
21:14:37.0814 7184 Number of processors: 4
21:14:37.0814 7184 Page size: 0x1000
21:14:37.0814 7184 Boot type: Normal boot
21:14:37.0814 7184 ============================================================
21:14:40.0725 7184 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:14:40.0781 7184 ============================================================
21:14:40.0781 7184 \Device\Harddisk0\DR0:
21:14:40.0793 7184 MBR partitions:
21:14:40.0793 7184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A80000
21:14:40.0793 7184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A94000, BlocksNum 0x388F0000
21:14:40.0793 7184 ============================================================
21:14:40.0884 7184 C: <-> \Device\Harddisk0\DR0\Partition1
21:14:40.0884 7184 ============================================================
21:14:40.0884 7184 Initialize success
21:14:40.0884 7184 ============================================================
21:14:42.0713 5644 ============================================================
21:14:42.0713 5644 Scan started
21:14:42.0713 5644 Mode: Manual;
21:14:42.0713 5644 ============================================================
21:17:23.0093 8080 ============================================================
21:17:23.0093 8080 Scan started
21:17:23.0093 8080 Mode: Manual;
21:17:23.0093 8080 ============================================================
21:17:23.0432 8080 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:17:23.0454 8080 1394ohci - ok
21:17:23.0486 8080 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
21:17:23.0509 8080 Acceler - ok
21:17:23.0561 8080 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:17:23.0569 8080 ACPI - ok
21:17:23.0596 8080 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:17:23.0605 8080 AcpiPmi - ok
21:17:23.0707 8080 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:17:23.0709 8080 AdobeARMservice - ok
21:17:23.0818 8080 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:17:23.0824 8080 AdobeFlashPlayerUpdateSvc - ok
21:17:23.0891 8080 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:17:23.0932 8080 adp94xx - ok
21:17:24.0001 8080 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:17:24.0050 8080 adpahci - ok
21:17:24.0071 8080 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:17:24.0085 8080 adpu320 - ok
21:17:24.0118 8080 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:17:24.0119 8080 AeLookupSvc - ok
21:17:24.0195 8080 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:17:24.0198 8080 AERTFilters - ok
21:17:24.0257 8080 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:17:24.0261 8080 AFD - ok
21:17:24.0293 8080 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:17:24.0321 8080 agp440 - ok
21:17:24.0337 8080 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:17:24.0338 8080 ALG - ok
21:17:24.0367 8080 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:17:24.0377 8080 aliide - ok
21:17:24.0386 8080 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:17:24.0397 8080 amdide - ok
21:17:24.0411 8080 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:17:24.0426 8080 AmdK8 - ok
21:17:24.0453 8080 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:17:24.0465 8080 AmdPPM - ok
21:17:24.0497 8080 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:17:24.0527 8080 amdsata - ok
21:17:24.0555 8080 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:17:24.0587 8080 amdsbs - ok
21:17:24.0606 8080 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:17:24.0607 8080 amdxata - ok
21:17:24.0637 8080 AMPPAL (3bc90482a834f998c3b7a9c934a20342) C:\Windows\system32\DRIVERS\AMPPAL.sys
21:17:24.0658 8080 AMPPAL - ok
21:17:24.0661 8080 AMPPALP (3bc90482a834f998c3b7a9c934a20342) C:\Windows\system32\DRIVERS\amppal.sys
21:17:24.0663 8080 AMPPALP - ok
21:17:24.0775 8080 AMPPALR3 (a47d7febd9381d34ddb4ff38b15a67fe) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
21:17:24.0785 8080 AMPPALR3 - ok
21:17:24.0912 8080 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:17:24.0945 8080 AppID - ok
21:17:24.0978 8080 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:17:24.0994 8080 AppIDSvc - ok
21:17:25.0020 8080 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:17:25.0021 8080 Appinfo - ok
21:17:25.0105 8080 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:17:25.0108 8080 Apple Mobile Device - ok
21:17:25.0179 8080 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:17:25.0203 8080 AppMgmt - ok
21:17:25.0240 8080 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:17:25.0275 8080 arc - ok
21:17:25.0291 8080 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:17:25.0306 8080 arcsas - ok
21:17:25.0403 8080 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:17:25.0419 8080 aspnet_state - ok
21:17:25.0450 8080 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:17:25.0465 8080 AsyncMac - ok
21:17:25.0491 8080 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:17:25.0518 8080 atapi - ok
21:17:25.0585 8080 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:17:25.0599 8080 AudioEndpointBuilder - ok
21:17:25.0609 8080 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:17:25.0612 8080 AudioSrv - ok
21:17:25.0642 8080 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:17:25.0648 8080 AxInstSV - ok
21:17:25.0704 8080 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:17:25.0729 8080 b06bdrv - ok
21:17:25.0767 8080 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:17:25.0798 8080 b57nd60a - ok
21:17:25.0830 8080 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:17:25.0841 8080 BDESVC - ok
21:17:25.0863 8080 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:17:25.0881 8080 Beep - ok
21:17:25.0941 8080 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:17:25.0955 8080 BFE - ok
21:17:26.0018 8080 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:17:26.0029 8080 BITS - ok
21:17:26.0086 8080 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:17:26.0116 8080 blbdrive - ok
21:17:26.0228 8080 Bluetooth Device Monitor (0f46d2845bd7ddaca52340ecc2b65da3) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
21:17:26.0247 8080 Bluetooth Device Monitor - ok
21:17:26.0312 8080 Bluetooth Media Service (3341de556ec28252d603277609eef8bf) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
21:17:26.0329 8080 Bluetooth Media Service - ok
21:17:26.0384 8080 Bluetooth OBEX Service (5d5c3ec9be1107dedf0feb55b7f3bd77) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
21:17:26.0396 8080 Bluetooth OBEX Service - ok
21:17:26.0464 8080 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:17:26.0473 8080 Bonjour Service - ok
21:17:26.0585 8080 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:17:26.0588 8080 bowser - ok
21:17:26.0624 8080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:17:26.0656 8080 BrFiltLo - ok
