Jump to content

ellhorn

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.14.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Malicsi :: MALICSI-HP [administrator] Protection: Enabled 7/14/2012 1:15:56 PM mbam-log-2012-07-14 (13-15-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 219374 Time elapsed: 2 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) It's running perfectly! Thank you so much for the help!
  2. ComboFix 12-07-14.01 - Malicsi 07/14/2012 11:54:41.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3746 [GMT -7:00] Running from: c:\users\Malicsi\Desktop\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Incredibar.com c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe c:\programdata\Roaming c:\windows\svchost.exe c:\windows\SysWow64\C__Windows_system32_config_systemprofile_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_LFZ6Y0HK_CACAZOV4.HTM . . ((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 ))))))))))))))))))))))))))))))) . . 2012-07-14 19:48 . 2012-07-14 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-14 17:20 . 2012-07-14 17:27 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-13 10:41 . 2012-07-13 10:41 388096 ----a-r- c:\users\Malicsi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-13 10:41 . 2012-07-13 10:41 -------- d-----w- c:\program files (x86)\Trend Micro 2012-07-12 17:03 . 2012-07-12 17:03 -------- d-----w- c:\users\Malicsi\AppData\Roaming\Malwarebytes 2012-07-12 17:03 . 2012-07-12 17:03 -------- d-----w- c:\programdata\Malwarebytes 2012-07-12 17:03 . 2012-07-12 17:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-12 17:03 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-12 09:12 . 2012-07-12 09:12 -------- d-----w- c:\program files (x86)\AVG 2012-07-12 09:08 . 2012-07-13 10:50 -------- d-----w- c:\programdata\MFAData 2012-07-12 09:08 . 2012-07-12 09:08 -------- d--h--w- c:\programdata\Common Files 2012-07-11 10:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 10:00 . 2012-06-02 12:12 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-07-11 09:44 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 09:44 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-11 09:44 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 09:44 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-11 09:44 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-11 09:44 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2012-07-11 09:43 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-11 09:43 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 09:43 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-11 09:43 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 09:43 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-11 09:43 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-07-11 09:43 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-07-11 09:43 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-07-11 09:43 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-07-02 09:31 . 2012-07-02 09:31 -------- d-----w- c:\users\Malicsi\AppData\Roaming\WinZip 2012-07-02 09:31 . 2012-07-02 09:31 -------- d-----w- c:\program files (x86)\WinZip Driver Updater 2012-06-26 08:04 . 2012-07-02 09:31 -------- d-----w- c:\program files (x86)\uTorrentControl2 2012-06-21 06:04 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 06:04 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 06:04 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 06:04 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 06:03 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 06:03 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 06:03 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 06:03 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 06:03 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-20 00:35 . 2012-06-20 00:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2012-06-16 01:48 . 2012-06-16 01:49 -------- d-----w- c:\program files\iTunes 2012-06-16 01:48 . 2012-06-16 01:49 -------- d-----w- c:\program files (x86)\iTunes 2012-06-16 01:48 . 2012-06-16 01:48 -------- d-----w- c:\program files\iPod . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 09:06 . 2012-04-05 06:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 09:06 . 2012-01-30 19:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-31 04:04 . 2012-07-14 07:56 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6A98E79-41AC-461E-B480-4D270CE2AF33}\mpengine.dll 2012-05-01 05:40 . 2012-06-14 07:12 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 07:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 07:12 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 07:12 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 07:12 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 07:11 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 07:11 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 07:11 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 07:11 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 07:11 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 07:11 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2012-1-31 45056] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-01-21 1157240] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [2011-01-27 171128] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 ALSysIO;ALSysIO;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-13 9259520] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-13 301568] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-06 138360] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160] R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-26 12262336] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-24 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [2011-01-27 450680] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [2011-03-15 912504] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120214.003\IDSvia64.sys [2012-01-29 488568] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [2011-04-21 386168] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-31 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-13 203776] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-31 2413056] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-20 3048136] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-31 338536] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 09:06] . 2012-07-12 c:\windows\Tasks\HPCeeScheduleForMalicsi.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-16 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-16 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-16 416024] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-31 1128448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://mystart.incredibar.com/mb139?a=6R8ubcdc2o&i=26 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Malicsi\AppData\Roaming\Mozilla\Firefox\Profiles\rb55nk9o.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - facebook.com FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5afa7270-21bd-453f-a893-c5235a78bcb6%7D&mid=75c3ace8c20347d0be18c15632fd24bf-2e9e459ab3d14f309204e6e90950dbe54f11dadf&ds=AVG&v=11.1.0.12〈=en&pr=fr&d=2012-07-12%2002%3A16%3A04&sap=ku&q= FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8ubcdc2o&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - aa4bd85b000000000000ac8112a63e5b FF - user.js: extensions.incredibar_i.instlDay - 15487 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.145:45 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6R8ubcdc2o FF - user.js: extensions.incredibar_i.upn2n - 92824432055419708 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10659 FF - user.js: extensions.incredibar_i.ppd - 105%5F5 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8, 0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70 "{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66, 6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17 "{F9639E4A-801B-4843-AEE3-03D9DA199E77}"=hex:51,66,7a,6c,4c,1d,38,12,24,9d,70, fd,29,ce,2d,0d,d1,f5,40,99,df,47,da,63 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}"=hex:51,66,7a,6c,4c,1d,38,12,8f,de,00, 6a,5c,65,a0,03,f4,70,9f,cb,f6,31,2f,8d "{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83, 81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77, b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:83,27,bb,ec,1e,4d,cd,01 . [HKEY_USERS\S-1-5-21-282408895-3333434447-599352310-1001\Software\SecuROM\License information*] "datasecu"=hex:2a,ba,fa,b3,48,96,5b,6c,ea,b3,e2,6b,a0,8b,f8,d4,e0,55,4c,76,e9, f0,e0,11,f1,50,53,e4,29,59,2c,8e,99,e0,1c,35,3d,b4,fc,06,fb,d1,3b,4f,19,6d,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Internet Explorer\IELowutil.exe . ************************************************************************** . Completion time: 2012-07-14 12:56:43 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-14 19:56 . Pre-Run: 306,534,154,240 bytes free Post-Run: 313,251,217,408 bytes free . - - End Of File - - 142362316A32208C6F3AF2B63EA4C14B
