Yukon
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Yukon
-
-
All looks good. I think you got it. Is there any way to tell if the trojan was just listening, was it moving info in and out, what port it was using, or how long it had access?
Trying to gauge the severity to consider reformat. This comp is mainly gaming and has no direct access to banking but I do buy stuff online from time to time. Everything of note can be redownloaded from the cloud. I did put in Scotty. Any other precautions I could follow to help protect it or is reformat the only best answer?
-
Scan clean.
That's the only log in there but it looks and dates the same as the last one.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
-
ComboFix 12-10-14.03 - Mark 10/15/2012 3:47.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3797.2348 [GMT -5:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
Command switches used :: c:\users\Mark\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mark\AppData\Roaming\DCE93291
.
.
((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-15 08:53 . 2012-10-15 08:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-15 01:13 . 2012-10-15 01:13 -------- d-----w- c:\users\Mark\AppData\Roaming\WinPatrol
2012-10-15 01:13 . 2012-10-15 01:13 -------- d-----w- c:\programdata\InstallMate
2012-10-15 01:13 . 2012-10-15 01:13 -------- d-----w- c:\program files (x86)\BillP Studios
2012-10-14 21:08 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F1B1531-07C5-4123-85A0-FBFE730160C3}\mpengine.dll
2012-10-14 14:46 . 2012-05-08 23:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-10-14 14:46 . 2010-11-26 23:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-10-14 06:05 . 2012-10-14 06:05 -------- d-----w- c:\program files\CCleaner
2012-10-14 06:04 . 2012-10-14 06:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-14 06:03 . 2012-10-14 06:00 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-14 06:01 . 2012-10-14 06:00 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-14 06:00 . 2012-10-14 06:00 -------- d-----w- c:\program files (x86)\Java
2012-10-14 05:59 . 2012-10-14 05:59 -------- d-----w- c:\programdata\McAfee
2012-10-14 05:49 . 2012-10-14 05:49 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-10-14 05:08 . 2012-10-14 12:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-12 09:54 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-12 09:30 . 2012-10-12 09:30 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-12 09:30 . 2012-10-12 09:30 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-12 09:30 . 2012-10-12 09:30 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-12 06:46 . 2012-10-12 06:46 -------- d-----w- c:\users\Mark\AppData\Local\Deployment
2012-10-10 13:47 . 2012-10-12 13:18 -------- d-----w- c:\windows\Microsoft Antimalware
2012-10-10 10:12 . 2012-10-10 10:12 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD4BC360-24BD-489D-B1FD-FCF443124E78}\gapaengine.dll
2012-10-10 10:10 . 2012-10-10 10:10 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-10-10 10:10 . 2012-10-10 10:10 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-09 21:53 . 2012-10-09 21:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C06212F-B0AA-448C-8C6C-40B79A46E8AF}\offreg.dll
2012-10-09 21:30 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C06212F-B0AA-448C-8C6C-40B79A46E8AF}\mpengine.dll
2012-10-09 04:16 . 2012-10-09 04:16 -------- d-----w- c:\users\Mark\AppData\Roaming\OpenOffice.org
2012-10-09 04:14 . 2012-10-09 04:14 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-10-02 04:12 . 2012-10-02 04:12 -------- d-----w- c:\program files (x86)\SEGA
2012-10-01 09:26 . 2012-10-01 17:53 -------- d-----w- c:\users\Mark\AppData\Roaming\The Creative Assembly
2012-09-25 23:11 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-25 23:10 . 2012-09-25 23:10 -------- d-----w- c:\program files\iPod
2012-09-25 23:10 . 2012-09-25 23:11 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-25 23:10 . 2012-09-25 23:11 -------- d-----w- c:\program files\iTunes
2012-09-25 23:10 . 2012-09-25 23:11 -------- d-----w- c:\program files (x86)\iTunes
2012-09-25 23:10 . 2012-09-25 23:10 -------- d-----w- c:\programdata\Apple Computer
2012-09-25 23:10 . 2012-10-06 19:32 -------- d-----w- c:\users\Mark\AppData\Local\Apple
2012-09-25 23:10 . 2012-09-25 23:10 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-09-25 23:09 . 2012-09-25 23:09 -------- d-----w- c:\program files\Common Files\Apple
2012-09-25 23:09 . 2012-09-25 23:10 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-09-25 23:09 . 2012-09-25 23:10 -------- d-----w- c:\programdata\Apple
2012-09-25 19:41 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 20:25 . 2012-08-29 16:35 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-12 06:24 . 2012-04-13 06:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-12 06:24 . 2011-07-07 12:40 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 21:55 . 2011-12-06 05:31 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-25 02:07 . 2012-08-17 02:03 183152 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-07 22:04 . 2011-12-06 07:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 13:15 . 2012-09-07 13:15 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-04 21:50 . 2012-09-04 21:50 2849336 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{3BDDFDBC-29CC-4EB7-AA5A-6C6332A1CD38}\Icon_2.exe
2012-09-04 21:50 . 2012-09-04 21:50 2849336 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{3BDDFDBC-29CC-4EB7-AA5A-6C6332A1CD38}\Icon_1.exe
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 18:12 . 2012-09-12 15:44 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 15:44 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 15:44 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 15:44 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 18:01 . 2012-08-21 18:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2012-08-21 18:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-09 21:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 15:44 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 15:44 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-25 22:51 . 2012-07-25 22:51 42440 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-07-25 22:51 . 2012-07-25 22:51 28104 ----a-w- c:\windows\system32\xfcodec64.dll
2012-07-23 20:59 . 2012-06-08 05:15 24960 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-18 18:15 . 2012-08-16 09:51 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hawking Wireless Utility.lnk - c:\program files (x86)\Hawking\Common\HawkingWirelessUtility.exe [2011-12-5 1630208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06 135664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-10-13 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-06 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-29 204288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Hawking\Common\RaRegistry64.exe [2009-10-06 212256]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-29 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-29 309760]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
S3 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2010-01-16 1101600]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-09-20 363752]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F9E44926-2497-46F3-8A25-928136AC079E}"=hex:51,66,7a,6c,4c,1d,38,12,48,4a,f7,
fd,a5,6a,9d,03,f5,33,d1,c1,33,f2,43,8a
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:47,07,9b,a8,59,a3,cd,01
.
[HKEY_USERS\S-1-5-21-1328668111-2955040079-3877466703-1000\Software\SecuROM\License information*]
"datasecu"=hex:64,cb,39,92,8f,d5,c4,c5,ae,a2,43,ef,76,7d,be,5f,09,aa,80,3c,52,
99,b6,8f,b0,ff,2e,68,41,47,61,73,cc,38,9e,b5,2d,36,ef,e5,5b,86,0b,65,a4,20,\
"rkeysecu"=hex:9f,8b,92,ca,2a,25,50,2a,82,f5,96,72,90,4f,38,c1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-15 03:55:09
ComboFix-quarantined-files.txt 2012-10-15 08:55
ComboFix2.txt 2012-10-14 21:05
ComboFix3.txt 2012-10-14 13:52
.
Pre-Run: 738,639,785,984 bytes free
Post-Run: 738,591,084,544 bytes free
.
- - End Of File - - 04AACFE6D1B74AE8C65EC6F1AE5D6D96
-
I looked in DOS and windows view and could not locate that file. Eset scanned in that folder where the file should be so I know it exists. It must be hidden in some manner. Below is the Eset log but it looks awful small.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
-
I re-enabled ms sec essentials after running this combo fix. The comp is certainly behaving much more stably and I see no sign of svchost.exe. You sir are a genius! I'm a Comp tech and I bow to your excellent skills!
If you see anything else that looks or feels strange I can easily delete anything. It's mostly gaming and other software I can always retrieve from the cloud. Just takes a lil time.