21:17:26.0674 8080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:17:26.0683 8080 BrFiltUp - ok
21:17:26.0742 8080 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:17:26.0762 8080 BridgeMP - ok
21:17:26.0799 8080 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:17:26.0801 8080 Browser - ok
21:17:26.0825 8080 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:17:26.0868 8080 Brserid - ok
21:17:26.0885 8080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:17:26.0897 8080 BrSerWdm - ok
21:17:26.0913 8080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:17:26.0922 8080 BrUsbMdm - ok
21:17:26.0932 8080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:17:26.0941 8080 BrUsbSer - ok
21:17:26.0969 8080 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
21:17:26.0995 8080 BthEnum - ok
21:17:27.0029 8080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:17:27.0062 8080 BTHMODEM - ok
21:17:27.0088 8080 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:17:27.0098 8080 BthPan - ok
21:17:27.0130 8080 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
21:17:27.0146 8080 BTHPORT - ok
21:17:27.0189 8080 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:17:27.0192 8080 bthserv - ok
21:17:27.0282 8080 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
21:17:27.0286 8080 BTHSSecurityMgr - ok
21:17:27.0302 8080 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
21:17:27.0313 8080 BTHUSB - ok
21:17:27.0358 8080 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\Windows\system32\drivers\btmaud.sys
21:17:27.0394 8080 btmaudio - ok
21:17:27.0407 8080 btmaux (ab0a33001fe7ebb209d9d52ced11be1a) C:\Windows\system32\DRIVERS\btmaux.sys
21:17:27.0417 8080 btmaux - ok
21:17:27.0434 8080 btmhsf (5ba4c6f82a5ca3307c0579d9f7b36e28) C:\Windows\system32\DRIVERS\btmhsf.sys
21:17:27.0449 8080 btmhsf - ok
21:17:27.0508 8080 c2scsi64 (59626ab5920f316bdbfdc8b47521a882) C:\Windows\system32\DRIVERS\c2scsi64.sys
21:17:27.0534 8080 c2scsi64 - ok
21:17:27.0573 8080 catchme - ok
21:17:27.0655 8080 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
21:17:27.0658 8080 ccEvtMgr - ok
21:17:27.0676 8080 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
21:17:27.0679 8080 ccSetMgr - ok
21:17:27.0722 8080 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:17:27.0742 8080 cdfs - ok
21:17:27.0768 8080 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:17:27.0781 8080 cdrom - ok
21:17:27.0817 8080 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:17:27.0823 8080 CertPropSvc - ok
21:17:27.0844 8080 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:17:27.0862 8080 circlass - ok
21:17:27.0895 8080 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:17:27.0903 8080 CLFS - ok
21:17:27.0977 8080 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:17:28.0015 8080 clr_optimization_v2.0.50727_32 - ok
21:17:28.0066 8080 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:17:28.0103 8080 clr_optimization_v2.0.50727_64 - ok
21:17:28.0167 8080 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:17:28.0197 8080 clr_optimization_v4.0.30319_32 - ok
21:17:28.0256 8080 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:17:28.0309 8080 clr_optimization_v4.0.30319_64 - ok
21:17:28.0333 8080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:17:28.0358 8080 CmBatt - ok
21:17:28.0378 8080 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:17:28.0388 8080 cmdide - ok
21:17:28.0437 8080 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:17:28.0449 8080 CNG - ok
21:17:28.0465 8080 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:17:28.0466 8080 Compbatt - ok
21:17:28.0484 8080 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:17:28.0517 8080 CompositeBus - ok
21:17:28.0530 8080 COMSysApp - ok
21:17:28.0552 8080 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:17:28.0579 8080 crcdisk - ok
21:17:28.0635 8080 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:17:28.0639 8080 CryptSvc - ok
21:17:28.0712 8080 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:17:28.0740 8080 CSC - ok
21:17:28.0773 8080 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:17:28.0788 8080 CscService - ok
21:17:28.0820 8080 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:17:28.0849 8080 CtClsFlt - ok
21:17:28.0896 8080 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:17:28.0902 8080 DcomLaunch - ok
21:17:28.0944 8080 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:17:28.0958 8080 defragsvc - ok
21:17:28.0992 8080 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:17:28.0993 8080 DfsC - ok
21:17:29.0043 8080 dg_ssudbus (6060106ce00f32f63f1a73160e46e9d2) C:\Windows\system32\DRIVERS\ssudbus.sys
21:17:29.0062 8080 dg_ssudbus - ok
21:17:29.0103 8080 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:17:29.0106 8080 Dhcp - ok
21:17:29.0122 8080 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:17:29.0124 8080 discache - ok
21:17:29.0164 8080 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:17:29.0165 8080 Disk - ok
21:17:29.0196 8080 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:17:29.0202 8080 Dnscache - ok
21:17:29.0221 8080 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:17:29.0230 8080 dot3svc - ok
21:17:29.0251 8080 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:17:29.0253 8080 DPS - ok
21:17:29.0270 8080 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:17:29.0296 8080 drmkaud - ok
21:17:29.0352 8080 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:17:29.0387 8080 dtsoftbus01 - ok
21:17:29.0431 8080 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:17:29.0455 8080 DXGKrnl - ok
21:17:29.0488 8080 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:17:29.0492 8080 EapHost - ok
21:17:29.0634 8080 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:17:29.0673 8080 ebdrv - ok
21:17:29.0769 8080 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:17:29.0788 8080 eeCtrl - ok
21:17:29.0900 8080 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:17:29.0904 8080 EFS - ok
21:17:29.0979 8080 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:17:30.0005 8080 ehRecvr - ok
21:17:30.0029 8080 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:17:30.0046 8080 ehSched - ok
21:17:30.0130 8080 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:17:30.0167 8080 elxstor - ok
21:17:30.0276 8080 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:17:30.0280 8080 EraserUtilRebootDrv - ok
21:17:30.0300 8080 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:17:30.0331 8080 ErrDev - ok
21:17:30.0394 8080 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:17:30.0403 8080 EventSystem - ok
21:17:30.0512 8080 EvtEng (b20a788579e443f768aab1a24f705d0a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:17:30.0525 8080 EvtEng - ok