  3. 10:24:19.0821 5716 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 10:24:20.0229 5716 ============================================================ 10:24:20.0229 5716 Current date / time: 2012/07/14 10:24:20.0229 10:24:20.0229 5716 SystemInfo: 10:24:20.0229 5716 10:24:20.0230 5716 OS Version: 6.1.7601 ServicePack: 1.0 10:24:20.0230 5716 Product type: Workstation 10:24:20.0230 5716 ComputerName: MALICSI-HP 10:24:20.0230 5716 UserName: Malicsi 10:24:20.0230 5716 Windows directory: C:\Windows 10:24:20.0230 5716 System windows directory: C:\Windows 10:24:20.0230 5716 Running under WOW64 10:24:20.0230 5716 Processor architecture: Intel x64 10:24:20.0230 5716 Number of processors: 4 10:24:20.0230 5716 Page size: 0x1000 10:24:20.0230 5716 Boot type: Normal boot 10:24:20.0230 5716 ============================================================ 10:24:24.0611 5716 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:24:24.0624 5716 ============================================================ 10:24:24.0624 5716 \Device\Harddisk0\DR0: 10:24:24.0624 5716 MBR partitions: 10:24:24.0624 5716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000 10:24:24.0624 5716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x3864B000 10:24:24.0624 5716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x386AF800, BlocksNum 0x1CA2000 10:24:24.0624 5716 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xE, StartLBA 0x3A351800, BlocksNum 0x34030 10:24:24.0624 5716 ============================================================ 10:24:24.0651 5716 C: <-> \Device\Harddisk0\DR0\Partition1 10:24:24.0695 5716 D: <-> \Device\Harddisk0\DR0\Partition2 10:24:24.0706 5716 F: <-> \Device\Harddisk0\DR0\Partition3 10:24:24.0706 5716 ============================================================ 10:24:24.0706 5716 Initialize success 10:24:24.0706 5716 ============================================================ 10:24:47.0303 2464 ============================================================ 10:24:47.0303 2464 Scan started 10:24:47.0303 2464 Mode: Manual; SigCheck; TDLFS; 10:24:47.0303 2464 ============================================================ 10:24:49.0678 2464 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 10:24:49.0965 2464 1394ohci - ok 10:24:50.0321 2464 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys 10:24:50.0397 2464 Accelerometer - ok 10:24:50.0477 2464 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 10:24:50.0515 2464 ACPI - ok 10:24:51.0554 2464 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 10:24:51.0654 2464 AcpiPmi - ok 10:24:51.0820 2464 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 10:24:51.0842 2464 AdobeARMservice - ok 10:24:51.0995 2464 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 10:24:52.0030 2464 AdobeFlashPlayerUpdateSvc - ok 10:24:52.0098 2464 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 10:24:52.0143 2464 adp94xx - ok 10:24:52.0199 2464 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 10:24:52.0228 2464 adpahci - ok 10:24:52.0246 2464 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 10:24:52.0271 2464 adpu320 - ok 10:24:52.0372 2464 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 10:24:52.0838 2464 AeLookupSvc - ok 10:24:52.0960 2464 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe 10:24:53.0056 2464 AESTFilters - ok 10:24:53.0191 2464 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 10:24:53.0295 2464 AFD - ok 10:24:53.0333 2464 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 10:24:53.0358 2464 agp440 - ok 10:24:53.0405 2464 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 10:24:53.0466 2464 ALG - ok 10:24:53.0529 2464 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 10:24:53.0553 2464 aliide - ok 10:24:53.0604 2464 ALSysIO - ok 10:24:53.0691 2464 AMD External Events Utility (951f9713ebb69866ea24e4e53d270a02) C:\Windows\system32\atiesrxx.exe 10:24:53.0761 2464 AMD External Events Utility - ok 10:24:53.0814 2464 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 10:24:53.0836 2464 amdide - ok 10:24:53.0859 2464 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 10:24:53.0963 2464 AmdK8 - ok 10:24:54.0922 2464 amdkmdag (c4a36b9afb5c993c0a750589bbeac845) C:\Windows\system32\DRIVERS\atikmdag.sys 10:24:55.0384 2464 amdkmdag - ok 10:24:55.0590 2464 amdkmdap (ee789ea97d06bec75fcd5e69bb69a93b) C:\Windows\system32\DRIVERS\atikmpag.sys 10:24:55.0649 2464 amdkmdap - ok 10:24:55.0685 2464 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 10:24:55.0796 2464 AmdPPM - ok 10:24:55.0836 2464 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 10:24:55.0868 2464 amdsata - ok 10:24:55.0893 2464 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 10:24:55.0932 2464 amdsbs - ok 10:24:55.0965 2464 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 10:24:55.0994 2464 amdxata - ok 10:24:56.0043 2464 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 10:24:56.0231 2464 AppID - ok 10:24:56.0270 2464 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 10:24:56.0358 2464 AppIDSvc - ok 10:24:56.0376 2464 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 10:24:56.0505 2464 Appinfo - ok 10:24:56.0655 2464 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 10:24:56.0685 2464 Apple Mobile Device - ok 10:24:56.0721 2464 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 10:24:56.0750 2464 arc - ok 10:24:56.0773 2464 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 10:24:56.0807 2464 arcsas - ok 10:24:56.0831 2464 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 10:24:56.0969 2464 AsyncMac - ok 10:24:57.0022 2464 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 10:24:57.0052 2464 atapi - ok 10:24:57.0168 2464 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:24:57.0309 2464 AudioEndpointBuilder - ok 10:24:57.0327 2464 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:24:57.0469 2464 AudioSrv - ok 10:24:57.0532 2464 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 10:24:57.0632 2464 AxInstSV - ok 10:24:57.0710 2464 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 10:24:57.0772 2464 b06bdrv - ok 10:24:57.0816 2464 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 10:24:57.0881 2464 b57nd60a - ok 10:24:58.0019 2464 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 10:24:58.0069 2464 BBSvc - ok 10:24:58.0457 2464 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys 10:24:58.0588 2464 BCM43XX - ok 10:24:58.0718 2464 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 10:24:58.0757 2464 BDESVC - ok 10:24:58.0935 2464 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 10:24:59.0056 2464 Beep - ok 10:24:59.0176 2464 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 10:24:59.0344 2464 BFE - ok 10:24:59.0617 2464 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys 10:24:59.0670 2464 BHDrvx64 - ok 10:24:59.0800 2464 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 10:24:59.0944 2464 BITS - ok 10:24:59.0985 2464 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 10:25:00.0008 2464 blbdrive - ok 10:25:00.0292 2464 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 10:25:00.0317 2464 Bonjour Service - ok 10:25:00.0402 2464 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 10:25:00.0493 2464 bowser - ok 10:25:00.0534 2464 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 10:25:00.0590 2464 BrFiltLo - ok 10:25:00.0597 2464 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 10:25:00.0630 2464 BrFiltUp - ok 10:25:00.0673 2464 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 10:25:00.0826 2464 Browser - ok 10:25:00.0876 2464 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 10:25:00.0955 2464 Brserid - ok 10:25:00.0964 2464 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 10:25:01.0011 2464 BrSerWdm - ok 10:25:01.0044 2464 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 10:25:01.0102 2464 BrUsbMdm - ok 10:25:01.0128 2464 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 10:25:01.0181 2464 BrUsbSer - ok 10:25:01.0207 2464 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 10:25:01.0249 2464 BTHMODEM - ok 10:25:01.0337 2464 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 10:25:01.0449 2464 bthserv - ok 10:25:01.0559 2464 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 10:25:01.0738 2464 cdfs - ok 10:25:01.0778 2464 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 10:25:01.0868 2464 cdrom - ok 10:25:01.0948 2464 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:25:02.0079 2464 CertPropSvc - ok 10:25:02.0154 2464 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 10:25:02.0213 2464 circlass - ok 10:25:02.0277 2464 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 10:25:02.0342 2464 CLFS - ok 10:25:02.0555 2464 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:25:02.0584 2464 clr_optimization_v2.0.50727_32 - ok 10:25:02.0790 2464 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 10:25:02.0822 2464 clr_optimization_v2.0.50727_64 - ok 10:25:02.0889 2464 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:25:02.0978 2464 clr_optimization_v4.0.30319_32 - ok 10:25:03.0027 2464 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 10:25:03.0052 2464 clr_optimization_v4.0.30319_64 - ok 10:25:03.0186 2464 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys 10:25:03.0215 2464 clwvd - ok 10:25:03.0233 2464 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 10:25:03.0287 2464 CmBatt - ok 10:25:03.0323 2464 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 10:25:03.0353 2464 cmdide - ok 10:25:03.0405 2464 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 10:25:03.0473 2464 CNG - ok 10:25:03.0498 2464 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 10:25:03.0520 2464 Compbatt - ok 10:25:03.0547 2464 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 10:25:03.0586 2464 