ComboFix 12-10-14.03 - Mark 10/14/2012 15:57:47.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3797.2423 [GMT -5:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
Command switches used :: c:\users\Mark\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-14 21:04 . 2012-10-14 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-14 14:46 . 2012-05-08 23:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-10-14 14:46 . 2010-11-26 23:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-10-14 14:01 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0137904-0436-4B46-BF7A-B8DDC0190A1C}\mpengine.dll
2012-10-14 06:05 . 2012-10-14 06:05 -------- d-----w- c:\program files\CCleaner
2012-10-14 06:04 . 2012-10-14 06:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-14 06:03 . 2012-10-14 06:00 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-14 06:01 . 2012-10-14 06:00 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-14 06:00 . 2012-10-14 06:00 -------- d-----w- c:\program files (x86)\Java
2012-10-14 05:59 . 2012-10-14 05:59 -------- d-----w- c:\programdata\McAfee
2012-10-14 05:49 . 2012-10-14 05:49 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-10-14 05:08 . 2012-10-14 12:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-12 09:54 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-12 09:30 . 2012-10-12 09:30 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-12 09:30 . 2012-10-12 09:30 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-12 09:30 . 2012-10-12 09:30 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-12 06:46 . 2012-10-12 06:46 -------- d-----w- c:\users\Mark\AppData\Local\Deployment
2012-10-10 13:47 . 2012-10-12 13:18 -------- d-----w- c:\windows\Microsoft Antimalware
2012-10-10 10:12 . 2012-10-10 10:12 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD4BC360-24BD-489D-B1FD-FCF443124E78}\gapaengine.dll
2012-10-10 10:10 . 2012-10-10 10:10 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-10-10 10:10 . 2012-10-10 10:10 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-09 21:53 . 2012-10-09 21:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C06212F-B0AA-448C-8C6C-40B79A46E8AF}\offreg.dll
2012-10-09 21:52 . 2012-10-09 21:52 -------- d--h--w- c:\users\Mark\AppData\Roaming\DCE93291
2012-10-09 21:30 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C06212F-B0AA-448C-8C6C-40B79A46E8AF}\mpengine.dll
2012-10-09 04:16 . 2012-10-09 04:16 -------- d-----w- c:\users\Mark\AppData\Roaming\OpenOffice.org
2012-10-09 04:14 . 2012-10-09 04:14 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-10-02 04:12 . 2012-10-02 04:12 -------- d-----w- c:\program files (x86)\SEGA
2012-10-01 09:26 . 2012-10-01 17:53 -------- d-----w- c:\users\Mark\AppData\Roaming\The Creative Assembly
2012-09-25 23:11 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-25 23:10 . 2012-09-25 23:10 -------- d-----w- c:\program files\iPod
2012-09-25 23:10 . 2012-09-25 23:11 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-25 23:10 . 2012-09-25 23:11 -------- d-----w- c:\program files\iTunes
2012-09-25 23:10 . 2012-09-25 23:11 -------- d-----w- c:\program files (x86)\iTunes
2012-09-25 23:10 . 2012-09-25 23:10 -------- d-----w- c:\programdata\Apple Computer
2012-09-25 23:10 . 2012-10-06 19:32 -------- d-----w- c:\users\Mark\AppData\Local\Apple
2012-09-25 23:10 . 2012-09-25 23:10 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-09-25 23:09 . 2012-09-25 23:09 -------- d-----w- c:\program files\Common Files\Apple
2012-09-25 23:09 . 2012-09-25 23:10 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-09-25 23:09 . 2012-09-25 23:10 -------- d-----w- c:\programdata\Apple
2012-09-25 19:41 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 20:25 . 2012-08-29 16:35 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-12 06:24 . 2012-04-13 06:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-12 06:24 . 2011-07-07 12:40 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 21:55 . 2011-12-06 05:31 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-25 02:07 . 2012-08-17 02:03 183152 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-07 22:04 . 2011-12-06 07:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 13:15 . 2012-09-07 13:15 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-04 21:50 . 2012-09-04 21:50 2849336 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{3BDDFDBC-29CC-4EB7-AA5A-6C6332A1CD38}\Icon_2.exe
2012-09-04 21:50 . 2012-09-04 21:50 2849336 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{3BDDFDBC-29CC-4EB7-AA5A-6C6332A1CD38}\Icon_1.exe
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 18:12 . 2012-09-12 15:44 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 15:44 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 15:44 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 15:44 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 18:01 . 2012-08-21 18:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2012-08-21 18:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-09 21:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 15:44 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 15:44 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-25 22:51 . 2012-07-25 22:51 42440 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-07-25 22:51 . 2012-07-25 22:51 28104 ----a-w- c:\windows\system32\xfcodec64.dll
2012-07-23 20:59 . 2012-06-08 05:15 24960 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-18 18:15 . 2012-08-16 09:51 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{3BDDFDBC-29CC-4EB7-AA5A-6C6332A1CD38}\Icon_1.exe ---
Company: Vivox
File Description: C3
File Version: 0.4.112.1493
Product Name: C3
Copyright: Copyright Vivox Inc. All rights reserved.
Original Filename: C3.exe
File size: 2849336
Created time: 2012-09-04 21:50
Modified time: 2012-09-04 21:50
MD5: 78755263C1E62BB8F1EC8572F8486445
SHA1: CF805869EC3411DB5DEC24B75E2615AB59466D9C
.
.
--- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{3BDDFDBC-29CC-4EB7-AA5A-6C6332A1CD38}\Icon_2.exe ---
Company: Vivox
File Description: C3
File Version: 0.4.112.1493
Product Name: C3
Copyright: Copyright Vivox Inc. All rights reserved.
Original Filename: C3.exe
File size: 2849336
Created time: 2012-09-04 21:50
Modified time: 2012-09-04 21:50
MD5: 78755263C1E62BB8F1EC8572F8486445
SHA1: CF805869EC3411DB5DEC24B75E2615AB59466D9C
.
---- Directory of c:\users\Mark\AppData\Roaming\DCE93291 ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hawking Wireless Utility.lnk - c:\program files (x86)\Hawking\Common\HawkingWirelessUtility.exe [2011-12-5 1630208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06 135664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-10-13 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-06 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-29 204288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Hawking\Common\RaRegistry64.exe [2009-10-06 212256]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-29 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-29 309760]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2010-01-16 1101600]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SMARTDEFRAGDRIVER
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06 06:41]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06 06:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F9E44926-2497-46F3-8A25-928136AC079E}"=hex:51,66,7a,6c,4c,1d,38,12,48,4a,f7,
fd,a5,6a,9d,03,f5,33,d1,c1,33,f2,43,8a
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:47,07,9b,a8,59,a3,cd,01
.
[HKEY_USERS\S-1-5-21-1328668111-2955040079-3877466703-1000\Software\SecuROM\License information*]
"datasecu"=hex:64,cb,39,92,8f,d5,c4,c5,ae,a2,43,ef,76,7d,be,5f,09,aa,80,3c,52,
99,b6,8f,b0,ff,2e,68,41,47,61,73,cc,38,9e,b5,2d,36,ef,e5,5b,86,0b,65,a4,20,\
"rkeysecu"=hex:9f,8b,92,ca,2a,25,50,2a,82,f5,96,72,90,4f,38,c1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-14 16:05:50
ComboFix-quarantined-files.txt 2012-10-14 21:05
ComboFix2.txt 2012-10-14 13:52
.
Pre-Run: 738,913,746,944 bytes free
Post-Run: 738,919,608,320 bytes free
.
- - End Of File - - 82CB64CDF4E6C806150E19311E1E7B34
-
ComboFix 12-10-14.03 - Mark 10/14/2012 8:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3797.2262 [GMT -5:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1X2173Rv.exe.b
c:\programdata\ism_0_llatsni.pad
c:\programdata\Microsoft\Windows\DRM\9D96.tmp
c:\programdata\Microsoft\Windows\DRM\9D97.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-14 13:45 . 2012-10-14 13:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-14 04:48 . 2012-10-14 04:48 -------- d-----w- c:\program files\HitmanPro
2012-10-13 20:25 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CE57F00-A2C8-4B4E-8220-A5FC2EA6A8C7}\mpengine.dll
2012-10-12 09:54 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-12 09:30 . 2012-10-12 09:30 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-12 09:30 . 2012-10-12 09:30 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-12 09:30 . 2012-10-12 09:30 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-12 06:46 . 2012-10-12 06:46 -------- d-----w- c:\users\Mark\AppData\Local\Deployment
2012-10-10 13:47 . 2012-10-12 13:18 -------- d-----w- c:\windows\Microsoft Antimalware
2012-10-10 10:12 . 2012-10-10 10:12 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD4BC360-24BD-489D-B1FD-FCF443124E78}\gapaengine.dll
2012-10-10 10:10 . 2012-10-10 10:10 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-10-10 10:10 . 2012-10-10 10:10 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-09 21:53 . 2012-10-09 21:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C06212F-B0AA-448C-8C6C-40B79A46E8AF}\offreg.dll
2012-10-09 21:52 . 2012-10-09 21:52 -------- d--h--w- c:\users\Mark\AppData\Roaming\DCE93291
2012-10-09 21:30 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C06212F-B0AA-448C-8C6C-40B79A46E8AF}\mpengine.dll
2012-10-09 04:16 . 2012-10-09 04:16 -------- d-----w- c:\users\Mark\AppData\Roaming\OpenOffice.org
2012-10-09 04:14 . 2012-10-09 04:14 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-10-02 04:12 . 2012-10-02 04:12 -------- d-----w- c:\program files (x86)\SEGA
2012-10-01 09:26 . 2012-10-01 17:53 -------- d-----w- c:\users\Mark\AppData\Roaming\The Creative Assembly
2012-09-25 23:11 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-25 23:10 . 2012-09-25 23:10 -------- d-----w- c:\program files\iPod
2012-09-25 23:10 . 2012-09-25 23:11 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-25 23:10 . 2012-09-25 23:11 -------- d-----w- c:\program files\iTunes
2012-09-25 23:10 . 2012-09-25 23:11 -------- d-----w- c:\program files (x86)\iTunes
2012-09-25 23:10 . 2012-09-25 23:10 -------- d-----w- c:\programdata\Apple Computer
2012-09-25 23:10 . 2012-10-06 19:32 -------- d-----w- c:\users\Mark\AppData\Local\Apple
2012-09-25 23:10 . 2012-09-25 23:10 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-09-25 23:09 . 2012-09-25 23:09 -------- d-----w- c:\program files\Common Files\Apple
2012-09-25 23:09 . 2012-09-25 23:09 -------- d-----w- c:\program files\Bonjour
2012-09-25 23:09 . 2012-09-25 23:09 -------- d-----w- c:\program files (x86)\Bonjour
2012-09-25 23:09 . 2012-09-25 23:10 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-09-25 23:09 . 2012-09-25 23:10 -------- d-----w- c:\programdata\Apple
2012-09-25 19:41 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 20:25 . 2012-08-29 16:35 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-12 06:24 . 2012-04-13 06:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-12 06:24 . 2011-07-07 12:40 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 21:55 . 2011-12-06 05:31 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-25 02:07 . 2012-08-17 02:03 183152 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-07 22:04 . 2011-12-06 07:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 13:15 . 2012-09-07 13:15 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-04 21:50 . 2012-09-04 21:50 2849336 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{3BDDFDBC-29CC-4EB7-AA5A-6C6332A1CD38}\Icon_2.exe
2012-09-04 21:50 . 2012-09-04 21:50 2849336 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{3BDDFDBC-29CC-4EB7-AA5A-6C6332A1CD38}\Icon_1.exe
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 18:12 . 2012-09-12 15:44 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 15:44 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 15:44 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 15:44 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 18:01 . 2012-08-21 18:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2012-08-21 18:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-09 21:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 15:44 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 15:44 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-25 22:51 . 2012-07-25 22:51 42440 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-07-25 22:51 . 2012-07-25 22:51 28104 ----a-w- c:\windows\system32\xfcodec64.dll
2012-07-23 20:59 . 2012-06-08 05:15 24960 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-18 18:15 . 2012-08-16 09:51 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hawking Wireless Utility.lnk - c:\program files (x86)\Hawking\Common\HawkingWirelessUtility.exe [2011-12-5 1630208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06 135664]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06 135664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-10-13 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-06 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-05-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120202.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-29 204288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Hawking\Common\RaRegistry64.exe [2009-10-06 212256]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-29 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-29 309760]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2010-01-16 1101600]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06 06:41]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06 06:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-19112182.sys
SafeBoot-27516571.sys
SafeBoot-28042312.sys
Toolbar-Locked - (no file)
AddRemove-NIS - c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\19.7.1.5\InstStub.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-UnityWebPlayer - c:\users\Mark\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F9E44926-2497-46F3-8A25-928136AC079E}"=hex:51,66,7a,6c,4c,1d,38,12,48,4a,f7,
fd,a5,6a,9d,03,f5,33,d1,c1,33,f2,43,8a
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:47,07,9b,a8,59,a3,cd,01
.