21:17:30.0650 8080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:17:30.0679 8080 exfat - ok
21:17:30.0703 8080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:17:30.0708 8080 fastfat - ok
21:17:30.0775 8080 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:17:30.0789 8080 Fax - ok
21:17:30.0819 8080 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:17:30.0838 8080 fdc - ok
21:17:30.0863 8080 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:17:30.0864 8080 fdPHost - ok
21:17:30.0874 8080 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:17:30.0876 8080 FDResPub - ok
21:17:30.0896 8080 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:17:30.0899 8080 FileInfo - ok
21:17:30.0915 8080 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:17:30.0926 8080 Filetrace - ok
21:17:30.0942 8080 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:17:30.0952 8080 flpydisk - ok
21:17:30.0983 8080 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:17:30.0990 8080 FltMgr - ok
21:17:31.0050 8080 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:17:31.0065 8080 FontCache - ok
21:17:31.0150 8080 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:17:31.0153 8080 FontCache3.0.0.0 - ok
21:17:31.0191 8080 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:17:31.0207 8080 FsDepends - ok
21:17:31.0246 8080 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:17:31.0281 8080 Fs_Rec - ok
21:17:31.0317 8080 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:17:31.0318 8080 fvevol - ok
21:17:31.0355 8080 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:17:31.0393 8080 gagp30kx - ok
21:17:31.0424 8080 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:17:31.0457 8080 GEARAspiWDM - ok
21:17:31.0513 8080 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:17:31.0529 8080 gpsvc - ok
21:17:31.0631 8080 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:17:31.0634 8080 gupdate - ok
21:17:31.0665 8080 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:17:31.0668 8080 gupdatem - ok
21:17:31.0688 8080 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:17:31.0703 8080 hcw85cir - ok
21:17:31.0742 8080 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:17:31.0751 8080 HDAudBus - ok
21:17:31.0770 8080 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:17:31.0779 8080 HidBatt - ok
21:17:31.0818 8080 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:17:31.0848 8080 HidBth - ok
21:17:31.0871 8080 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:17:31.0903 8080 HidIr - ok
21:17:31.0933 8080 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:17:31.0948 8080 hidserv - ok
21:17:31.0981 8080 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:17:32.0000 8080 HidUsb - ok
21:17:32.0044 8080 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:17:32.0051 8080 hkmsvc - ok
21:17:32.0080 8080 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:17:32.0092 8080 HomeGroupListener - ok
21:17:32.0113 8080 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:17:32.0116 8080 HomeGroupProvider - ok
21:17:32.0145 8080 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:17:32.0177 8080 HpSAMD - ok
21:17:32.0242 8080 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:17:32.0256 8080 HTTP - ok
21:17:32.0271 8080 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:17:32.0271 8080 hwpolicy - ok
21:17:32.0317 8080 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:17:32.0332 8080 i8042prt - ok
21:17:32.0373 8080 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
21:17:32.0375 8080 iaStor - ok
21:17:32.0457 8080 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:17:32.0459 8080 IAStorDataMgrSvc - ok
21:17:32.0497 8080 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:17:32.0540 8080 iaStorV - ok
21:17:32.0580 8080 iBtFltCoex (806422f30df9ce8307457485779c77b7) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
21:17:32.0619 8080 iBtFltCoex - ok
21:17:32.0716 8080 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:17:32.0745 8080 idsvc - ok
21:17:33.0171 8080 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:17:33.0381 8080 igfx - ok
21:17:33.0506 8080 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:17:33.0531 8080 iirsp - ok
21:17:33.0593 8080 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:17:33.0611 8080 IKEEXT - ok
21:17:33.0639 8080 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
21:17:33.0652 8080 Impcd - ok
21:17:33.0674 8080 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
21:17:33.0686 8080 intaud_WaveExtensible - ok
21:17:33.0795 8080 IntcAzAudAddService (718a4008ee5da174400396b27509ef82) C:\Windows\system32\drivers\RTKVHD64.sys
21:17:33.0857 8080 IntcAzAudAddService - ok
21:17:33.0995 8080 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:17:34.0036 8080 IntcDAud - ok
21:17:34.0057 8080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:17:34.0090 8080 intelide - ok
21:17:34.0115 8080 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:17:34.0135 8080 intelppm - ok
21:17:34.0207 8080 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:17:34.0212 8080 IPBusEnum - ok
21:17:34.0253 8080 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:17:34.0294 8080 IpFilterDriver - ok
21:17:34.0341 8080 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:17:34.0355 8080 iphlpsvc - ok
21:17:34.0379 8080 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:17:34.0392 8080 IPMIDRV - ok
21:17:34.0413 8080 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:17:34.0427 8080 IPNAT - ok
21:17:34.0540 8080 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:17:34.0549 8080 iPod Service - ok
21:17:34.0589 8080 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:17:34.0623 8080 IRENUM - ok
21:17:34.0673 8080 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:17:34.0699 8080 isapnp - ok
21:17:34.0720 8080 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:17:34.0743 8080 iScsiPrt - ok
21:17:34.0769 8080 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
21:17:34.0781 8080 iwdbus - ok
21:17:34.0802 8080 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:17:34.0814 8080 kbdclass - ok
21:17:34.0834 8080 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:17:34.0844 8080 kbdhid - ok
21:17:34.0876 8080 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:17:34.0879 8080 KeyIso - ok
21:17:34.0898 8080 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:17:34.0902 8080 KSecDD - ok
21:17:34.0921 8080 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:17:34.0923 8080 KSecPkg - ok
21:17:34.0938 8080 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:17:34.0966 8080 ksthunk - ok
21:17:35.0005 8080 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:17:35.0028 8080 KtmRm - ok