CompositeBus - ok 10:25:03.0598 2464 COMSysApp - ok 10:25:03.0618 2464 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 10:25:03.0641 2464 crcdisk - ok 10:25:03.0692 2464 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 10:25:03.0752 2464 CryptSvc - ok 10:25:03.0809 2464 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:25:03.0923 2464 DcomLaunch - ok 10:25:04.0022 2464 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 10:25:04.0147 2464 defragsvc - ok 10:25:04.0205 2464 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 10:25:04.0311 2464 DfsC - ok 10:25:04.0370 2464 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 10:25:04.0511 2464 Dhcp - ok 10:25:04.0529 2464 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 10:25:04.0637 2464 discache - ok 10:25:04.0824 2464 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 10:25:04.0848 2464 Disk - ok 10:25:04.0895 2464 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 10:25:04.0954 2464 Dnscache - ok 10:25:05.0003 2464 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 10:25:05.0107 2464 dot3svc - ok 10:25:05.0223 2464 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 10:25:05.0328 2464 DPS - ok 10:25:05.0365 2464 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 10:25:05.0421 2464 drmkaud - ok 10:25:05.0500 2464 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 10:25:05.0562 2464 DXGKrnl - ok 10:25:05.0607 2464 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 10:25:05.0724 2464 EapHost - ok 10:25:06.0223 2464 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 10:25:06.0395 2464 ebdrv - ok 10:25:06.0585 2464 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 10:25:06.0620 2464 eeCtrl - ok 10:25:06.0784 2464 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 10:25:06.0841 2464 EFS - ok 10:25:06.0982 2464 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 10:25:07.0051 2464 ehRecvr - ok 10:25:07.0077 2464 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 10:25:07.0116 2464 ehSched - ok 10:25:07.0254 2464 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 10:25:07.0292 2464 elxstor - ok 10:25:07.0401 2464 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 10:25:07.0425 2464 EraserUtilRebootDrv - ok 10:25:07.0433 2464 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 10:25:07.0477 2464 ErrDev - ok 10:25:07.0560 2464 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 10:25:07.0686 2464 EventSystem - ok 10:25:07.0924 2464 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 10:25:08.0025 2464 EvtEng - ok 10:25:08.0137 2464 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 10:25:08.0231 2464 exfat - ok 10:25:08.0266 2464 ezSharedSvc - ok 10:25:08.0296 2464 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 10:25:08.0411 2464 fastfat - ok 10:25:08.0477 2464 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 10:25:08.0533 2464 Fax - ok 10:25:08.0571 2464 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 10:25:08.0596 2464 fdc - ok 10:25:08.0622 2464 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 10:25:08.0736 2464 fdPHost - ok 10:25:08.0765 2464 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 10:25:08.0863 2464 FDResPub - ok 10:25:08.0883 2464 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 10:25:08.0912 2464 FileInfo - ok 10:25:08.0941 2464 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 10:25:09.0055 2464 Filetrace - ok 10:25:09.0081 2464 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 10:25:09.0109 2464 flpydisk - ok 10:25:09.0153 2464 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 10:25:09.0190 2464 FltMgr - ok 10:25:09.0289 2464 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 10:25:09.0369 2464 FontCache - ok 10:25:09.0421 2464 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 10:25:09.0438 2464 FontCache3.0.0.0 - ok 10:25:09.0582 2464 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe 10:25:09.0613 2464 FPLService - ok 10:25:09.0692 2464 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 10:25:09.0714 2464 FsDepends - ok 10:25:09.0744 2464 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 10:25:09.0764 2464 Fs_Rec - ok 10:25:09.0799 2464 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 10:25:09.0834 2464 fvevol - ok 10:25:09.0866 2464 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 10:25:09.0891 2464 gagp30kx - ok 10:25:09.0967 2464 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 10:25:09.0984 2464 GamesAppService - ok 10:25:10.0076 2464 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:25:10.0087 2464 GEARAspiWDM - ok 10:25:10.0171 2464 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 10:25:10.0292 2464 gpsvc - ok 10:25:10.0349 2464 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 10:25:10.0410 2464 hcw85cir - ok 10:25:10.0497 2464 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 10:25:10.0560 2464 HdAudAddService - ok 10:25:10.0588 2464 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 10:25:10.0645 2464 HDAudBus - ok 10:25:10.0734 2464 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 10:25:10.0784 2464 HidBatt - ok 10:25:10.0796 2464 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 10:25:10.0872 2464 HidBth - ok 10:25:11.0099 2464 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 10:25:11.0141 2464 HidIr - ok 10:25:11.0393 2464 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 10:25:11.0501 2464 hidserv - ok 10:25:11.0566 2464 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 10:25:11.0596 2464 HidUsb - ok 10:25:11.0760 2464 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 10:25:11.0891 2464 hkmsvc - ok 10:25:12.0463 2464 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 10:25:12.0513 2464 HomeGroupListener - ok 10:25:12.0556 2464 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 10:25:12.0611 2464 HomeGroupProvider - ok 10:25:12.0707 2464 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 10:25:12.0726 2464 HP Support Assistant Service - ok 10:25:12.0796 2464 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 10:25:12.0826 2464 HPClientSvc - ok 10:25:12.0938 2464 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe 10:25:13.0007 2464 hpCMSrv - ok 10:25:13.0092 2464 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 10:25:13.0117 2464 HPDrvMntSvc.exe - ok 10:25:13.0221 2464 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys 10:25:13.0242 2464 hpdskflt - ok 10:25:13.0353 2464 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 10:25:13.0408 2464 hpqwmiex - ok 10:25:13.0453 2464 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 10:25:13.0481 2464 HpSAMD - ok 10:25:13.0510 2464 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe 10:25:13.0534 2464 hpsrv - ok 10:25:13.0606 2464 HPWMISVC (491ce9b6321fb74e4b37af2c47f98434) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 10:25:13.0625 2464 HPWMISVC - ok 10:25:13.0697 2464 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 10:25:13.0846 2464 HTTP - ok 10:25:13.0883 2464 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 10:25:13.0906 2464 hwpolicy - ok 10:25:13.0938 2464 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 10:25:13.0971 2464 i8042prt - ok 10:25:14.0050 2464 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys 10:25:14.0089 2464 iaStor - ok 10:25:14.0181 2464 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 10:25:14.0198 2464 IAStorDataMgrSvc - ok 10:25:14.0309 2464 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 10:25:14.0353 2464 iaStorV - ok 10:25:14.0529 2464 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 10:25:14.0636 2464 IconMan_R ( UnsignedFile.Multi.Generic ) - warning 10:25:14.0636 2464 IconMan_R - detected UnsignedFile.Multi.Generic (1) 10:25:14.0768 2464 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 10:25:14.0799 2464 IDriverT ( UnsignedFile.Multi.Generic ) - warning 10:25:14.0799 2464 IDriverT - detected UnsignedFile.Multi.Generic (1) 10:25:14.0944 2464 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 10:25:15.0007 2464 idsvc - ok 10:25:15.0171 2464 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120214.003\IDSvia64.sys 10:25:15.0206 2464 IDSVia64 - ok 10:25:15.0908 2464 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys 10:25:16.0569 2464 igfx - ok 10:25:16.0763 2464 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 10:25:16.0788 2464 iirsp - ok 10:25:16.0855 2464 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 10:25:16.0986 2464 IKEEXT - ok 10:25:17.0061 2464 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 10:25:17.0108 2464 IntcDAud - ok 10:25:17.0115 2464 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 10:25:17.0139 2464 intelide - ok 10:25:18.0506 2464 intelkmd (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdpmd64.sys 10:25:19.0068 2464 intelkmd - ok 10:25:19.0364 2464 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 10:25:19.0434 2464 intelppm - ok 10:25:19.0542 2464 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 10:25:19.0659 2464 IPBusEnum - ok 10:25:19.0686 2464 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:25:19.0776 2464 IpFilterDriver - ok 10:25:19.0931 2464 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 10:25:20.0082 2464 iphlpsvc - ok 10:25:20.0208 2464 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 10:25:20.0254 2464 IPMIDRV - ok 10:25:20.0267 2464 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 10:25:20.0388 2464 IPNAT - ok 10:25:20.0547 2464 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe 10:25:20.0610 2464 iPod Service - ok 10:25:20.0656 2464 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 10:25:20.0694 2464 IRENUM - ok 10:25:20.0711 2464 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 10:25:20.0733 2464 isapnp - ok 10:25:20.0756 2464 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 10:25:20.0789 2464 iScsiPrt - ok 10:25:20.0818 2464 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 10:25:20.0839 2464 kbdclass - ok 10:25:20.0858 2464 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 10:25:20.0906 2464 kbdhid - ok 10:25:20.0942 2464 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:25:20.0963 2464 KeyIso - ok 10:25:21.0007 2464 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 10:25:21.0032 2464 KSecDD - ok 10:25:21.0057 2464 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 10:25:21.0081 2464 KSecPkg - ok 10:25:21.0115 2464 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 10:25:21.0200 2464 ksthunk - ok 10:25:21.0250 2464 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 10:25:21.0351 2464 KtmRm - ok 10:25:21.0400 2464 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 10:25:21.0481 2464 LanmanServer - ok 10:25:21.0518 2464 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 10:25:21.0595 2464 LanmanWorkstation - ok 10:25:21.0640 2464 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 10:25:21.0723 2464 lltdio - ok 10:25:21.0775 2464 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 10:25:21.0859 2464 lltdsvc - ok 10:25:21.0879 2464 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 10:25:21.0945 2464 lmhosts - ok 10:25:22.0034 2464 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 10:25:22.0058 2464 LMS - ok 10:25:22.0097 2464 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 10:25:22.0116 2464 LSI_FC - ok 10:25:22.0126 2464 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 10:25:22.0143 2464 LSI_SAS - ok 10:25:22.0153 2464 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 10:25:22.0168 2464 LSI_SAS2 - ok 10:25:22.0179 2464 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 10:25:22.0197 2464 LSI_SCSI - ok 10:25:22.0222 2464 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 10:25:22.0295 2464 luafv - ok 10:25:22.0366 2464 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 10:25:22.0380 2464 MBAMProtector - ok 10:25:22.0479 2464 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 10:25:22.0513 2464 MBAMService - ok 10:25:22.0535 2464 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 10:25:22.0570 2464 Mcx2Svc - ok 10:25:22.0596 2464 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 10:25:22.0622 2464 megasas - ok 10:25:22.0652 2464 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 10:25:22.0687 2464 MegaSR - ok 10:25:22.0715 2464 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 10:25:22.0735 2464 MEIx64 - ok 10:25:22.0779 2464 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:25:22.0885 2464 MMCSS - ok 10:25:22.0893 2464 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 10:25:22.0984 2464 Modem - ok 10:25:23.0023 2464 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 10:25:23.0071 2464 monitor - ok 10:25:23.0111 2464 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 10:25:23.0135 2464 mouclass - ok 10:25:23.0172 2464 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys 10:25:23.0216 2464 mouhid - ok 10:25:23.0244 2464 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 10:25:23.0270 2464 mountmgr - ok 10:25:23.0367 2464 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 10:25:23.0393 2464 MozillaMaintenance - ok 10:25:23.0408 2464 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 10:25:23.0436 2464 mpio - ok 10:25:23.0458 2464 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 10:25:23.0547 2464 mpsdrv - ok 10:25:23.0612 2464 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 10:25:23.0716 2464 MpsSvc - ok 10:25:23.0744 2464 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 10:25:23.0794 2464 MRxDAV - ok 10:25:23.0834 2464 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:25:23.0895 2464 mrxsmb - ok 10:25:23.0940 2464 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:25:23.0973 2464 mrxsmb10 - ok 10:25:23.0995 2464 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:25:24.0024 2464 mrxsmb20 - ok 10:25:24.0052 2464 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 10:25:24.0076 2464 msahci - ok 10:25:24.0101 2464 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 10:25:24.0132 2464 msdsm - ok 10:25:24.0202 2464 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 10:25:24.0256 2464 MSDTC - ok 10:25:24.0292 2464 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 10:25:24.0378 2464 Msfs - ok 10:25:24.0393 2464 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 10:25:24.0496 2464 mshidkmdf - ok 10:25:24.0519 2464 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 10:25:24.0543 2464 msisadrv - ok 10:25:24.0597 2464 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 10:25:24.0708 2464 MSiSCSI - ok 10:25:24.0713 2464 msiserver - ok 10:25:24.0763 2464 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 10:25:24.0878 2464 MSKSSRV - ok 10:25:24.0884 2464 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 10:25:24.0982 2464 MSPCLOCK - ok 10:25:24.0988 2464 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 10:25:25.0082 2464 MSPQM - ok 10:25:25.0126 2464 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 10:25:25.0163 2464 MsRPC - ok 10:25:25.0187 2464 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 10:25:25.0211 2464 mssmbios - ok 10:25:25.0216 2464 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 10:25:25.0320 2464 MSTEE - ok 10:25:25.0328 2464 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 10:25:25.0356 2464 MTConfig - ok 10:25:25.0396 2464 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 10:25:25.0420 2464 Mup - ok 10:25:25.0528 2464 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 10:25:25.0561 2464 MyWiFiDHCPDNS - ok 10:25:25.0629 2464 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 10:25:25.0749 2464 napagent - ok 10:25:25.0817 2464 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 10:25:25.0887 2464 NativeWifiP - ok 10:25:26.0030 2464 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120214.023\ENG64.SYS 10:25:26.0052 2464 NAVENG - ok 10:25:26.0175 2464 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120214.023\EX64.SYS 10:25:26.0280 2464 NAVEX15 - ok 10:25:26.0447 2464 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 10:25:26.0510 2464 NDIS - ok 10:25:26.0538 2464 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 10:25:26.0647 2464 NdisCap - ok 10:25:26.0678 2464 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 10:25:26.0766 2464 NdisTapi - ok 10:25:26.0775 2464 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 10:25:26.0862 2464 Ndisuio - ok 10:25:26.0890 2464 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 10:25:26.0993 2464 NdisWan - ok 10:25:27.0022 2464 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 10:25:27.0108 2464 NDProxy - ok 10:25:27.0123 2464 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 10:25:27.0226 2464 NetBIOS - ok 10:25:27.0247 2464 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 10:25:27.0338 2464 NetBT - ok 10:25:27.0376 2464 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:25:27.0405 2464 Netlogon - ok 10:25:27.0465 2464 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 10:25:27.0584 2464 Netman - ok 10:25:27.0696 2464 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 10:25:27.0843 2464 netprofm - ok 10:25:27.0958 2464 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:25:27.0986 2464 NetTcpPortSharing - ok 10:25:29.0071 2464 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys 10:25:29.0435 2464 NETwNs64 - ok 10:25:29.0635 2464 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 10:25:29.0661 2464 nfrd960 - ok 10:25:29.0771 2464 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe 10:25:29.0799 2464 NIS - ok 10:25:29.0858 2464 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 10:25:29.0969 2464 NlaSvc - ok 10:25:30.0001 2464 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 10:25:30.0087 2464 Npfs - ok 10:25:30.0099 2464 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 10:25:30.0210 2464 nsi - ok 10:25:30.0237 2464 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 10:25:30.0323 2464 nsiproxy - ok 10:25:30.0468 2464 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 10:25:30.0561 2464 Ntfs - ok 10:25:30.0673 2464 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 10:25:30.0758 2464 Null - ok 10:25:30.0798 2464 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys 10:25:30.0820 2464 nusb3hub - ok 10:25:30.0867 2464 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys 10:25:30.0914 2464 nusb3xhc - ok 10:25:30.0976 2464 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 10:25:31.0035 2464 NVENETFD - ok 10:25:31.0088 2464 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 10:25:31.0117 2464 nvraid - ok 10:25:31.0162 2464 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 10:25:31.0191 2464 nvstor - ok 10:25:31.0214 2464 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 10:25:31.0242 2464 nv_agp - ok 10:25:31.0262 2464 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 