[HKEY_USERS\S-1-5-21-1328668111-2955040079-3877466703-1000\Software\SecuROM\License information*]
"datasecu"=hex:64,cb,39,92,8f,d5,c4,c5,ae,a2,43,ef,76,7d,be,5f,09,aa,80,3c,52,
99,b6,8f,b0,ff,2e,68,41,47,61,73,cc,38,9e,b5,2d,36,ef,e5,5b,86,0b,65,a4,20,\
"rkeysecu"=hex:9f,8b,92,ca,2a,25,50,2a,82,f5,96,72,90,4f,38,c1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hawking\Common\RaRegistry.exe
.
**************************************************************************
.
Completion time: 2012-10-14 08:52:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-14 13:52
.
Pre-Run: 722,746,064,896 bytes free
Post-Run: 723,045,785,600 bytes free
.
- - End Of File - - D38C4F2936760DF889FCFAA319912AA0
-
08:02:14.0982 0692 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:02:15.0432 0692 ============================================================
08:02:15.0432 0692 Current date / time: 2012/10/14 08:02:15.0432
08:02:15.0432 0692 SystemInfo:
08:02:15.0432 0692
08:02:15.0432 0692 OS Version: 6.1.7601 ServicePack: 1.0
08:02:15.0432 0692 Product type: Workstation
08:02:15.0432 0692 ComputerName: MARK-PC
08:02:15.0432 0692 UserName: Mark
08:02:15.0432 0692 Windows directory: C:\Windows
08:02:15.0432 0692 System windows directory: C:\Windows
08:02:15.0432 0692 Running under WOW64
08:02:15.0432 0692 Processor architecture: Intel x64
08:02:15.0432 0692 Number of processors: 4
08:02:15.0432 0692 Page size: 0x1000
08:02:15.0432 0692 Boot type: Normal boot
08:02:15.0432 0692 ============================================================
08:02:16.0132 0692 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:02:16.0152 0692 ============================================================
08:02:16.0152 0692 \Device\Harddisk0\DR0:
08:02:16.0152 0692 MBR partitions:
08:02:16.0152 0692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
08:02:16.0152 0692 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x72CD3DB0
08:02:16.0152 0692 ============================================================
08:02:16.0182 0692 C: <-> \Device\Harddisk0\DR0\Partition2
08:02:16.0182 0692 ============================================================
08:02:16.0182 0692 Initialize success
08:02:16.0182 0692 ============================================================
08:02:18.0123 4000 ============================================================
08:02:18.0123 4000 Scan started
08:02:18.0123 4000 Mode: Manual;
08:02:18.0123 4000 ============================================================
08:02:18.0263 4000 ================ Scan system memory ========================
08:02:18.0263 4000 System memory - ok
08:02:18.0263 4000 ================ Scan services =============================
08:02:18.0363 4000 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:02:18.0373 4000 1394ohci - ok
08:02:18.0393 4000 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:02:18.0403 4000 ACPI - ok
08:02:18.0423 4000 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:02:18.0423 4000 AcpiPmi - ok
08:02:18.0503 4000 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:02:18.0503 4000 AdobeARMservice - ok
08:02:18.0533 4000 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:02:18.0543 4000 adp94xx - ok
08:02:18.0563 4000 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:02:18.0573 4000 adpahci - ok
08:02:18.0593 4000 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:02:18.0593 4000 adpu320 - ok
08:02:18.0673 4000 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
08:02:18.0683 4000 AdvancedSystemCareService5 - ok
08:02:18.0753 4000 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:02:18.0753 4000 AeLookupSvc - ok
08:02:18.0783 4000 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:02:18.0793 4000 AFD - ok
08:02:18.0803 4000 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:02:18.0803 4000 agp440 - ok
08:02:18.0823 4000 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:02:18.0823 4000 ALG - ok
08:02:18.0843 4000 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:02:18.0843 4000 aliide - ok
08:02:18.0873 4000 [ 2FDCB3E855076CE97CCB58E2CF8F2A09 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:02:18.0873 4000 AMD External Events Utility - ok
08:02:18.0913 4000 [ 30BFEEE0DFFD5BD79D29157CF080DEED ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys
08:02:18.0913 4000 amdhub30 - ok
08:02:18.0933 4000 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:02:18.0933 4000 amdide - ok
08:02:18.0953 4000 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:02:18.0953 4000 AmdK8 - ok
08:02:19.0173 4000 [ 9920704BF815A5B42DA5264F013AAEB7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:02:19.0363 4000 amdkmdag - ok
08:02:19.0383 4000 [ 0D1055A47A8F5DC1CAA2701831293EBB ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:02:19.0383 4000 amdkmdap - ok
08:02:19.0393 4000 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:02:19.0393 4000 AmdPPM - ok
08:02:19.0433 4000 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:02:19.0433 4000 amdsata - ok
08:02:19.0463 4000 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:02:19.0463 4000 amdsbs - ok
08:02:19.0483 4000 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:02:19.0483 4000 amdxata - ok
08:02:19.0513 4000 [ 321533578132C811EC834A1B741C994C ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys
08:02:19.0513 4000 amdxhc - ok
08:02:19.0543 4000 [ F9D46B6B322708BD5AFCC8767EBDC901 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
08:02:19.0553 4000 amd_sata - ok
08:02:19.0563 4000 [ 329CC9C7E20DEEBCD4CD10816193EF14 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
08:02:19.0563 4000 amd_xata - ok
08:02:19.0593 4000 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:02:19.0593 4000 AppID - ok
08:02:19.0633 4000 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:02:19.0633 4000 AppIDSvc - ok
08:02:19.0653 4000 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:02:19.0663 4000 Appinfo - ok
08:02:19.0733 4000 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:02:19.0733 4000 Apple Mobile Device - ok
08:02:19.0783 4000 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
08:02:19.0783 4000 arc - ok
08:02:19.0803 4000 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:02:19.0803 4000 arcsas - ok
08:02:19.0823 4000 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:02:19.0823 4000 AsyncMac - ok
08:02:19.0853 4000 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:02:19.0853 4000 atapi - ok
08:02:19.0883 4000 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
08:02:19.0883 4000 AtiHDAudioService - ok
08:02:19.0923 4000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:02:19.0933 4000 AudioEndpointBuilder - ok
08:02:19.0943 4000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:02:19.0943 4000 AudioSrv - ok
08:02:19.0963 4000 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:02:19.0973 4000 AxInstSV - ok
08:02:19.0993 4000 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:02:20.0003 4000 b06bdrv - ok
08:02:20.0023 4000 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:02:20.0023 4000 b57nd60a - ok
08:02:20.0053 4000 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:02:20.0053 4000 BDESVC - ok
08:02:20.0083 4000 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:02:20.0083 4000 Beep - ok
08:02:20.0103 4000 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:02:20.0113 4000 BFE - ok
08:02:20.0263 4000 [ 1D757A7E020C577C4259A755F21B7152 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
08:02:20.0273 4000 BHDrvx64 - ok
08:02:20.0323 4000 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
08:02:20.0343 4000 BITS - ok
08:02:20.0373 4000 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
08:02:20.0383 4000 blbdrive - ok
08:02:20.0443 4000 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:02:20.0453 4000 Bonjour Service - ok
08:02:20.0473 4000 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:02:20.0473 4000 bowser - ok
08:02:20.0493 4000 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:02:20.0493 4000 BrFiltLo - ok
08:02:20.0513 4000 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:02:20.0513 4000 BrFiltUp - ok
08:02:20.0553 4000 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:02:20.0563 4000 BridgeMP - ok
08:02:20.0603 4000 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:02:20.0613 4000 Browser - ok
08:02:20.0643 4000 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:02:20.0643 4000 Brserid - ok
08:02:20.0673 4000 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:02:20.0673 4000 BrSerWdm - ok
08:02:20.0693 4000 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:02:20.0693 4000 BrUsbMdm - ok
08:02:20.0713 4000 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:02:20.0713 4000 BrUsbSer - ok
08:02:20.0743 4000 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:02:20.0743 4000 BTHMODEM - ok
08:02:20.0773 4000 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:02:20.0783 4000 bthserv - ok
08:02:20.0863 4000 [ 0E1737A63AEC0F6DE231BB59836C0A11 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
08:02:20.0863 4000 ccSet_NIS - ok
08:02:20.0883 4000 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:02:20.0883 4000 cdfs - ok
08:02:20.0903 4000 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:02:20.0913 4000 cdrom - ok
08:02:20.0923 4000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:02:20.0933 4000 CertPropSvc - ok
08:02:20.0953 4000 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
08:02:20.0953 4000 circlass - ok
08:02:20.0973 4000 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:02:20.0983 4000 CLFS - ok
08:02:21.0053 4000 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:02:21.0053 4000 clr_optimization_v2.0.50727_32 - ok
08:02:21.0093 4000 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:02:21.0103 4000 clr_optimization_v2.0.50727_64 - ok
08:02:21.0133 4000 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:02:21.0133 4000 clr_optimization_v4.0.30319_32 - ok
08:02:21.0173 4000 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:02:21.0173 4000 clr_optimization_v4.0.30319_64 - ok
08:02:21.0193 4000 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:02:21.0193 4000 CmBatt - ok
08:02:21.0203 4000 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:02:21.0203 4000 cmdide - ok
08:02:21.0243 4000 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:02:21.0243 4000 CNG - ok
08:02:21.0273 4000 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:02:21.0273 4000 Compbatt - ok
08:02:21.0293 4000 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:02:21.0293 4000 CompositeBus - ok
08:02:21.0293 4000 COMSysApp - ok
08:02:21.0313 4000 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:02:21.0323 4000 crcdisk - ok
08:02:21.0353 4000 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:02:21.0363 4000 CryptSvc - ok
08:02:21.0433 4000 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:02:21.0443 4000 cvhsvc - ok
08:02:21.0493 4000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:02:21.0513 4000 DcomLaunch - ok
08:02:21.0543 4000 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:02:21.0553 4000 defragsvc - ok
08:02:21.0563 4000 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:02:21.0563 4000 DfsC - ok