21:17:35.0053 8080 L1C (173666119d217e3739205c169e2bf0e5) C:\Windows\system32\DRIVERS\L1C62x64.sys
21:17:35.0087 8080 L1C - ok
21:17:35.0118 8080 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:17:35.0126 8080 LanmanServer - ok
21:17:35.0161 8080 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:17:35.0167 8080 LanmanWorkstation - ok
21:17:35.0359 8080 LiveUpdate (e34152d03caaaaa81dd66d803f392522) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:17:35.0373 8080 LiveUpdate - ok
21:17:35.0506 8080 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:17:35.0516 8080 lltdio - ok
21:17:35.0556 8080 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:17:35.0571 8080 lltdsvc - ok
21:17:35.0592 8080 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:17:35.0593 8080 lmhosts - ok
21:17:35.0685 8080 LMS (1584deeae5aa0e3fb045f3d0eac585ea) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:17:35.0693 8080 LMS - ok
21:17:35.0750 8080 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:17:35.0778 8080 LSI_FC - ok
21:17:35.0796 8080 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:17:35.0807 8080 LSI_SAS - ok
21:17:35.0822 8080 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:17:35.0838 8080 LSI_SAS2 - ok
21:17:35.0855 8080 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:17:35.0866 8080 LSI_SCSI - ok
21:17:35.0903 8080 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:17:35.0907 8080 luafv - ok
21:17:35.0943 8080 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:17:35.0949 8080 Mcx2Svc - ok
21:17:36.0037 8080 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:17:36.0044 8080 MDM - ok
21:17:36.0069 8080 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:17:36.0092 8080 megasas - ok
21:17:36.0131 8080 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:17:36.0167 8080 MegaSR - ok
21:17:36.0216 8080 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:17:36.0245 8080 MEIx64 - ok
21:17:36.0280 8080 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:17:36.0281 8080 MMCSS - ok
21:17:36.0306 8080 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:17:36.0318 8080 Modem - ok
21:17:36.0338 8080 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:17:36.0347 8080 monitor - ok
21:17:36.0362 8080 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:17:36.0374 8080 mouclass - ok
21:17:36.0418 8080 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
21:17:36.0439 8080 mouhid - ok
21:17:36.0456 8080 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:17:36.0457 8080 mountmgr - ok
21:17:36.0481 8080 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:17:36.0489 8080 mpio - ok
21:17:36.0511 8080 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:17:36.0524 8080 mpsdrv - ok
21:17:36.0563 8080 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:17:36.0571 8080 MpsSvc - ok
21:17:36.0588 8080 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:17:36.0605 8080 MRxDAV - ok
21:17:36.0635 8080 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:17:36.0638 8080 mrxsmb - ok
21:17:36.0659 8080 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:17:36.0667 8080 mrxsmb10 - ok
21:17:36.0700 8080 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:17:36.0702 8080 mrxsmb20 - ok
21:17:36.0722 8080 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:17:36.0732 8080 msahci - ok
21:17:36.0753 8080 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:17:36.0772 8080 msdsm - ok
21:17:36.0799 8080 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:17:36.0835 8080 MSDTC - ok
21:17:36.0866 8080 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:17:36.0867 8080 Msfs - ok
21:17:36.0886 8080 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:17:36.0915 8080 mshidkmdf - ok
21:17:36.0930 8080 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:17:36.0931 8080 msisadrv - ok
21:17:36.0968 8080 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:17:36.0989 8080 MSiSCSI - ok
21:17:36.0995 8080 msiserver - ok
21:17:37.0023 8080 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:17:37.0032 8080 MSKSSRV - ok
21:17:37.0045 8080 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:17:37.0054 8080 MSPCLOCK - ok
21:17:37.0060 8080 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:17:37.0061 8080 MSPQM - ok
21:17:37.0082 8080 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:17:37.0086 8080 MsRPC - ok
21:17:37.0097 8080 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:17:37.0128 8080 mssmbios - ok
21:17:37.0131 8080 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:17:37.0140 8080 MSTEE - ok
21:17:37.0150 8080 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:17:37.0159 8080 MTConfig - ok
21:17:37.0172 8080 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:17:37.0173 8080 Mup - ok
21:17:37.0270 8080 MyWiFiDHCPDNS (f217d7718fd7577af331e89910b2d21e) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:17:37.0315 8080 MyWiFiDHCPDNS - ok
21:17:37.0355 8080 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:17:37.0360 8080 napagent - ok
21:17:37.0411 8080 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:17:37.0435 8080 NativeWifiP - ok
21:17:37.0554 8080 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
21:17:37.0568 8080 NAUpdate - ok
21:17:37.0683 8080 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120206.002\ENG64.SYS
21:17:37.0688 8080 NAVENG - ok
21:17:37.0776 8080 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120206.002\EX64.SYS
21:17:37.0795 8080 NAVEX15 - ok
21:17:37.0947 8080 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
21:17:37.0954 8080 NDIS - ok
21:17:37.0999 8080 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:17:38.0027 8080 NdisCap - ok
21:17:38.0042 8080 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:17:38.0051 8080 NdisTapi - ok
21:17:38.0070 8080 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:17:38.0079 8080 Ndisuio - ok
21:17:38.0092 8080 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:17:38.0104 8080 NdisWan - ok
21:17:38.0124 8080 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:17:38.0139 8080 NDProxy - ok
21:17:38.0152 8080 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:17:38.0153 8080 NetBIOS - ok
21:17:38.0168 8080 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:17:38.0170 8080 NetBT - ok
21:17:38.0199 8080 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:17:38.0201 8080 Netlogon - ok
21:17:38.0247 8080 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:17:38.0257 8080 Netman - ok
21:17:38.0378 8080 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:17:38.0398 8080 NetMsmqActivator - ok
21:17:38.0405 8080 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:17:38.0408 8080 NetPipeActivator - ok