10:25:31.0289 2464 ohci1394 - ok 10:25:31.0340 2464 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:25:31.0375 2464 p2pimsvc - ok 10:25:31.0415 2464 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 10:25:31.0454 2464 p2psvc - ok 10:25:31.0466 2464 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 10:25:31.0496 2464 Parport - ok 10:25:31.0534 2464 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 10:25:31.0560 2464 partmgr - ok 10:25:31.0586 2464 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 10:25:31.0647 2464 PcaSvc - ok 10:25:31.0688 2464 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 10:25:31.0718 2464 pci - ok 10:25:31.0743 2464 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 10:25:31.0766 2464 pciide - ok 10:25:31.0790 2464 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 10:25:31.0822 2464 pcmcia - ok 10:25:31.0849 2464 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 10:25:31.0879 2464 pcw - ok 10:25:31.0955 2464 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 10:25:32.0091 2464 PEAUTH - ok 10:25:32.0179 2464 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 10:25:32.0228 2464 PerfHost - ok 10:25:32.0381 2464 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 10:25:32.0595 2464 pla - ok 10:25:32.0663 2464 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 10:25:32.0716 2464 PlugPlay - ok 10:25:32.0762 2464 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 10:25:32.0804 2464 PNRPAutoReg - ok 10:25:32.0842 2464 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:25:32.0871 2464 PNRPsvc - ok 10:25:32.0929 2464 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 10:25:33.0047 2464 PolicyAgent - ok 10:25:33.0096 2464 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 10:25:33.0242 2464 Power - ok 10:25:33.0316 2464 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 10:25:33.0461 2464 PptpMiniport - ok 10:25:33.0490 2464 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 10:25:33.0545 2464 Processor - ok 10:25:33.0608 2464 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 10:25:33.0673 2464 ProfSvc - ok 10:25:33.0778 2464 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:25:33.0811 2464 ProtectedStorage - ok 10:25:33.0867 2464 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 10:25:33.0975 2464 Psched - ok 10:25:34.0112 2464 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 10:25:34.0210 2464 ql2300 - ok 10:25:34.0341 2464 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 10:25:34.0376 2464 ql40xx - ok 10:25:34.0427 2464 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 10:25:34.0502 2464 QWAVE - ok 10:25:34.0531 2464 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 10:25:34.0600 2464 QWAVEdrv - ok 10:25:34.0622 2464 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 10:25:34.0742 2464 RasAcd - ok 10:25:34.0793 2464 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 10:25:34.0884 2464 RasAgileVpn - ok 10:25:34.0906 2464 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 10:25:35.0006 2464 RasAuto - ok 10:25:35.0033 2464 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:25:35.0122 2464 Rasl2tp - ok 10:25:35.0213 2464 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 10:25:35.0294 2464 RasMan - ok 10:25:35.0325 2464 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 10:25:35.0422 2464 RasPppoe - ok 10:25:35.0470 2464 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 10:25:35.0566 2464 RasSstp - ok 10:25:35.0606 2464 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 10:25:35.0705 2464 rdbss - ok 10:25:35.0721 2464 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 10:25:35.0768 2464 rdpbus - ok 10:25:35.0791 2464 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:25:35.0861 2464 RDPCDD - ok 10:25:35.0883 2464 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 10:25:35.0973 2464 RDPENCDD - ok 10:25:35.0998 2464 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 10:25:36.0070 2464 RDPREFMP - ok 10:25:36.0114 2464 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 10:25:36.0142 2464 RDPWD - ok 10:25:36.0275 2464 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 10:25:36.0326 2464 rdyboost - ok 10:25:36.0842 2464 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 10:25:36.0920 2464 RegSrvc - ok 10:25:37.0095 2464 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 10:25:37.0273 2464 RemoteAccess - ok 10:25:37.0389 2464 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 10:25:37.0465 2464 RemoteRegistry - ok 10:25:37.0598 2464 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 10:25:37.0653 2464 RoxioNow Service - ok 10:25:37.0703 2464 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 10:25:37.0811 2464 RpcEptMapper - ok 10:25:37.0845 2464 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 10:25:37.0872 2464 RpcLocator - ok 10:25:37.0921 2464 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:25:38.0019 2464 RpcSs - ok 10:25:38.0089 2464 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys 10:25:38.0121 2464 RSPCIESTOR - ok 10:25:38.0191 2464 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 10:25:38.0293 2464 rspndr - ok 10:25:38.0431 2464 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys 10:25:38.0470 2464 RTL8167 - ok 10:25:38.0528 2464 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:25:38.0560 2464 SamSs - ok 10:25:38.0607 2464 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 10:25:38.0640 2464 sbp2port - ok 10:25:38.0717 2464 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 10:25:38.0959 2464 SCardSvr - ok 10:25:38.0989 2464 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 10:25:39.0135 2464 scfilter - ok 10:25:39.0282 2464 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 10:25:39.0408 2464 Schedule - ok 10:25:39.0451 2464 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:25:39.0520 2464 SCPolicySvc - ok 10:25:39.0766 2464 ScrybeUpdater (b60e9769655ddee8368e3abb6668e076) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe 10:25:39.0846 2464 ScrybeUpdater - ok 10:25:40.0111 2464 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys 10:25:40.0166 2464 sdbus - ok 10:25:40.0229 2464 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 10:25:40.0284 2464 SDRSVC - ok 10:25:40.0378 2464 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 10:25:40.0412 2464 SeaPort - ok 10:25:40.0433 2464 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 10:25:40.0547 2464 secdrv - ok 10:25:40.0572 2464 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 10:25:40.0662 2464 seclogon - ok 10:25:40.0700 2464 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 10:25:40.0807 2464 SENS - ok 10:25:40.0836 2464 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 10:25:40.0881 2464 SensrSvc - ok 10:25:40.0933 2464 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 10:25:40.0975 2464 Serenum - ok 10:25:40.0987 2464 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 10:25:41.0025 2464 Serial - ok 10:25:41.0050 2464 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 10:25:41.0095 2464 sermouse - ok 10:25:41.0160 2464 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 10:25:41.0272 2464 SessionEnv - ok 10:25:41.0293 2464 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 10:25:41.0327 2464 sffdisk - ok 10:25:41.0340 2464 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 10:25:41.0393 2464 sffp_mmc - ok 10:25:41.0399 2464 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 10:25:41.0442 2464 sffp_sd - ok 10:25:41.0448 2464 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 10:25:41.0484 2464 sfloppy - ok 10:25:41.0540 2464 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 10:25:41.0638 2464 SharedAccess - ok 10:25:41.0688 2464 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 10:25:41.0807 2464 ShellHWDetection - ok 10:25:41.0863 2464 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 10:25:41.0889 2464 SiSRaid2 - ok 10:25:41.0912 2464 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 10:25:41.0938 2464 SiSRaid4 - ok 10:25:42.0348 2464 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 10:25:42.0511 2464 Skype C2C Service - ok 10:25:42.0586 2464 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe 10:25:42.0609 2464 SkypeUpdate - ok 10:25:42.0727 2464 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 10:25:42.0838 2464 Smb - ok 10:25:42.0886 2464 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 10:25:42.0932 2464 SNMPTRAP - ok 10:25:42.0949 2464 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 10:25:42.0973 2464 spldr - ok 10:25:43.0034 2464 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 10:25:43.0136 2464 Spooler - ok 10:25:43.0417 2464 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 10:25:43.0656 2464 sppsvc - ok 10:25:43.0818 2464 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 10:25:43.0908 2464 sppuinotify - ok 10:25:44.0112 2464 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS 10:25:44.0168 2464 SRTSP - ok 10:25:44.0214 2464 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS 10:25:44.0235 2464 SRTSPX - ok 10:25:44.0291 2464 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 10:25:44.0381 2464 srv - ok 10:25:44.0499 2464 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 10:25:44.0568 2464 srv2 - ok 10:25:44.0654 2464 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 10:25:44.0690 2464 SrvHsfHDA - ok 10:25:44.0855 2464 