08:02:21.0583 4000 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:02:21.0593 4000 Dhcp - ok
08:02:21.0613 4000 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:02:21.0623 4000 discache - ok
08:02:21.0633 4000 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
08:02:21.0643 4000 Disk - ok
08:02:21.0743 4000 [ C3EB9C4143E56B52C2CE4580E42BE459 ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
08:02:21.0803 4000 Diskeeper - ok
08:02:21.0833 4000 [ 20C394C80113D77406DF8F1ADC720B01 ] DKRtWrt C:\Windows\system32\DRIVERS\DKRtWrt.sys
08:02:21.0833 4000 DKRtWrt - ok
08:02:21.0853 4000 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:02:21.0853 4000 Dnscache - ok
08:02:21.0873 4000 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:02:21.0883 4000 dot3svc - ok
08:02:21.0893 4000 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:02:21.0903 4000 DPS - ok
08:02:21.0913 4000 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:02:21.0923 4000 drmkaud - ok
08:02:21.0953 4000 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:02:21.0953 4000 DXGKrnl - ok
08:02:21.0973 4000 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:02:21.0973 4000 EapHost - ok
08:02:22.0073 4000 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:02:22.0153 4000 ebdrv - ok
08:02:22.0213 4000 [ 5CCF1BE80930AEB1CDEBF561666325E8 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
08:02:22.0223 4000 eeCtrl - ok
08:02:22.0253 4000 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:02:22.0253 4000 EFS - ok
08:02:22.0313 4000 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:02:22.0383 4000 ehRecvr - ok
08:02:22.0393 4000 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:02:22.0423 4000 ehSched - ok
08:02:22.0453 4000 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:02:22.0453 4000 elxstor - ok
08:02:22.0473 4000 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:02:22.0473 4000 ErrDev - ok
08:02:22.0533 4000 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:02:22.0543 4000 EventSystem - ok
08:02:22.0563 4000 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:02:22.0573 4000 exfat - ok
08:02:22.0583 4000 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:02:22.0593 4000 fastfat - ok
08:02:22.0623 4000 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:02:22.0633 4000 Fax - ok
08:02:22.0673 4000 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
08:02:22.0673 4000 fdc - ok
08:02:22.0683 4000 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:02:22.0693 4000 fdPHost - ok
08:02:22.0713 4000 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:02:22.0713 4000 FDResPub - ok
08:02:22.0733 4000 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:02:22.0733 4000 FileInfo - ok
08:02:22.0753 4000 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:02:22.0753 4000 Filetrace - ok
08:02:22.0773 4000 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:02:22.0773 4000 flpydisk - ok
08:02:22.0783 4000 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:02:22.0793 4000 FltMgr - ok
08:02:22.0824 4000 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:02:22.0834 4000 FontCache - ok
08:02:22.0884 4000 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:02:22.0884 4000 FontCache3.0.0.0 - ok
08:02:22.0904 4000 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:02:22.0904 4000 FsDepends - ok
08:02:22.0944 4000 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:02:22.0944 4000 Fs_Rec - ok
08:02:22.0964 4000 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:02:22.0964 4000 fvevol - ok
08:02:22.0994 4000 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:02:22.0994 4000 gagp30kx - ok
08:02:23.0034 4000 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
08:02:23.0044 4000 GamesAppService - ok
08:02:23.0074 4000 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:02:23.0074 4000 GEARAspiWDM - ok
08:02:23.0114 4000 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:02:23.0124 4000 gpsvc - ok
08:02:23.0184 4000 [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
08:02:23.0184 4000 GREGService - ok
08:02:23.0264 4000 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:02:23.0264 4000 gupdate - ok
08:02:23.0274 4000 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:02:23.0284 4000 gupdatem - ok
08:02:23.0304 4000 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:02:23.0304 4000 hcw85cir - ok
08:02:23.0324 4000 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:02:23.0334 4000 HdAudAddService - ok
08:02:23.0364 4000 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:02:23.0364 4000 HDAudBus - ok
08:02:23.0384 4000 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:02:23.0384 4000 HidBatt - ok
08:02:23.0404 4000 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:02:23.0404 4000 HidBth - ok
08:02:23.0424 4000 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:02:23.0424 4000 HidIr - ok
08:02:23.0454 4000 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
08:02:23.0454 4000 hidserv - ok
08:02:23.0474 4000 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:02:23.0484 4000 HidUsb - ok
08:02:23.0524 4000 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:02:23.0524 4000 hkmsvc - ok
08:02:23.0544 4000 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:02:23.0544 4000 HomeGroupListener - ok
08:02:23.0584 4000 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:02:23.0584 4000 HomeGroupProvider - ok
08:02:23.0604 4000 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:02:23.0604 4000 HpSAMD - ok
08:02:23.0634 4000 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:02:23.0644 4000 HTTP - ok
08:02:23.0654 4000 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:02:23.0654 4000 hwpolicy - ok
08:02:23.0674 4000 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:02:23.0674 4000 i8042prt - ok
08:02:23.0704 4000 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:02:23.0714 4000 iaStorV - ok
08:02:23.0774 4000 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:02:23.0784 4000 idsvc - ok
08:02:23.0844 4000 [ 18C40C3F368323B203ACE403CB430DB1 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120202.002\IDSvia64.sys
08:02:23.0854 4000 IDSVia64 - ok
08:02:23.0884 4000 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:02:23.0884 4000 iirsp - ok
08:02:23.0924 4000 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:02:23.0934 4000 IKEEXT - ok
08:02:24.0054 4000 [ 718A4008EE5DA174400396B27509EF82 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:02:24.0084 4000 IntcAzAudAddService - ok
08:02:24.0094 4000 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:02:24.0104 4000 intelide - ok
08:02:24.0114 4000 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
08:02:24.0114 4000 intelppm - ok
08:02:24.0134 4000 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:02:24.0134 4000 IPBusEnum - ok
08:02:24.0154 4000 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:02:24.0154 4000 IpFilterDriver - ok
08:02:24.0184 4000 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:02:24.0194 4000 iphlpsvc - ok
08:02:24.0204 4000 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:02:24.0204 4000 IPMIDRV - ok
08:02:24.0224 4000 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:02:24.0224 4000 IPNAT - ok
08:02:24.0274 4000 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:02:24.0294 4000 iPod Service - ok
08:02:24.0334 4000 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:02:24.0334 4000 IRENUM - ok
08:02:24.0354 4000 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:02:24.0354 4000 isapnp - ok
08:02:24.0394 4000 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:02:24.0394 4000 iScsiPrt - ok
08:02:24.0414 4000 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:02:24.0414 4000 kbdclass - ok
08:02:24.0434 4000 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:02:24.0434 4000 kbdhid - ok
08:02:24.0454 4000 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:02:24.0454 4000 KeyIso - ok
08:02:24.0494 4000 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:02:24.0494 4000 KSecDD - ok
08:02:24.0514 4000 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:02:24.0514 4000 KSecPkg - ok
08:02:24.0534 4000 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:02:24.0544 4000 ksthunk - ok
08:02:24.0574 4000 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:02:24.0584 4000 KtmRm - ok
08:02:24.0614 4000 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:02:24.0624 4000 LanmanServer - ok
08:02:24.0664 4000 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:02:24.0674 4000 LanmanWorkstation - ok
08:02:24.0724 4000 [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
08:02:24.0734 4000 Live Updater Service - ok
08:02:24.0744 4000 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:02:24.0754 4000 lltdio - ok
08:02:24.0784 4000 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:02:24.0784 4000 lltdsvc - ok
08:02:24.0804 4000 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:02:24.0814 4000 lmhosts - ok
08:02:24.0824 4000 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:02:24.0834 4000 LSI_FC - ok
08:02:24.0854 4000 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:02:24.0854 4000 LSI_SAS - ok
08:02:24.0874 4000 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:02:24.0874 4000 LSI_SAS2 - ok
08:02:24.0894 4000 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:02:24.0894 4000 LSI_SCSI - ok
08:02:24.0914 4000 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:02:24.0924 4000 luafv - ok
08:02:24.0944 4000 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:02:24.0954 4000 Mcx2Svc - ok
08:02:24.0964 4000 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
08:02:24.0964 4000 megasas - ok
08:02:24.0994 4000 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:02:24.0994 4000 MegaSR - ok
08:02:25.0014 4000 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:02:25.0024 4000 MMCSS - ok
08:02:25.0034 4000 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:02:25.0034 4000 Modem - ok
08:02:25.0064 4000 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:02:25.0064 4000 monitor - ok
08:02:25.0084 4000 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:02:25.0084 4000 mouclass - ok
08:02:25.0114 4000 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:02:25.0114 4000 mouhid - ok
08:02:25.0144 4000 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:02:25.0154 4000 mountmgr - ok
08:02:25.0204 4000 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
08:02:25.0204 4000 MpFilter - ok
08:02:25.0234 4000 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:02:25.0244 4000 mpio - ok
08:02:25.0254 4000 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:02:25.0254 4000 mpsdrv - ok
08:02:25.0294 4000 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:02:25.0314 4000 MpsSvc - ok
08:02:25.0344 4000 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:02:25.0344 4000 MRxDAV - ok
08:02:25.0374 4000 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:02:25.0374 4000 mrxsmb - ok
08:02:25.0404 4000 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:02:25.0404 4000 mrxsmb10 - ok
08:02:25.0434 4000 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:02:25.0434 4000 mrxsmb20 - ok