21:17:38.0445 8080 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:17:38.0457 8080 netprofm - ok
21:17:38.0465 8080 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:17:38.0468 8080 NetTcpActivator - ok
21:17:38.0476 8080 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:17:38.0477 8080 NetTcpPortSharing - ok
21:17:38.0824 8080 NETwNs64 (9fd1be1881446d954ff77244ae58fbcb) C:\Windows\system32\DRIVERS\NETwNs64.sys
21:17:38.0923 8080 NETwNs64 - ok
21:17:39.0048 8080 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:17:39.0060 8080 nfrd960 - ok
21:17:39.0102 8080 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:17:39.0106 8080 NlaSvc - ok
21:17:39.0314 8080 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
21:17:39.0338 8080 NOBU - ok
21:17:39.0434 8080 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:17:39.0437 8080 Npfs - ok
21:17:39.0461 8080 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:17:39.0463 8080 nsi - ok
21:17:39.0478 8080 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:17:39.0478 8080 nsiproxy - ok
21:17:39.0567 8080 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:17:39.0581 8080 Ntfs - ok
21:17:39.0613 8080 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:17:39.0627 8080 Null - ok
21:17:39.0661 8080 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:17:39.0679 8080 nvraid - ok
21:17:39.0695 8080 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:17:39.0709 8080 nvstor - ok
21:17:39.0748 8080 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:17:39.0777 8080 nv_agp - ok
21:17:39.0872 8080 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:17:39.0901 8080 odserv - ok
21:17:39.0916 8080 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:17:39.0926 8080 ohci1394 - ok
21:17:39.0969 8080 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:17:40.0026 8080 ose - ok
21:17:40.0063 8080 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:17:40.0088 8080 p2pimsvc - ok
21:17:40.0125 8080 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:17:40.0154 8080 p2psvc - ok
21:17:40.0185 8080 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:17:40.0219 8080 Parport - ok
21:17:40.0251 8080 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:17:40.0254 8080 partmgr - ok
21:17:40.0276 8080 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:17:40.0280 8080 PcaSvc - ok
21:17:40.0307 8080 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:17:40.0310 8080 pci - ok
21:17:40.0322 8080 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:17:40.0338 8080 pciide - ok
21:17:40.0356 8080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:17:40.0373 8080 pcmcia - ok
21:17:40.0400 8080 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:17:40.0403 8080 pcw - ok
21:17:40.0442 8080 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:17:40.0471 8080 PEAUTH - ok
21:17:40.0541 8080 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:17:40.0561 8080 PeerDistSvc - ok
21:17:40.0618 8080 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:17:40.0643 8080 PerfHost - ok
21:17:40.0775 8080 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:17:40.0811 8080 pla - ok
21:17:40.0855 8080 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:17:40.0867 8080 PlugPlay - ok
21:17:40.0883 8080 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:17:40.0889 8080 PNRPAutoReg - ok
21:17:40.0907 8080 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:17:40.0910 8080 PNRPsvc - ok
21:17:40.0957 8080 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:17:40.0967 8080 PolicyAgent - ok
21:17:40.0992 8080 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:17:40.0995 8080 Power - ok
21:17:41.0040 8080 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:17:41.0066 8080 PptpMiniport - ok
21:17:41.0091 8080 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:17:41.0103 8080 Processor - ok
21:17:41.0139 8080 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:17:41.0142 8080 ProfSvc - ok
21:17:41.0170 8080 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:17:41.0172 8080 ProtectedStorage - ok
21:17:41.0211 8080 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:17:41.0213 8080 Psched - ok
21:17:41.0226 8080 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:17:41.0227 8080 PxHlpa64 - ok
21:17:41.0294 8080 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:17:41.0322 8080 ql2300 - ok
21:17:41.0436 8080 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:17:41.0453 8080 ql40xx - ok
21:17:41.0481 8080 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:17:41.0491 8080 QWAVE - ok
21:17:41.0512 8080 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:17:41.0512 8080 QWAVEdrv - ok
21:17:41.0525 8080 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:17:41.0537 8080 RasAcd - ok
21:17:41.0559 8080 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:17:41.0581 8080 RasAgileVpn - ok
21:17:41.0597 8080 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:17:41.0604 8080 RasAuto - ok
21:17:41.0620 8080 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:17:41.0631 8080 Rasl2tp - ok
21:17:41.0663 8080 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:17:41.0667 8080 RasMan - ok
21:17:41.0685 8080 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:17:41.0705 8080 RasPppoe - ok
21:17:41.0715 8080 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:17:41.0725 8080 RasSstp - ok
21:17:41.0744 8080 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:17:41.0748 8080 rdbss - ok
21:17:41.0770 8080 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:17:41.0780 8080 rdpbus - ok
21:17:41.0813 8080 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:17:41.0814 8080 RDPCDD - ok
21:17:41.0872 8080 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:17:41.0906 8080 RDPDR - ok
21:17:41.0925 8080 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:17:41.0925 8080 RDPENCDD - ok
21:17:41.0943 8080 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:17:41.0943 8080 RDPREFMP - ok
21:17:41.0978 8080 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:17:41.0996 8080 RDPWD - ok
21:17:42.0022 8080 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:17:42.0024 8080 rdyboost - ok
21:17:42.0144 8080 RegSrvc (b9a0810d16ea7935b10a5499aba61dc3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:17:42.0161 8080 RegSrvc - ok
21:17:42.0185 8080 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:17:42.0191 8080 RemoteAccess - ok
21:17:42.0216 8080 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:17:42.0225 8080 RemoteRegistry - ok
21:17:42.0281 8080 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:17:42.0313 8080 RFCOMM - ok
21:17:42.0433 8080 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
21:17:42.0460 8080 RoxMediaDB12OEM - ok
21:17:42.0485 8080 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