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 10:25:44.0950 2464 SrvHsfV92 - ok 10:25:45.0249 2464 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 10:25:45.0306 2464 SrvHsfWinac - ok 10:25:45.0368 2464 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 10:25:45.0398 2464 srvnet - ok 10:25:45.0448 2464 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 10:25:45.0567 2464 SSDPSRV - ok 10:25:45.0603 2464 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 10:25:45.0697 2464 SstpSvc - ok 10:25:45.0830 2464 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe 10:25:45.0893 2464 STacSV - ok 10:25:45.0922 2464 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 10:25:45.0945 2464 stexstor - ok 10:25:46.0009 2464 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys 10:25:46.0070 2464 STHDA - ok 10:25:46.0149 2464 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 10:25:46.0209 2464 stisvc - ok 10:25:46.0244 2464 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 10:25:46.0266 2464 swenum - ok 10:25:46.0329 2464 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 10:25:46.0450 2464 swprv - ok 10:25:46.0583 2464 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS 10:25:46.0634 2464 SymDS - ok 10:25:46.0730 2464 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS 10:25:46.0781 2464 SymEFA - ok 10:25:46.0813 2464 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 10:25:46.0836 2464 SymEvent - ok 10:25:46.0857 2464 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS 10:25:46.0876 2464 SymIRON - ok 10:25:46.0907 2464 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS 10:25:46.0935 2464 SymNetS - ok 10:25:47.0069 2464 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys 10:25:47.0133 2464 SynTP - ok 10:25:47.0350 2464 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 10:25:47.0451 2464 SysMain - ok 10:25:47.0593 2464 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 10:25:47.0632 2464 TabletInputService - ok 10:25:47.0671 2464 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 10:25:47.0771 2464 TapiSrv - ok 10:25:47.0784 2464 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 10:25:47.0860 2464 TBS - ok 10:25:48.0033 2464 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 10:25:48.0121 2464 Tcpip - ok 10:25:48.0364 2464 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 10:25:48.0472 2464 TCPIP6 - ok 10:25:48.0606 2464 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 10:25:48.0705 2464 tcpipreg - ok 10:25:48.0742 2464 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 10:25:48.0768 2464 TDPIPE - ok 10:25:48.0794 2464 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 10:25:48.0847 2464 TDTCP - ok 10:25:48.0895 2464 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 10:25:48.0985 2464 tdx - ok 10:25:49.0006 2464 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 10:25:49.0039 2464 TermDD - ok 10:25:49.0119 2464 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 10:25:49.0256 2464 TermService - ok 10:25:49.0279 2464 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 10:25:49.0327 2464 Themes - ok 10:25:49.0358 2464 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:25:49.0451 2464 THREADORDER - ok 10:25:49.0500 2464 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 10:25:49.0680 2464 TrkWks - ok 10:25:49.0737 2464 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 10:25:49.0863 2464 TrustedInstaller - ok 10:25:49.0905 2464 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:25:50.0019 2464 tssecsrv - ok 10:25:50.0058 2464 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 10:25:50.0086 2464 TsUsbFlt - ok 10:25:50.0107 2464 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 10:25:50.0135 2464 TsUsbGD - ok 10:25:50.0174 2464 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 10:25:50.0292 2464 tunnel - ok 10:25:50.0321 2464 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 10:25:50.0346 2464 uagp35 - ok 10:25:50.0381 2464 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 10:25:50.0491 2464 udfs - ok 10:25:50.0533 2464 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 10:25:50.0567 2464 UI0Detect - ok 10:25:50.0611 2464 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 10:25:50.0638 2464 uliagpkx - ok 10:25:50.0663 2464 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 10:25:50.0713 2464 umbus - ok 10:25:50.0720 2464 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 10:25:50.0757 2464 UmPass - ok 10:25:51.0214 2464 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 10:25:51.0347 2464 UNS - ok 10:25:51.0549 2464 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 10:25:51.0670 2464 upnphost - ok 10:25:51.0743 2464 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 10:25:51.0789 2464 USBAAPL64 - ok 10:25:51.0828 2464 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 10:25:51.0858 2464 usbccgp - ok 10:25:51.0903 2464 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 10:25:51.0940 2464 usbcir - ok 10:25:51.0963 2464 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 10:25:52.0011 2464 usbehci - ok 10:25:52.0068 2464 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 10:25:52.0121 2464 usbhub - ok 10:25:52.0165 2464 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 10:25:52.0217 2464 usbohci - ok 10:25:52.0251 2464 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 10:25:52.0305 2464 usbprint - ok 10:25:52.0336 2464 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:25:52.0385 2464 USBSTOR - ok 10:25:52.0406 2464 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 10:25:52.0448 2464 usbuhci - ok 10:25:52.0491 2464 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 10:25:52.0531 2464 usbvideo - ok 10:25:52.0561 2464 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 10:25:52.0673 2464 UxSms - ok 10:25:52.0730 2464 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:25:52.0757 2464 VaultSvc - ok 10:25:52.0794 2464 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 10:25:52.0818 2464 vdrvroot - ok 10:25:52.0873 2464 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 10:25:52.0994 2464 vds - ok 10:25:53.0016 2464 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 10:25:53.0051 2464 vga - ok 10:25:53.0067 2464 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 10:25:53.0170 2464 VgaSave - ok 10:25:53.0204 2464 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 10:25:53.0238 2464 vhdmp - ok 10:25:53.0266 2464 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 10:25:53.0291 2464 viaide - ok 10:25:53.0314 2464 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 10:25:53.0339 2464 volmgr - ok 10:25:53.0384 2464 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 10:25:53.0423 2464 volmgrx - ok 10:25:53.0446 2464 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 10:25:53.0483 2464 volsnap - ok 10:25:53.0521 2464 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 10:25:53.0553 2464 vsmraid - ok 10:25:53.0692 2464 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 10:25:53.0849 2464 VSS - ok 10:25:53.0975 2464 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 10:25:54.0025 2464 vwifibus - ok 10:25:54.0069 2464 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 10:25:54.0111 2464 vwififlt - ok 10:25:54.0145 2464 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 10:25:54.0214 2464 vwifimp - ok 10:25:54.0291 2464 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 10:25:54.0407 2464 W32Time - ok 10:25:54.0477 2464 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 10:25:54.0518 2464 WacomPen - ok 10:25:54.0560 2464 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:25:54.0678 2464 WANARP - ok 10:25:54.0695 2464 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:25:54.0788 2464 Wanarpv6 - ok 10:25:54.0966 2464 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 10:25:55.0050 2464 WatAdminSvc - ok 10:25:55.0177 2464 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 10:25:55.0277 2464 wbengine - ok 10:25:55.0418 2464 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 10:25:55.0467 2464 WbioSrvc - ok 10:25:55.0507 2464 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 10:25:55.0580 2464 wcncsvc - ok 10:25:55.0606 2464 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 10:25:55.0636 2464 WcsPlugInService - ok 10:25:55.0707 2464 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 10:25:55.0731 2464 Wd - ok 10:25:55.0794 2464 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 10:25:55.0846 2464 Wdf01000 - ok 10:25:55.0886 2464 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:25:55.0932 2464 WdiServiceHost - ok 10:25:55.0940 2464 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:25:55.0986 2464 WdiSystemHost - ok 10:25:56.0016 2464 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys 10:25:56.0036 2464 wdkmd - ok 10:25:56.0083 2464 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 10:25:56.0154 2464 WebClient - ok 10:25:56.0201 2464 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 10:25:56.0321 2464 Wecsvc - ok 10:25:56.0340 2464 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 10:25:56.0492 2464 wercplsupport - ok 10:25:56.0526 2464 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 10:25:56.0640 2464 WerSvc - ok 10:25:56.0680 2464 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 10:25:56.0770 2464 WfpLwf - ok 10:25:56.0788 2464 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 10:25:56.0812 