08:02:25.0444 4000 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:02:25.0444 4000 msahci - ok
08:02:25.0464 4000 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:02:25.0474 4000 msdsm - ok
08:02:25.0484 4000 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:02:25.0494 4000 MSDTC - ok
08:02:25.0514 4000 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:02:25.0514 4000 Msfs - ok
08:02:25.0534 4000 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:02:25.0544 4000 mshidkmdf - ok
08:02:25.0554 4000 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:02:25.0554 4000 msisadrv - ok
08:02:25.0594 4000 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:02:25.0594 4000 MSiSCSI - ok
08:02:25.0604 4000 msiserver - ok
08:02:25.0614 4000 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:02:25.0614 4000 MSKSSRV - ok
08:02:25.0694 4000 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:02:25.0694 4000 MsMpSvc - ok
08:02:25.0704 4000 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:02:25.0714 4000 MSPCLOCK - ok
08:02:25.0724 4000 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:02:25.0734 4000 MSPQM - ok
08:02:25.0754 4000 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:02:25.0764 4000 MsRPC - ok
08:02:25.0784 4000 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:02:25.0784 4000 mssmbios - ok
08:02:25.0794 4000 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:02:25.0794 4000 MSTEE - ok
08:02:25.0814 4000 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:02:25.0814 4000 MTConfig - ok
08:02:25.0834 4000 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:02:25.0834 4000 Mup - ok
08:02:25.0874 4000 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:02:25.0884 4000 napagent - ok
08:02:25.0904 4000 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:02:25.0914 4000 NativeWifiP - ok
08:02:25.0984 4000 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
08:02:25.0994 4000 NAUpdate - ok
08:02:26.0094 4000 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120202.033\ENG64.SYS
08:02:26.0094 4000 NAVENG - ok
08:02:26.0164 4000 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120202.033\EX64.SYS
08:02:26.0214 4000 NAVEX15 - ok
08:02:26.0294 4000 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:02:26.0304 4000 NDIS - ok
08:02:26.0344 4000 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:02:26.0344 4000 NdisCap - ok
08:02:26.0354 4000 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:02:26.0354 4000 NdisTapi - ok
08:02:26.0374 4000 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:02:26.0384 4000 Ndisuio - ok
08:02:26.0404 4000 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:02:26.0404 4000 NdisWan - ok
08:02:26.0424 4000 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:02:26.0424 4000 NDProxy - ok
08:02:26.0434 4000 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:02:26.0434 4000 NetBIOS - ok
08:02:26.0464 4000 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:02:26.0464 4000 NetBT - ok
08:02:26.0484 4000 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:02:26.0494 4000 Netlogon - ok
08:02:26.0524 4000 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:02:26.0524 4000 Netman - ok
08:02:26.0544 4000 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:02:26.0554 4000 netprofm - ok
08:02:26.0614 4000 [ E005682AE8F8EC4EB05F2A70A16EA1C5 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
08:02:26.0634 4000 netr28ux - ok
08:02:26.0674 4000 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:02:26.0674 4000 NetTcpPortSharing - ok
08:02:26.0684 4000 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:02:26.0694 4000 nfrd960 - ok
08:02:26.0774 4000 [ C6948F034D7EDABCFA2234D399FC78BC ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
08:02:26.0784 4000 NIS - ok
08:02:26.0814 4000 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:02:26.0824 4000 NisDrv - ok
08:02:26.0884 4000 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
08:02:26.0894 4000 NisSrv - ok
08:02:26.0924 4000 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:02:26.0934 4000 NlaSvc - ok
08:02:27.0034 4000 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
08:02:27.0114 4000 NOBU - ok
08:02:27.0124 4000 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:02:27.0124 4000 Npfs - ok
08:02:27.0154 4000 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:02:27.0154 4000 nsi - ok
08:02:27.0174 4000 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:02:27.0174 4000 nsiproxy - ok
08:02:27.0234 4000 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:02:27.0244 4000 Ntfs - ok
08:02:27.0264 4000 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:02:27.0264 4000 Null - ok
08:02:27.0284 4000 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:02:27.0284 4000 nvraid - ok
08:02:27.0324 4000 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:02:27.0324 4000 nvstor - ok
08:02:27.0344 4000 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:02:27.0354 4000 nv_agp - ok
08:02:27.0364 4000 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:02:27.0364 4000 ohci1394 - ok
08:02:27.0414 4000 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:02:27.0414 4000 ose - ok
08:02:27.0594 4000 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:02:27.0734 4000 osppsvc - ok
08:02:27.0774 4000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:02:27.0784 4000 p2pimsvc - ok
08:02:27.0824 4000 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:02:27.0834 4000 p2psvc - ok
08:02:27.0854 4000 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
08:02:27.0864 4000 Parport - ok
08:02:27.0904 4000 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:02:27.0914 4000 partmgr - ok
08:02:27.0934 4000 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:02:27.0944 4000 PcaSvc - ok
08:02:27.0964 4000 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:02:27.0964 4000 pci - ok
08:02:27.0984 4000 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:02:27.0984 4000 pciide - ok
08:02:28.0014 4000 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:02:28.0014 4000 pcmcia - ok
08:02:28.0034 4000 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:02:28.0034 4000 pcw - ok
08:02:28.0064 4000 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:02:28.0084 4000 PEAUTH - ok
08:02:28.0184 4000 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:02:28.0184 4000 PerfHost - ok
08:02:28.0274 4000 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:02:28.0304 4000 pla - ok
08:02:28.0354 4000 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:02:28.0364 4000 PlugPlay - ok
08:02:28.0374 4000 PnkBstrA - ok
08:02:28.0404 4000 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:02:28.0414 4000 PNRPAutoReg - ok
08:02:28.0424 4000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:02:28.0434 4000 PNRPsvc - ok
08:02:28.0454 4000 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
08:02:28.0454 4000 Point64 - ok
08:02:28.0494 4000 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:02:28.0514 4000 PolicyAgent - ok
08:02:28.0554 4000 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:02:28.0564 4000 Power - ok
08:02:28.0594 4000 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:02:28.0604 4000 PptpMiniport - ok
08:02:28.0634 4000 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
08:02:28.0634 4000 Processor - ok
08:02:28.0674 4000 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:02:28.0684 4000 ProfSvc - ok
08:02:28.0694 4000 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:02:28.0704 4000 ProtectedStorage - ok
08:02:28.0724 4000 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:02:28.0724 4000 Psched - ok
08:02:28.0774 4000 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:02:28.0794 4000 ql2300 - ok
08:02:28.0824 4000 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:02:28.0834 4000 ql40xx - ok
08:02:28.0864 4000 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:02:28.0864 4000 QWAVE - ok
08:02:28.0884 4000 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:02:28.0884 4000 QWAVEdrv - ok
08:02:28.0934 4000 [ 2EE6D9CAB03900646D1D3D9077167BD6 ] RalinkRegistryWriter C:\Program Files (x86)\Hawking\Common\RaRegistry.exe
08:02:29.0014 4000 RalinkRegistryWriter - ok
08:02:29.0024 4000 [ 46358C32AF09A57A171BC422649BE53B ] RalinkRegistryWriter64 C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe
08:02:29.0084 4000 RalinkRegistryWriter64 - ok
08:02:29.0094 4000 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:02:29.0094 4000 RasAcd - ok
08:02:29.0114 4000 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:02:29.0124 4000 RasAgileVpn - ok
08:02:29.0144 4000 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:02:29.0144 4000 RasAuto - ok
08:02:29.0154 4000 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:02:29.0154 4000 Rasl2tp - ok
08:02:29.0184 4000 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:02:29.0184 4000 RasMan - ok
08:02:29.0204 4000 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:02:29.0204 4000 RasPppoe - ok
08:02:29.0204 4000 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:02:29.0214 4000 RasSstp - ok
08:02:29.0244 4000 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:02:29.0254 4000 rdbss - ok
08:02:29.0274 4000 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:02:29.0274 4000 rdpbus - ok
08:02:29.0294 4000 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:02:29.0294 4000 RDPCDD - ok
08:02:29.0324 4000 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:02:29.0324 4000 RDPENCDD - ok
08:02:29.0344 4000 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:02:29.0344 4000 RDPREFMP - ok
08:02:29.0374 4000 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:02:29.0384 4000 RDPWD - ok
08:02:29.0394 4000 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:02:29.0404 4000 rdyboost - ok
08:02:29.0444 4000 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:02:29.0444 4000 RemoteAccess - ok
08:02:29.0474 4000 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:02:29.0474 4000 RemoteRegistry - ok
08:02:29.0494 4000 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:02:29.0494 4000 RpcEptMapper - ok
08:02:29.0524 4000 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:02:29.0524 4000 RpcLocator - ok
08:02:29.0554 4000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:02:29.0564 4000 RpcSs - ok
08:02:29.0584 4000 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:02:29.0584 4000 rspndr - ok
08:02:29.0624 4000 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:02:29.0634 4000 RTL8167 - ok
08:02:29.0654 4000 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:02:29.0654 4000 SamSs - ok
08:02:29.0684 4000 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:02:29.0684 4000 sbp2port - ok
08:02:29.0714 4000 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:02:29.0714 4000 SCardSvr - ok
08:02:29.0734 4000 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:02:29.0734 4000 scfilter - ok
08:02:29.0774 4000 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:02:29.0794 4000 Schedule - ok
08:02:29.0824 4000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:02:29.0824 4000 SCPolicySvc - ok