21:17:42.0496 8080 RoxWatch12 - ok
21:17:42.0595 8080 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:17:42.0600 8080 RpcEptMapper - ok
21:17:42.0628 8080 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:17:42.0639 8080 RpcLocator - ok
21:17:42.0659 8080 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:17:42.0663 8080 RpcSs - ok
21:17:42.0727 8080 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys
21:17:42.0746 8080 RSPCIESTOR - ok
21:17:42.0773 8080 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:17:42.0784 8080 rspndr - ok
21:17:42.0815 8080 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:17:42.0816 8080 SamSs - ok
21:17:42.0842 8080 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:17:42.0864 8080 sbp2port - ok
21:17:42.0896 8080 SBRE - ok
21:17:42.0926 8080 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:17:42.0947 8080 SCardSvr - ok
21:17:42.0957 8080 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:17:42.0969 8080 scfilter - ok
21:17:43.0002 8080 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:17:43.0013 8080 Schedule - ok
21:17:43.0041 8080 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:17:43.0042 8080 SCPolicySvc - ok
21:17:43.0061 8080 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:17:43.0064 8080 SDRSVC - ok
21:17:43.0119 8080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:17:43.0150 8080 secdrv - ok
21:17:43.0157 8080 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:17:43.0159 8080 seclogon - ok
21:17:43.0170 8080 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:17:43.0172 8080 SENS - ok
21:17:43.0190 8080 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:17:43.0196 8080 SensrSvc - ok
21:17:43.0220 8080 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:17:43.0249 8080 Serenum - ok
21:17:43.0282 8080 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:17:43.0313 8080 Serial - ok
21:17:43.0341 8080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:17:43.0350 8080 sermouse - ok
21:17:43.0383 8080 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:17:43.0391 8080 SessionEnv - ok
21:17:43.0404 8080 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:17:43.0417 8080 sffdisk - ok
21:17:43.0428 8080 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:17:43.0440 8080 sffp_mmc - ok
21:17:43.0452 8080 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:17:43.0464 8080 sffp_sd - ok
21:17:43.0474 8080 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:17:43.0486 8080 sfloppy - ok
21:17:43.0608 8080 SftService (29ddea72c5bdf61d62f4d438dc0e497c) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:17:43.0622 8080 SftService - ok
21:17:43.0736 8080 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:17:43.0743 8080 SharedAccess - ok
21:17:43.0787 8080 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:17:43.0798 8080 ShellHWDetection - ok
21:17:43.0857 8080 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:17:43.0881 8080 SiSRaid2 - ok
21:17:43.0900 8080 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:17:43.0914 8080 SiSRaid4 - ok
21:17:44.0010 8080 SlingAgentService (e15176399af40b56ac09a823708b85d7) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
21:17:44.0013 8080 SlingAgentService - ok
21:17:44.0054 8080 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:17:44.0086 8080 Smb - ok
21:17:44.0274 8080 SmcService (4b1dafe4100555239354950ac537c98c) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
21:17:44.0299 8080 SmcService - ok
21:17:44.0332 8080 SNAC (f2544bf1302ebfefd006e32ac55703f4) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
21:17:44.0358 8080 SNAC - ok
21:17:44.0451 8080 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:17:44.0457 8080 SNMPTRAP - ok
21:17:44.0497 8080 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:17:44.0500 8080 spldr - ok
21:17:44.0531 8080 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:17:44.0539 8080 Spooler - ok
21:17:44.0711 8080 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:17:44.0860 8080 sppsvc - ok
21:17:44.0894 8080 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:17:44.0904 8080 sppuinotify - ok
21:17:44.0961 8080 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
21:17:44.0965 8080 SRTSP - ok
21:17:45.0006 8080 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
21:17:45.0049 8080 SRTSPL - ok
21:17:45.0066 8080 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
21:17:45.0077 8080 SRTSPX - ok
21:17:45.0110 8080 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:17:45.0122 8080 srv - ok
21:17:45.0152 8080 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:17:45.0156 8080 srv2 - ok
21:17:45.0176 8080 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:17:45.0178 8080 srvnet - ok
21:17:45.0216 8080 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:17:45.0220 8080 SSDPSRV - ok
21:17:45.0233 8080 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:17:45.0237 8080 SstpSvc - ok
21:17:45.0280 8080 ssudmdm (855335bf5792e56164f98c012e3d92dd) C:\Windows\system32\DRIVERS\ssudmdm.sys
21:17:45.0312 8080 ssudmdm - ok
21:17:45.0349 8080 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
21:17:45.0351 8080 stdcfltn - ok
21:17:45.0372 8080 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:17:45.0405 8080 stexstor - ok
21:17:45.0467 8080 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:17:45.0482 8080 stisvc - ok
21:17:45.0548 8080 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:17:45.0623 8080 stllssvr - ok
21:17:45.0642 8080 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
21:17:45.0653 8080 StorSvc - ok
21:17:45.0662 8080 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:17:45.0671 8080 swenum - ok
21:17:45.0727 8080 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:17:45.0740 8080 swprv - ok
21:17:45.0880 8080 Symantec AntiVirus (b9b3b38a852f13d6f61acb3994872eda) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
21:17:45.0889 8080 Symantec AntiVirus - ok
21:17:46.0016 8080 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:17:46.0037 8080 SymEvent - ok
21:17:46.0107 8080 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
21:17:46.0140 8080 SynTP - ok
21:17:46.0246 8080 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:17:46.0261 8080 SysMain - ok
21:17:46.0300 8080 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:17:46.0314 8080 TabletInputService - ok
21:17:46.0340 8080 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:17:46.0344 8080 TapiSrv - ok
21:17:46.0358 8080 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:17:46.0364 8080 TBS - ok
21:17:46.0505 8080 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:17:46.0536 8080 Tcpip - ok
21:17:46.0638 8080 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:17:46.0661 8080 TCPIP6 - ok