2464 WIMMount - ok 10:25:56.0872 2464 WinDefend - ok 10:25:56.0885 2464 WinHttpAutoProxySvc - ok 10:25:56.0964 2464 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 10:25:57.0061 2464 Winmgmt - ok 10:25:57.0240 2464 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 10:25:57.0395 2464 WinRM - ok 10:25:57.0549 2464 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 10:25:57.0585 2464 WinUsb - ok 10:25:57.0674 2464 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 10:25:57.0765 2464 Wlansvc - ok 10:25:57.0882 2464 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 10:25:57.0904 2464 wlcrasvc - ok 10:25:58.0177 2464 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 10:25:58.0305 2464 wlidsvc - ok 10:25:58.0444 2464 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 10:25:58.0490 2464 WmiAcpi - ok 10:25:58.0563 2464 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 10:25:58.0608 2464 wmiApSrv - ok 10:25:58.0670 2464 WMPNetworkSvc - ok 10:25:58.0748 2464 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 10:25:58.0777 2464 WPCSvc - ok 10:25:58.0812 2464 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 10:25:58.0848 2464 WPDBusEnum - ok 10:25:58.0897 2464 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 10:25:58.0987 2464 ws2ifsl - ok 10:25:59.0009 2464 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 10:25:59.0064 2464 wscsvc - ok 10:25:59.0071 2464 WSearch - ok 10:25:59.0344 2464 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 10:25:59.0487 2464 wuauserv - ok 10:25:59.0597 2464 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 10:25:59.0704 2464 WudfPf - ok 10:25:59.0749 2464 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:25:59.0855 2464 WUDFRd - ok 10:25:59.0900 2464 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 10:25:59.0994 2464 wudfsvc - ok 10:26:00.0022 2464 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 10:26:00.0090 2464 WwanSvc - ok 10:26:00.0168 2464 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0 10:26:00.0196 2464 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 10:26:00.0196 2464 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 10:26:00.0317 2464 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 10:26:00.0317 2464 \Device\Harddisk0\DR0 - detected TDSS File System (1) 10:26:00.0327 2464 Boot (0x1200) (c69de73856060d96bac4b6ddc7ef0ade) \Device\Harddisk0\DR0\Partition0 10:26:00.0330 2464 \Device\Harddisk0\DR0\Partition0 - ok 10:26:00.0342 2464 Boot (0x1200) (ca1327c9569cb15acfe41042872529c4) \Device\Harddisk0\DR0\Partition1 10:26:00.0345 2464 \Device\Harddisk0\DR0\Partition1 - ok 10:26:00.0379 2464 Boot (0x1200) (4255b0fbf01c79f5e7e34b30dca34921) \Device\Harddisk0\DR0\Partition2 10:26:00.0384 2464 \Device\Harddisk0\DR0\Partition2 - ok 10:26:00.0428 2464 Boot (0x1200) (812d7fb1d43f7d98ebb974db6273e61f) \Device\Harddisk0\DR0\Partition3 10:26:00.0430 2464 \Device\Harddisk0\DR0\Partition3 - ok 10:26:00.0436 2464 ============================================================ 10:26:00.0437 2464 Scan finished 10:26:00.0437 2464 ============================================================ 10:26:00.0463 4032 Detected object count: 4 10:26:00.0463 4032 Actual detected object count: 4 10:27:09.0792 4032 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user 10:27:09.0792 4032 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:27:09.0796 4032 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 10:27:09.0796 4032 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:27:12.0044 4032 \Device\Harddisk0\DR0\# - copied to quarantine 10:27:12.0045 4032 \Device\Harddisk0\DR0 - copied to quarantine 10:27:12.0425 4032 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 10:27:12.0430 4032 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 10:27:12.0442 4032 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 10:27:12.0454 4032 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 10:27:12.0546 4032 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 10:27:12.0566 4032 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 10:27:12.0569 4032 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 10:27:12.0574 4032 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 10:27:12.0577 4032 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 10:27:12.0580 4032 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 10:27:12.0585 4032 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 10:27:12.0589 4032 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 10:27:12.0626 4032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 10:27:12.0656 4032 \Device\Harddisk0\DR0 - ok 10:27:13.0409 4032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 10:27:13.0429 4032 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 10:27:13.0434 4032 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 10:27:13.0441 4032 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 10:27:13.0453 4032 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 10:27:13.0468 4032 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 10:27:13.0486 4032 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 10:27:13.0489 4032 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 10:27:13.0493 4032 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 10:27:13.0498 4032 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 10:27:13.0503 4032 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 10:27:13.0508 4032 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 10:27:13.0513 4032 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 10:27:13.0513 4032 \Device\Harddisk0\DR0\TDLFS - deleted 10:27:13.0513 4032 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 10:27:16.0939 5720 Deinitialize success
  4. Here's the roguekiller report as well RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Malicsi [Admin rights] Mode: Scan -- Date: 07/14/2012 01:15:11 ¤¤¤ Bad processes: 2 ¤¤¤ [sUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK5061GSYN +++++ --- User --- [MBR] 8a59394045cc4ca976a1f1af00e22a6f [bSP] b7a045a90304235be8d14908f8d1bfba : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 461974 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946534400 | Size: 14660 Mo 3 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 976558080 | Size: 104 Mo User != LL1 ... KO! --- LL1 --- [MBR] f35a02c22aaa892441dc311bb5b92c47 [bSP] 76989679e9647d0ea33669aabc28aaaa : PiHar MBR Code! Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 461974 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946534400 | Size: 14660 Mo 3 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 976558080 | Size: 104 Mo User != LL2 ... KO! --- LL2 --- [MBR] f35a02c22aaa892441dc311bb5b92c47 [bSP] 76989679e9647d0ea33669aabc28aaaa : PiHar MBR Code! Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 461974 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946534400 | Size: 14660 Mo 3 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 976558080 | Size: 104 Mo Finished : << RKreport[1].txt >> RKreport[1].txt
  5. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/30/2012 10:53:47 AM System Uptime: 7/14/2012 12:51:06 AM (1 hours ago) . Motherboard: Hewlett-Packard | | 3583 Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU1 | 989/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 286.186 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1.593 GiB free. E: is CDROM () F: is FIXED (FAT) - 0 GiB total, 0.087 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: BHDrvx64 Device ID: ROOT\LEGACY_BHDRVX64\0000 Manufacturer: Name: BHDrvx64 PNP Device ID: ROOT\LEGACY_BHDRVX64\0000 Service: BHDrvx64 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Symantec Iron Driver Device ID: ROOT\LEGACY_SYMIRON\0000 Manufacturer: Name: Symantec Iron Driver PNP Device ID: ROOT\LEGACY_SYMIRON\0000 Service: SymIRON . ==== System Restore Points =================== . RP316: 7/9/2012 9:26:54 AM - Windows Update RP317: 7/9/2012 5:15:33 PM - Windows Update RP318: 7/10/2012 3:00:20 AM - Windows Update RP319: 7/10/2012 7:43:01 AM - Windows Update RP320: 7/11/2012 3:00:17 AM - Windows Update RP321: 7/11/2012 7:51:37 AM - Windows Update RP322: 7/11/2012 5:15:39 PM - Windows Update RP323: 7/12/2012 1:35:00 AM - Windows Update RP324: 7/12/2012 1:43:24 AM - Windows Update RP325: 7/12/2012 2:12:11 AM - Installed AVG 2012 RP326: 7/12/2012 2:12:52 AM - Installed AVG 2012 RP327: 7/12/2012 3:04:48 AM - Windows Update RP328: 7/12/2012 3:09:23 AM - Windows Update RP329: 7/12/2012 9:48:21 AM - Removed Evernote v. 4.2.2 RP330: 7/12/2012 12:51:41 PM - Removed Synaptics Gesture Suite featuring SYNAPTICS | Scrybe. RP331: 7/12/2012 12:54:01 PM - Windows Update RP332: 7/12/2012 5:12:51 PM - Windows Update RP333: 7/13/2012 3:00:18 AM - Windows Update RP334: 7/13/2012 3:29:43 AM - Removed AVG 2012 RP335: 7/13/2012 3:35:26 AM - Removed AVG 2012 RP336: 7/13/2012 3:40:43 AM - Installed HiJackThis RP337: 7/13/2012 6:09:48 AM - Windows Update RP338: 7/13/2012 5:20:16 PM - Windows Update . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) MUI Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House Apple Application Support Apple Software Update Bejeweled 2 Deluxe Bejeweled 3 Bing Bar Blackhawk Striker 2 Blasterball 3 Bounce Symphony Build-a-lot 2 Cake Mania Catalyst Control Center InstallProxy Chuzzle Deluxe Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module CyberLink YouCam D3DX10 Diner Dash 2 Restaurant Rescue Dora's World Adventure Energy Star Digital Logo ESU for Microsoft Windows 7 Farm Frenzy FATE - The Traitor Soul Hewlett-Packard ACLM.NET v1.1.2.0 HiJackThis HP Connection Manager HP Customer Experience Enhancements HP Documentation HP Games HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP Setup HP Setup Manager HP SimplePass 2011 HP Software Framework HP Support Assistant IDT Audio Incredibar Toolbar on IE Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Intel® Wireless Display Junk Mail filter update Magic Desktop Mah Jong Medley Malwarebytes Anti-Malware version 1.62.0.1300 Mesh Runtime Microsoft Office 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery P.I. - Stolen in San Francisco Namco All-Stars PAC-MAN Norton Internet Security Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer QuickTime Realtek Ethernet Controller Driver Realtek PCIE Card Reader Recovery Manager Renesas Electronics USB 3.0 Host Controller Driver RoxioNow Player Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype Click to Call Skype™ 5.9 Slingo Supreme Synaptics Gesture Suite featuring SYNAPTICS | Scrybe Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update Installer for WildTangent Games App uTorrentControl2 Toolbar Virtual Villagers 4 - The Tree of Life Visual Studio 2008 x64 Redistributables VLC media player 2.0.1 Wheel of Fortune 2 WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip Driver Updater Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 7/7/2012 3:48:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. 7/14/2012 12:51:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SymIRON 7/13/2012 5:20:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255). 7/13/2012 5:20:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715). 7/13/2012 5:20:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562). 7/12/2012 3:04:14 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process. 7/11/2012 5:01:35 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MALICSI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F9150763-E22B-431E-BCE6-4B44BAF25B50}. The master browser is stopping or an election is being forced. . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Malicsi at 1:00:25 on 2012-07-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3478 [GMT -7:00] . AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe -netsvcs C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mystart.incredibar.com/mb139?a=6R8ubcdc2o&i=26 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [<NO NAME>] mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Scrybe.lnk - C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F9150763-E22B-431E-BCE6-4B44BAF25B50} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F9150763-E22B-431E-BCE6-4B44BAF25B50}\5427C656E656 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F9150763-E22B-431E-BCE6-4B44BAF25B50}\54E2A402D416C6963637962E08993702960586F6E656 : DhcpNameServer = 172.18.64.215 172.18.64.215 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll BHO-X64: uTorrentControl2 - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll BHO-X64: Incredibar.com Helper Object - No File BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO-X64: TSBHO Class - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [(Default)] mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Malicsi\AppData\Roaming\Mozilla\Firefox\Profiles\rb55nk9o.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - facebook.com FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5afa7270-21bd-453f-a893-c5235a78bcb6%7D&mid=75c3ace8c20347d0be18c15632fd24bf-2e9e459ab3d14f309204e6e90950dbe54f11dadf&ds=AVG&v=11.1.0.12〈=en&pr=fr&d=2012-07-12%2002%3A16%3A04&sap=ku&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Malicsi\AppData\Roaming\Mozilla\Firefox\Profiles\rb55nk9o.default\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\plugins\np-mswmp.dll FF - plugin: C:\Users\Malicsi\AppData\Roaming\Mozilla\Firefox\Profiles\rb55nk9o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8ubcdc2o&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - aa4bd85b000000000000ac8112a63e5b FF - user.js: extensions.incredibar_i.instlDay - 15487 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.145:45:56 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6R8ubcdc2o FF - user.js: extensions.incredibar_i.upn2n - 92824432055419708 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10659 FF - user.js: extensions.incredibar_i.ppd - 105%5F5 . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120214.003\IDSviA64.sys [2012-2-15 488568] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-31 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-3-30 514232] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-24 13592] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-31 2413056] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2012-2-11 130008] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-24 2656280] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240] S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-14 07:56:59 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6A98E79-41AC-461E-B480-4D270CE2AF33}\mpengine.dll 2012-07-13 10:55:19 20480 ----a-w- C:\Windows\svchost.exe 2012-07-13 10:41:00 388096 ----a-r- C:\Users\Malicsi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-13 10:41:00 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-07-12 17:03:35 -------- d-----w- C:\Users\Malicsi\AppData\Roaming\Malwarebytes 2012-07-12 17:03:17 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-12 17:03:14 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-12 17:03:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-12 09:12:39 -------- d-----w- C:\Program Files (x86)\AVG 2012-07-12 09:08:19 -------- d--h--w- C:\ProgramData\Common Files 2012-07-12 09:08:19 -------- d-----w- C:\ProgramData\MFAData 2012-07-11 10:05:07 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 09:44:11 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 09:44:11 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-11 09:44:10 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-11 09:44:10 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-07-11 09:44:10 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 09:44:10 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-11 09:43:45 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-07-11 09:43:45 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-07-11 09:43:45 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-07-11 09:43:45 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-07-11 09:43:45 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-07-11 09:43:45 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-07-11 09:43:45 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-07-11 09:43:45 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-07-11 09:43:45 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-07-02 09:31:17 -------- d-----w- C:\Users\Malicsi\AppData\Roaming\WinZip 2012-07-02 09:31:04 -------- d-----w- C:\Program Files (x86)\WinZip Driver Updater 2012-06-26 08:04:09 -------- d-----w- C:\Program Files (x86)\uTorrentControl2 2012-06-21 06:04:01 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 06:03:36 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 06:03:24 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 06:03:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-20 00:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2012-06-16 01:48:45 -------- d-----w- C:\Program Files\iTunes 2012-06-16 01:48:45 -------- d-----w- C:\Program Files\iPod 2012-06-16 01:48:45 -------- d-----w- C:\Program Files (x86)\iTunes . ==================== Find3M ==================== . 2012-07-12 09:06:42 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 09:06:42 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 1:03:00.74 ===============
  6. Post Merged We look for post with 0 replies, so when you reply to your own topic, we assume you were being helped. Please be patient, someone will assist you as soon as possible. The past few days I've noticed that any time I'm connected to wireless audio from ads plays. It's a bunch of audio from all kinds of ads and movie previews playing all at the same time. Often the same audio playing slightly off from each other. I downloaded malwarebyres and hijackthis because I researched the topic on google a little bit. I noticed each case like mine had their own solutions so I thought I'd play it safe and try to get my own solution. Here is the log from Malwarebytes: Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.13.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Malicsi :: MALICSI-HP [administrator] Protection: Enabled 7/13/2012 4:06:46 AM mbam-log-2012-07-13 (03-50-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218351 Time elapsed: 3 minute(s), 51 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 3672 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> No action taken. (end) I tried to run hijackthis but it says that my system denied write access to the host files. It gave me instructions but I'm not exactly sure what to do with them. Also malwarebytes keeps notifying me that it has blocked access to svchost.exe. I'm not sure what that is either. correction: anytime I'm connected to "wifi/internet," audio from ads plays.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.