08:02:29.0854 4000 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:02:29.0864 4000 SDRSVC - ok
08:02:29.0874 4000 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:02:29.0874 4000 secdrv - ok
08:02:29.0894 4000 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:02:29.0894 4000 seclogon - ok
08:02:29.0904 4000 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:02:29.0914 4000 SENS - ok
08:02:29.0924 4000 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:02:29.0924 4000 SensrSvc - ok
08:02:29.0944 4000 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
08:02:29.0944 4000 Serenum - ok
08:02:29.0964 4000 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
08:02:29.0964 4000 Serial - ok
08:02:29.0974 4000 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:02:29.0974 4000 sermouse - ok
08:02:30.0024 4000 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:02:30.0034 4000 SessionEnv - ok
08:02:30.0054 4000 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:02:30.0054 4000 sffdisk - ok
08:02:30.0074 4000 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:02:30.0074 4000 sffp_mmc - ok
08:02:30.0094 4000 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:02:30.0094 4000 sffp_sd - ok
08:02:30.0114 4000 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:02:30.0114 4000 sfloppy - ok
08:02:30.0154 4000 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
08:02:30.0154 4000 Sftfs - ok
08:02:30.0224 4000 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
08:02:30.0234 4000 sftlist - ok
08:02:30.0264 4000 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
08:02:30.0264 4000 Sftplay - ok
08:02:30.0284 4000 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
08:02:30.0284 4000 Sftredir - ok
08:02:30.0294 4000 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
08:02:30.0294 4000 Sftvol - ok
08:02:30.0304 4000 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
08:02:30.0314 4000 sftvsa - ok
08:02:30.0364 4000 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:02:30.0374 4000 SharedAccess - ok
08:02:30.0424 4000 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:02:30.0434 4000 ShellHWDetection - ok
08:02:30.0454 4000 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:02:30.0454 4000 SiSRaid2 - ok
08:02:30.0484 4000 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:02:30.0484 4000 SiSRaid4 - ok
08:02:30.0514 4000 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:02:30.0514 4000 SkypeUpdate - ok
08:02:30.0554 4000 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
08:02:30.0554 4000 SmartDefragDriver - ok
08:02:30.0574 4000 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:02:30.0574 4000 Smb - ok
08:02:30.0594 4000 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:02:30.0604 4000 SNMPTRAP - ok
08:02:30.0614 4000 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:02:30.0614 4000 spldr - ok
08:02:30.0654 4000 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:02:30.0664 4000 Spooler - ok
08:02:30.0754 4000 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:02:30.0864 4000 sppsvc - ok
08:02:30.0874 4000 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:02:30.0884 4000 sppuinotify - ok
08:02:30.0974 4000 [ 06B9A7BA94356EC5207C5DDB59540378 ] SRTSP C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
08:02:30.0984 4000 SRTSP - ok
08:02:31.0004 4000 [ FBB8945A61E55A2345D12487C74A9D76 ] SRTSPX C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
08:02:31.0004 4000 SRTSPX - ok
08:02:31.0034 4000 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:02:31.0044 4000 srv - ok
08:02:31.0074 4000 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:02:31.0084 4000 srv2 - ok
08:02:31.0104 4000 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:02:31.0104 4000 srvnet - ok
08:02:31.0164 4000 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:02:31.0174 4000 SSDPSRV - ok
08:02:31.0194 4000 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:02:31.0204 4000 SstpSvc - ok
08:02:31.0234 4000 Steam Client Service - ok
08:02:31.0254 4000 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:02:31.0254 4000 stexstor - ok
08:02:31.0304 4000 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:02:31.0314 4000 stisvc - ok
08:02:31.0354 4000 [ 85BF0B7CE3D9B6D1611E05872E1C3E56 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
08:02:31.0354 4000 SWDUMon - ok
08:02:31.0384 4000 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:02:31.0384 4000 swenum - ok
08:02:31.0404 4000 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:02:31.0414 4000 swprv - ok
08:02:31.0444 4000 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
08:02:31.0444 4000 SymDS - ok
08:02:31.0484 4000 [ F90C7A190399165D3AB2245048D34786 ] SymEFA C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
08:02:31.0504 4000 SymEFA - ok
08:02:31.0524 4000 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
08:02:31.0524 4000 SymEvent - ok
08:02:31.0554 4000 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
08:02:31.0564 4000 SymIRON - ok
08:02:31.0584 4000 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
08:02:31.0594 4000 SymNetS - ok
08:02:31.0644 4000 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:02:31.0684 4000 SysMain - ok
08:02:31.0714 4000 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:02:31.0714 4000 TabletInputService - ok
08:02:31.0734 4000 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:02:31.0744 4000 TapiSrv - ok
08:02:31.0774 4000 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:02:31.0774 4000 TBS - ok
08:02:31.0845 4000 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:02:31.0885 4000 Tcpip - ok
08:02:31.0915 4000 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:02:31.0925 4000 TCPIP6 - ok
08:02:31.0955 4000 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:02:31.0955 4000 tcpipreg - ok
08:02:31.0975 4000 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:02:31.0975 4000 TDPIPE - ok
08:02:32.0005 4000 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:02:32.0005 4000 TDTCP - ok
08:02:32.0025 4000 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:02:32.0025 4000 tdx - ok
08:02:32.0045 4000 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:02:32.0045 4000 TermDD - ok
08:02:32.0065 4000 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:02:32.0075 4000 TermService - ok
08:02:32.0095 4000 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:02:32.0105 4000 Themes - ok
08:02:32.0125 4000 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:02:32.0135 4000 THREADORDER - ok
08:02:32.0145 4000 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:02:32.0155 4000 TrkWks - ok
08:02:32.0205 4000 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:02:32.0205 4000 TrustedInstaller - ok
08:02:32.0225 4000 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:02:32.0225 4000 tssecsrv - ok
08:02:32.0245 4000 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:02:32.0245 4000 TsUsbFlt - ok
08:02:32.0275 4000 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:02:32.0275 4000 TsUsbGD - ok
08:02:32.0285 4000 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:02:32.0295 4000 tunnel - ok
08:02:32.0315 4000 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:02:32.0315 4000 uagp35 - ok
08:02:32.0345 4000 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:02:32.0345 4000 udfs - ok
08:02:32.0385 4000 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:02:32.0385 4000 UI0Detect - ok
08:02:32.0405 4000 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:02:32.0415 4000 uliagpkx - ok
08:02:32.0435 4000 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:02:32.0435 4000 umbus - ok
08:02:32.0455 4000 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
08:02:32.0455 4000 UmPass - ok
08:02:32.0475 4000 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:02:32.0485 4000 upnphost - ok
08:02:32.0515 4000 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
08:02:32.0515 4000 usbbus - ok
08:02:32.0545 4000 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:02:32.0545 4000 usbccgp - ok
08:02:32.0565 4000 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:02:32.0575 4000 usbcir - ok
08:02:32.0605 4000 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
08:02:32.0605 4000 UsbDiag - ok
08:02:32.0635 4000 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:02:32.0635 4000 usbehci - ok
08:02:32.0665 4000 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:02:32.0665 4000 usbhub - ok
08:02:32.0685 4000 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
08:02:32.0695 4000 USBModem - ok
08:02:32.0705 4000 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:02:32.0705 4000 usbohci - ok
08:02:32.0725 4000 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:02:32.0725 4000 usbprint - ok
08:02:32.0745 4000 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:02:32.0745 4000 USBSTOR - ok
08:02:32.0765 4000 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:02:32.0765 4000 usbuhci - ok
08:02:32.0785 4000 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:02:32.0785 4000 UxSms - ok
08:02:32.0795 4000 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:02:32.0805 4000 VaultSvc - ok
08:02:32.0815 4000 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:02:32.0815 4000 vdrvroot - ok
08:02:32.0845 4000 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:02:32.0855 4000 vds - ok
08:02:32.0875 4000 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:02:32.0875 4000 vga - ok
08:02:32.0885 4000 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:02:32.0885 4000 VgaSave - ok
08:02:32.0905 4000 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:02:32.0915 4000 vhdmp - ok
08:02:32.0925 4000 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:02:32.0925 4000 viaide - ok
08:02:32.0945 4000 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:02:32.0945 4000 volmgr - ok
08:02:32.0975 4000 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:02:32.0975 4000 volmgrx - ok
08:02:33.0005 4000 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:02:33.0005 4000 volsnap - ok
08:02:33.0035 4000 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:02:33.0035 4000 vsmraid - ok
08:02:33.0105 4000 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:02:33.0135 4000 VSS - ok
08:02:33.0155 4000 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:02:33.0155 4000 vwifibus - ok
08:02:33.0175 4000 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:02:33.0175 4000 vwififlt - ok
08:02:33.0195 4000 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:02:33.0195 4000 vwifimp - ok
08:02:33.0225 4000 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:02:33.0235 4000 W32Time - ok
08:02:33.0255 4000 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:02:33.0255 4000 WacomPen - ok
08:02:33.0275 4000 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:02:33.0275 4000 WANARP - ok
08:02:33.0285 4000 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:02:33.0285 4000 Wanarpv6 - ok
08:02:33.0335 4000 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:02:33.0345 4000 WatAdminSvc - ok
08:02:33.0385 4000 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:02:33.0405 4000 wbengine - ok