21:17:46.0713 8080 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:17:46.0730 8080 tcpipreg - ok
21:17:46.0746 8080 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:17:46.0759 8080 TDPIPE - ok
21:17:46.0782 8080 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:17:46.0813 8080 TDTCP - ok
21:17:46.0846 8080 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:17:46.0877 8080 tdx - ok
21:17:46.0910 8080 Teefer2 (13657dc475de564247745bf4da23207c) C:\Windows\system32\DRIVERS\teefer2.sys
21:17:46.0913 8080 Teefer2 - ok
21:17:46.0932 8080 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:17:46.0939 8080 TermDD - ok
21:17:46.0991 8080 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:17:47.0009 8080 TermService - ok
21:17:47.0023 8080 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:17:47.0025 8080 Themes - ok
21:17:47.0044 8080 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:17:47.0045 8080 THREADORDER - ok
21:17:47.0077 8080 tihub3 (68fe3d89829e27d4fd5eea7bd2c41985) C:\Windows\system32\DRIVERS\tihub3.sys
21:17:47.0113 8080 tihub3 - ok
21:17:47.0134 8080 tixhci (0102c9633ce1f18a6ac021f28b734db5) C:\Windows\system32\DRIVERS\tixhci.sys
21:17:47.0150 8080 tixhci - ok
21:17:47.0179 8080 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:17:47.0187 8080 TrkWks - ok
21:17:47.0234 8080 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:17:47.0239 8080 TrustedInstaller - ok
21:17:47.0274 8080 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:17:47.0300 8080 tssecsrv - ok
21:17:47.0333 8080 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:17:47.0358 8080 TsUsbFlt - ok
21:17:47.0387 8080 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:17:47.0416 8080 TsUsbGD - ok
21:17:47.0450 8080 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:17:47.0479 8080 tunnel - ok
21:17:47.0509 8080 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
21:17:47.0536 8080 TurboB - ok
21:17:47.0606 8080 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:17:47.0663 8080 TurboBoost - ok
21:17:47.0776 8080 TVersityMediaServer (06bccb3bf0d06adccc4ebc8ef682dd59) C:\ProgramData\TVersity\Media Server\MediaServer.exe
21:17:47.0792 8080 TVersityMediaServer - ok
21:17:47.0916 8080 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:17:47.0957 8080 uagp35 - ok
21:17:47.0985 8080 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:17:48.0021 8080 udfs - ok
21:17:48.0043 8080 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:17:48.0049 8080 UI0Detect - ok
21:17:48.0065 8080 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:17:48.0078 8080 uliagpkx - ok
21:17:48.0092 8080 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:17:48.0102 8080 umbus - ok
21:17:48.0120 8080 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:17:48.0130 8080 UmPass - ok
21:17:48.0177 8080 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:17:48.0197 8080 UmRdpService - ok
21:17:48.0376 8080 UNS (fc43877b4625f6eb773c98233eb625c5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:17:48.0397 8080 UNS - ok
21:17:48.0492 8080 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:17:48.0498 8080 upnphost - ok
21:17:48.0555 8080 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:17:48.0558 8080 USBAAPL64 - ok
21:17:48.0592 8080 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
21:17:48.0622 8080 usbccgp - ok
21:17:48.0651 8080 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:17:48.0667 8080 usbcir - ok
21:17:48.0681 8080 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:17:48.0692 8080 usbehci - ok
21:17:48.0746 8080 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
21:17:48.0771 8080 usbhub - ok
21:17:48.0785 8080 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:17:48.0797 8080 usbohci - ok
21:17:48.0830 8080 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:17:48.0858 8080 usbprint - ok
21:17:48.0895 8080 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:17:48.0921 8080 usbscan - ok
21:17:48.0936 8080 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:17:48.0952 8080 USBSTOR - ok
21:17:48.0980 8080 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:17:48.0992 8080 usbuhci - ok
21:17:49.0021 8080 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:17:49.0034 8080 usbvideo - ok
21:17:49.0050 8080 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:17:49.0051 8080 UxSms - ok
21:17:49.0094 8080 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:17:49.0096 8080 VaultSvc - ok
21:17:49.0106 8080 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:17:49.0108 8080 vdrvroot - ok
21:17:49.0133 8080 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:17:49.0146 8080 vds - ok
21:17:49.0187 8080 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:17:49.0218 8080 vga - ok
21:17:49.0235 8080 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:17:49.0247 8080 VgaSave - ok
21:17:49.0270 8080 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:17:49.0287 8080 vhdmp - ok
21:17:49.0302 8080 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:17:49.0314 8080 viaide - ok
21:17:49.0342 8080 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:17:49.0344 8080 volmgr - ok
21:17:49.0365 8080 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:17:49.0369 8080 volmgrx - ok
21:17:49.0391 8080 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:17:49.0396 8080 volsnap - ok
21:17:49.0434 8080 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:17:49.0467 8080 vsmraid - ok
21:17:49.0541 8080 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:17:49.0563 8080 VSS - ok
21:17:49.0673 8080 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:17:49.0697 8080 vwifibus - ok
21:17:49.0719 8080 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:17:49.0725 8080 vwififlt - ok
21:17:49.0751 8080 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:17:49.0762 8080 vwifimp - ok
21:17:49.0809 8080 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:17:49.0813 8080 W32Time - ok
21:17:49.0843 8080 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:17:49.0925 8080 WacomPen - ok
21:17:49.0953 8080 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:17:50.0029 8080 WANARP - ok
21:17:50.0031 8080 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:17:50.0032 8080 Wanarpv6 - ok
21:17:50.0118 8080 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:17:50.0136 8080 WatAdminSvc - ok
21:17:50.0207 8080 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:17:50.0239 8080 wbengine - ok
21:17:50.0328 8080 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:17:50.0353 8080 WbioSrvc - ok
21:17:50.0379 8080 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:17:50.0391 8080 wcncsvc - ok
21:17:50.0409 8080 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:17:50.0418 8080 WcsPlugInService - ok