08:02:33.0425 4000 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:02:33.0425 4000 WbioSrvc - ok
08:02:33.0445 4000 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:02:33.0445 4000 wcncsvc - ok
08:02:33.0465 4000 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:02:33.0465 4000 WcsPlugInService - ok
08:02:33.0485 4000 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
08:02:33.0485 4000 Wd - ok
08:02:33.0505 4000 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:02:33.0515 4000 Wdf01000 - ok
08:02:33.0535 4000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:02:33.0545 4000 WdiServiceHost - ok
08:02:33.0545 4000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:02:33.0545 4000 WdiSystemHost - ok
08:02:33.0565 4000 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:02:33.0565 4000 WebClient - ok
08:02:33.0605 4000 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:02:33.0605 4000 Wecsvc - ok
08:02:33.0625 4000 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:02:33.0625 4000 wercplsupport - ok
08:02:33.0645 4000 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:02:33.0645 4000 WerSvc - ok
08:02:33.0665 4000 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:02:33.0665 4000 WfpLwf - ok
08:02:33.0685 4000 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:02:33.0685 4000 WIMMount - ok
08:02:33.0705 4000 WinDefend - ok
08:02:33.0705 4000 WinHttpAutoProxySvc - ok
08:02:33.0775 4000 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:02:33.0825 4000 Winmgmt - ok
08:02:33.0915 4000 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:02:33.0955 4000 WinRM - ok
08:02:34.0005 4000 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:02:34.0035 4000 Wlansvc - ok
08:02:34.0075 4000 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:02:34.0085 4000 wlcrasvc - ok
08:02:34.0185 4000 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:02:34.0255 4000 wlidsvc - ok
08:02:34.0295 4000 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:02:34.0295 4000 WmiAcpi - ok
08:02:34.0325 4000 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:02:34.0335 4000 wmiApSrv - ok
08:02:34.0355 4000 WMPNetworkSvc - ok
08:02:34.0375 4000 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:02:34.0375 4000 WPCSvc - ok
08:02:34.0395 4000 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:02:34.0395 4000 WPDBusEnum - ok
08:02:34.0415 4000 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:02:34.0415 4000 ws2ifsl - ok
08:02:34.0445 4000 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
08:02:34.0445 4000 wscsvc - ok
08:02:34.0455 4000 WSearch - ok
08:02:34.0535 4000 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:02:34.0595 4000 wuauserv - ok
08:02:34.0615 4000 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:02:34.0615 4000 WudfPf - ok
08:02:34.0635 4000 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:02:34.0635 4000 WUDFRd - ok
08:02:34.0655 4000 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:02:34.0655 4000 wudfsvc - ok
08:02:34.0695 4000 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:02:34.0695 4000 WwanSvc - ok
08:02:34.0775 4000 X6va009 - ok
08:02:34.0795 4000 ================ Scan global ===============================
08:02:34.0845 4000 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:02:34.0895 4000 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
08:02:34.0915 4000 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
08:02:34.0955 4000 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:02:34.0995 4000 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:02:35.0005 4000 [Global] - ok
08:02:35.0005 4000 ================ Scan MBR ==================================
08:02:35.0015 4000 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:02:35.0245 4000 \Device\Harddisk0\DR0 - ok
08:02:35.0245 4000 ================ Scan VBR ==================================
08:02:35.0245 4000 [ EE92899F8105F01385D586C4B75FA2BB ] \Device\Harddisk0\DR0\Partition1
08:02:35.0255 4000 \Device\Harddisk0\DR0\Partition1 - ok
08:02:35.0265 4000 [ 8329279D98749135057850B46EE9902B ] \Device\Harddisk0\DR0\Partition2
08:02:35.0265 4000 \Device\Harddisk0\DR0\Partition2 - ok
08:02:35.0265 4000 ============================================================
08:02:35.0265 4000 Scan finished
08:02:35.0265 4000 ============================================================
08:02:35.0285 4720 Detected object count: 0
08:02:35.0285 4720 Actual detected object count: 0
08:02:38.0465 2784 Deinitialize success
-
Norton removed. It says the tdds killer log keep saying it is too long to post. I'll cut into pieces and paste it in another post
DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Mark at 7:37:11 on 2012-10-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3797.2463 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Hawking\Common\RaRegistry.exe
C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Hawking\Common\HawkingWirelessUtility.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HAWKIN~1.LNK - C:\Program Files (x86)\Hawking\Common\HawkingWirelessUtility.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{317BB806-9030-44EE-8DC5-EA7165103967} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{317BB806-9030-44EE-8DC5-EA7165103967}\0484F6D65613834333 : DHCPNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
TCP: Interfaces\{317BB806-9030-44EE-8DC5-EA7165103967}\251697370286F6D6563747561646 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mStart Page = hxxp://www.bing.com/?pc=MAGW
x64-mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-7-20 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-7-20 40064]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-6-5 17720]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1307010.005\symds64.sys [2012-5-18 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1307010.005\symefa64.sys [2012-5-18 1092728]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-24 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1307010.005\ccsetx64.sys [2012-5-18 167048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120202.002\IDSviA64.sys [2012-2-2 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1307010.005\ironx64.sys [2012-5-18 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1307010.005\symnets.sys [2012-5-18 405624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-20 204288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-7-7 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Hawking\Common\RaRegistry.exe [2011-12-5 185632]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe [2011-12-5 212256]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-5 87168]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-7-20 9371136]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-7-20 309760]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-5 188544]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-7-20 231440]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-4-15 44624]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr28ux.sys [2011-12-5 1101600]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-7 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-6 135664]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-6 135664]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-29 15712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-6 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-6-5 913792]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-14 06:42:30 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8CE57F00-A2C8-4B4E-8220-A5FC2EA6A8C7}\offreg.dll
2012-10-14 06:05:48 -------- d-----w- C:\Program Files\CCleaner
2012-10-14 06:03:34 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-14 06:01:18 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-14 05:49:19 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-10-14 05:08:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-14 04:48:29 -------- d-----w- C:\Program Files\HitmanPro
2012-10-13 20:46:51 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9D97.tmp
2012-10-13 20:46:51 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9D96.tmp
2012-10-13 20:25:09 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8CE57F00-A2C8-4B4E-8220-A5FC2EA6A8C7}\mpengine.dll
2012-10-12 09:54:34 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-12 09:30:35 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-12 09:30:35 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-12 09:30:35 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-12 06:46:17 -------- d-----w- C:\Users\Mark\AppData\Local\Deployment
2012-10-10 13:47:59 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-10-10 10:12:59 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD4BC360-24BD-489D-B1FD-FCF443124E78}\gapaengine.dll
2012-10-10 10:10:10 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-10-10 10:10:00 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-10-09 21:53:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C06212F-B0AA-448C-8C6C-40B79A46E8AF}\offreg.dll
2012-10-09 21:52:34 -------- d--h--w- C:\Users\Mark\AppData\Roaming\DCE93291
2012-10-09 21:30:53 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C06212F-B0AA-448C-8C6C-40B79A46E8AF}\mpengine.dll
2012-10-09 04:16:41 -------- d-----w- C:\Users\Mark\AppData\Roaming\OpenOffice.org
2012-10-09 04:14:25 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-10-02 04:12:01 -------- d-----w- C:\Program Files (x86)\SEGA
2012-10-01 09:26:35 -------- d-----w- C:\Users\Mark\AppData\Roaming\The Creative Assembly
2012-09-25 23:11:04 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-25 23:10:45 -------- d-----w- C:\Program Files\iPod
2012-09-25 23:10:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-25 23:10:44 -------- d-----w- C:\Program Files\iTunes
2012-09-25 23:10:44 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-25 23:10:07 -------- d-----w- C:\Users\Mark\AppData\Local\Apple
2012-09-25 23:09:48 -------- d-----w- C:\Program Files\Bonjour
2012-09-25 23:09:48 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-09-25 19:41:55 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
.
==================== Find3M ====================
.
2012-10-13 20:25:06 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2012-10-12 06:24:14 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-12 06:24:14 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-25 02:07:14 183152 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-07 13:15:21 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-25 22:51:44 42440 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-07-25 22:51:44 28104 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-07-23 20:59:14 24960 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 7:38:45.16 ===============
Malwarebytes Anti-Malware 1.65.0.1400
Database version: v2012.10.14.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mark :: MARK-PC [administrator]
10/14/2012 7:25:06 AM
mbam-log-2012-10-14 (07-25-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212788
Time elapsed: 7 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
-
It looks like I have this ugly virus. I have tried everything I could find about it and can't get rid of it! Heeeelp.
DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Mark at 1:39:18 on 2012-10-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3797.2156 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Hawking\Common\RaRegistry.exe
C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Hawking\Common\HawkingWirelessUtility.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\BNDReader.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HAWKIN~1.LNK - C:\Program Files (x86)\Hawking\Common\HawkingWirelessUtility.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{317BB806-9030-44EE-8DC5-EA7165103967} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{317BB806-9030-44EE-8DC5-EA7165103967}\0484F6D65613834333 : DHCPNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
TCP: Interfaces\{317BB806-9030-44EE-8DC5-EA7165103967}\251697370286F6D6563747561646 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mStart Page = hxxp://www.bing.com/?pc=MAGW
x64-mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-7-20 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-7-20 40064]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-6-5 17720]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1307010.005\symds64.sys [2012-5-18 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1307010.005\symefa64.sys [2012-5-18 1092728]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-24 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1307010.005\ccsetx64.sys [2012-5-18 167048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120202.002\IDSviA64.sys [2012-2-2 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1307010.005\ironx64.sys [2012-5-18 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1307010.005\symnets.sys [2012-5-18 405624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-20 204288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-7-7 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Hawking\Common\RaRegistry.exe [2011-12-5 185632]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe [2011-12-5 212256]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-5 87168]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-7-20 9371136]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-7-20 309760]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-5 188544]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-7-20 231440]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-4-15 44624]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr28ux.sys [2011-12-5 1101600]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-7 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-6 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-6 135664]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-29 15712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-6 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-6-5 913792]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-14 06:22:19 20480 ----a-w- C:\Windows\svchost.exe
2012-10-14 06:05:48 -------- d-----w- C:\Program Files\CCleaner
2012-10-14 06:03:34 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-14 06:01:18 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-14 05:49:19 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-10-14 05:08:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-14 04:48:29 -------- d-----w- C:\Program Files\HitmanPro
2012-10-13 20:46:51 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9D97.tmp
2012-10-13 20:46:51 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9D96.tmp
2012-10-13 20:25:09 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8CE57F00-A2C8-4B4E-8220-A5FC2EA6A8C7}\mpengine.dll
2012-10-12 09:54:34 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-12 09:30:35 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-12 09:30:35 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-12 09:30:35 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-12 06:46:17 -------- d-----w- C:\Users\Mark\AppData\Local\Deployment
2012-10-10 13:47:59 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-10-10 10:12:59 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD4BC360-24BD-489D-B1FD-FCF443124E78}\gapaengine.dll
2012-10-10 10:10:10 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-10-10 10:10:00 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-10-09 21:53:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C06212F-B0AA-448C-8C6C-40B79A46E8AF}\offreg.dll
2012-10-09 21:52:34 -------- d--h--w- C:\Users\Mark\AppData\Roaming\DCE93291
2012-10-09 21:30:53 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C06212F-B0AA-448C-8C6C-40B79A46E8AF}\mpengine.dll
2012-10-09 04:16:41 -------- d-----w- C:\Users\Mark\AppData\Roaming\OpenOffice.org
2012-10-09 04:14:25 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-10-02 04:12:01 -------- d-----w- C:\Program Files (x86)\SEGA
2012-10-01 09:26:35 -------- d-----w- C:\Users\Mark\AppData\Roaming\The Creative Assembly
2012-09-25 23:11:04 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-25 23:10:45 -------- d-----w- C:\Program Files\iPod
2012-09-25 23:10:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-25 23:10:44 -------- d-----w- C:\Program Files\iTunes
2012-09-25 23:10:44 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-25 23:10:07 -------- d-----w- C:\Users\Mark\AppData\Local\Apple
2012-09-25 23:09:48 -------- d-----w- C:\Program Files\Bonjour
2012-09-25 23:09:48 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-09-25 19:41:55 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
.
==================== Find3M ====================
.
2012-10-13 20:25:06 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2012-10-12 06:24:14 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-12 06:24:14 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-25 02:07:14 183152 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-07 13:15:21 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-25 22:51:44 42440 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-07-25 22:51:44 28104 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-07-23 20:59:14 24960 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 1:40:16.75 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/5/2011 7:37:35 PM
System Uptime: 10/14/2012 1:30:37 AM (0 hours ago)
.
Motherboard: Gateway | | SX2370
Processor: AMD A6-3600 APU with Radeon HD Graphics | P0 | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 672.7 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP143: 10/10/2012 12:47:36 PM - Windows Update
RP144: 10/11/2012 3:00:14 AM - Windows Update
RP145: 10/11/2012 9:24:29 AM - Windows Update
RP146: 10/12/2012 3:00:59 AM - Windows Update
RP147: 10/12/2012 4:30:06 AM - Windows Modules Installer
RP148: 10/13/2012 7:11:55 PM - Removed Java 6 Update 29
RP149: 10/13/2012 7:13:13 PM - Removed Java 6 Update 29
RP150: 10/13/2012 7:14:34 PM - Removed Java 6 Update 29
RP151: 10/13/2012 7:15:51 PM - Removed Java 6 Update 29
RP152: 10/13/2012 7:16:03 PM - Removed Java 6 Update 29
RP153: 10/13/2012 11:39:17 PM - Removed Java 6 Update 29
RP154: 10/14/2012 12:51:37 AM - Revo Uninstaller's restore point - Java 6 Update 29
RP155: 10/14/2012 12:52:07 AM - Removed Java 6 Update 29
RP156: 10/14/2012 12:59:45 AM - Installed Java 7 Update 7
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1) MUI
Advanced SystemCare 5
Advanced Tactical Center™ 1.12
Agatha Christie - Death on the Nile
Alcor Micro USB Card Reader
Amazon Kindle
AMD APP SDK Runtime
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AUPEO!
Bejeweled 2 Deluxe
Bonjour
Build-a-lot 4 - Power Source
C3
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chronicles of Albian
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Company of Heroes
Company of Heroes: Opposing Fronts
Company of Heroes: Tales of Valor
Cradle of Rome 2
Crysis Warhead
Crysis Wars
CyberLink MediaEspresso
CyberLink PowerDVD 10
D3DX10
DC Universe Online Live
Diskeeper 2011 Home
DivX Setup
Dora's World Adventure
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.16.00.803
Empire: Total War
ESET Online Scanner v3
Final Drive: Nitro
Galerie de photos Windows Live
GameSpy Comrade
Gateway Games
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Earth
Google Update Helper
Governor of Poker 2 Premium Edition
Hawking Hawking Technologies HWUN3 Wireless-N USB Adapter
HitmanPro 3.6
Hotkey Utility
Identity Card
iTunes
IZArc 4.1.7
Java 7 Update 7
Java Auto Updater
Jewel Match 3
Junk Mail filter update
Krater
LG USB Modem driver
Magic Online
Magic: The Gathering - Duels of the Planeswalkers 2013 Demo
Magic: The Gathering – Tactics
Malwarebytes Anti-Malware version 1.65.0.1400
MechWarrior Online
Medieval II: Total War
Medieval II: Total War Kingdoms
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Might & Magic ® Heroes ® VI
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTX
Mystery of Mortlake Mansion
Napoleon: Total War
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton Internet Security
Norton Online Backup
OnLive
OpenOffice.org 3.4.1
Pando Media Booster
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Rome: Total War Gold Edition
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.10
SlimCleaner
SlimDrivers
Smart Defrag 2
Star Trek Online
Steam
System Requirements Lab CYRI
TeamSpeak 3 Client
Third Age - Total War 3.0 (Part 1of2)
Third Age - Total War 3.0 (Part 2of2)
Torchlight
Total War Battles: SHOGUN
Total War: SHOGUN 2
TripleA Version 1_3_2_2
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
Virtual Villagers 5 - New Believers
Warboard Guide to Medieval II Total War Demo
Warhammer 40,000: Dawn of War – Dark Crusade
Warhammer® 40,000®: Dawn of War® II – Retribution™
Welcome Center
WildTangent Games App (Gateway Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
XCOM: Enemy Unknown Demo
Xfire (remove only)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
19112182
10/8/2012 11:17:40 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
10/8/2012 11:17:40 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
10/14/2012 12:12:39 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/14/2012 12:12:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/14/2012 12:12:01 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/14/2012 12:12:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/14/2012 12:11:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
10/14/2012 12:10:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000022, 0x0000000000000002, 0x0000000000000000, 0xfffff80002f27927). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101412-65754-01.
10/13/2012 11:58:25 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\RAIHV.dll
10/13/2012 11:58:15 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
10/13/2012 11:58:15 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.
10/13/2012 11:57:47 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The WajamUpdater service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The Ralink Registry Writer service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The Ralink Registry Writer 64 service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The Norton Online Backup service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The Nero Update service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The Live Updater Service service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The GREGService service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
10/13/2012 11:57:45 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/13/2012 11:57:45 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/13/2012 11:57:45 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/13/2012 11:57:45 PM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/13/2012 11:57:45 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/12/2012 3:02:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
10/12/2012 2:02:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8005494bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101212-70122-01.
10/12/2012 1:59:28 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/12/2012 1:59:26 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/12/2012 1:58:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/12/2012 1:58:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/12/2012 1:58:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/12/2012 1:58:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/12/2012 1:58:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 MpFilter spldr SRTSPX SymIRON SymNetS Wanarpv6
10/12/2012 1:58:27 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\RAIHV.dll Error Code: 21
10/12/2012 1:58:13 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
10/12/2012 1:57:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031c46ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101212-50076-01.
10/12/2012 1:50:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031da6ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101212-63710-01.
10/10/2012 9:08:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
10/10/2012 9:08:58 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
svchost.exe virus and browser redirects
in Resolved Malware Removal Logs
Posted
oh boy. That one is a bugger. Looks like I had or have the later version Aleurion. Thanks for all your help. If anything acts funny I'll have to reformat.