21:17:50.0462 8080 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:17:50.0480 8080 Wd - ok
21:17:50.0531 8080 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:17:50.0545 8080 Wdf01000 - ok
21:17:50.0566 8080 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:17:50.0570 8080 WdiServiceHost - ok
21:17:50.0574 8080 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:17:50.0577 8080 WdiSystemHost - ok
21:17:50.0595 8080 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:17:50.0606 8080 WebClient - ok
21:17:50.0624 8080 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:17:50.0634 8080 Wecsvc - ok
21:17:50.0646 8080 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:17:50.0649 8080 wercplsupport - ok
21:17:50.0674 8080 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:17:50.0676 8080 WerSvc - ok
21:17:50.0710 8080 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:17:50.0743 8080 WfpLwf - ok
21:17:50.0770 8080 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:17:50.0800 8080 WimFltr - ok
21:17:50.0822 8080 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:17:50.0834 8080 WIMMount - ok
21:17:50.0865 8080 WinDefend - ok
21:17:50.0872 8080 WinHttpAutoProxySvc - ok
21:17:50.0913 8080 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:17:50.0915 8080 Winmgmt - ok
21:17:51.0016 8080 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:17:51.0041 8080 WinRM - ok
21:17:51.0158 8080 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:17:51.0160 8080 WinUsb - ok
21:17:51.0210 8080 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:17:51.0219 8080 Wlansvc - ok
21:17:51.0289 8080 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:17:51.0324 8080 wlcrasvc - ok
21:17:51.0464 8080 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:17:51.0483 8080 wlidsvc - ok
21:17:51.0595 8080 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:17:51.0628 8080 WmiAcpi - ok
21:17:51.0687 8080 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:17:51.0739 8080 wmiApSrv - ok
21:17:51.0795 8080 WMPNetworkSvc - ok
21:17:51.0832 8080 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:17:51.0850 8080 WPCSvc - ok
21:17:51.0868 8080 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:17:51.0913 8080 WPDBusEnum - ok
21:17:51.0939 8080 WPS (c69b8fbd21a386446cb795fb295e95d7) C:\Windows\system32\drivers\wpsdrvnt.sys
21:17:51.0940 8080 WPS - ok
21:17:51.0977 8080 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
21:17:51.0980 8080 WpsHelper - ok
21:17:51.0995 8080 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:17:51.0996 8080 ws2ifsl - ok
21:17:52.0016 8080 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:17:52.0022 8080 wscsvc - ok
21:17:52.0048 8080 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:17:52.0058 8080 WSDPrintDevice - ok
21:17:52.0087 8080 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
21:17:52.0106 8080 WSDScan - ok
21:17:52.0114 8080 WSearch - ok
21:17:52.0246 8080 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:17:52.0266 8080 wuauserv - ok
21:17:52.0384 8080 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:17:52.0419 8080 WudfPf - ok
21:17:52.0452 8080 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:17:52.0454 8080 WUDFRd - ok
21:17:52.0487 8080 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:17:52.0496 8080 wudfsvc - ok
21:17:52.0516 8080 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:17:52.0526 8080 WwanSvc - ok
21:17:52.0550 8080 ZTEusbmdm6k - ok
21:17:52.0562 8080 ZTEusbnmea - ok
21:17:52.0576 8080 ZTEusbser6k - ok
21:17:52.0608 8080 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:17:52.0787 8080 \Device\Harddisk0\DR0 - ok
21:17:52.0789 8080 Boot (0x1200) (aa741633cfe53f154b34c9425c03cd76) \Device\Harddisk0\DR0\Partition0
21:17:52.0790 8080 \Device\Harddisk0\DR0\Partition0 - ok
21:17:52.0800 8080 Boot (0x1200) (0a6e672b3a45d97a6100db9dfb872d51) \Device\Harddisk0\DR0\Partition1
21:17:52.0801 8080 \Device\Harddisk0\DR0\Partition1 - ok
21:17:52.0801 8080 ============================================================
21:17:52.0801 8080 Scan finished
21:17:52.0801 8080 ============================================================
21:17:52.0808 7768 Detected object count: 0
21:17:52.0808 7768 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 05 July 2012 - 09:14 PM

Greetings


Very good - now let me have the aswMBR report when complete
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ParkGord

ParkGord
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 05 July 2012 - 09:22 PM

And here is the Avast aswMBR log. Thanks again.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 21:21:36
-----------------------------
21:21:36.736 OS Version: Windows x64 6.1.7601 Service Pack 1
21:21:36.737 Number of processors: 4 586 0x2A07
21:21:36.737 ComputerName: PGORDON-PC UserName: PGordon
21:21:37.839 Initialize success
21:22:14.359 AVAST engine defs: 12070501
21:22:36.907 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:22:36.912 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 476940MB BusType: 3
21:22:36.926 Disk 0 MBR read successfully
21:22:36.928 Disk 0 MBR scan
21:22:36.932 Disk 0 Windows VISTA default MBR code
21:22:36.934 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
21:22:36.938 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13568 MB offset 81920
21:22:36.954 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463328 MB offset 27869184
21:22:37.014 Disk 0 scanning C:\Windows\system32\drivers
21:22:51.325 Service scanning
21:23:21.932 Modules scanning
21:23:21.950 Disk 0 trace - called modules:
21:23:21.976 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
21:23:22.317 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800814d060]
21:23:22.329 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8007fc4a50]
21:23:22.336 5 stdcfltn.sys[fffff88001b83c52] -> nt!IofCallDriver -> [0xfffffa8006288630]
21:23:22.340 7 ACPI.sys[fffff88000f1a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062aa050]
21:23:23.316 AVAST engine scan C:\Windows
21:23:40.263 AVAST engine scan C:\Windows\system32
21:28:53.994 AVAST engine scan C:\Windows\system32\drivers
21:29:21.183 AVAST engine scan C:\Users\pgordon
21:34:22.044 AVAST engine scan C:\ProgramData
21:36:25.274 Scan finished successfully
22:20:08.653 Disk 0 MBR has been saved successfully to "C:\Users\pgordon\Desktop\MBR.dat"
22:20:08.659 The log file has been saved successfully to "C:\Users\pgordon\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 05 July 2012 - 09:44 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Yontoo
c:\programdata\Tarma Installer

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 07 July 2012 - 11:32 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users