Jump to content

Recommended Posts

Post Merged

We look for post with 0 replies, so when you reply to your own topic, we assume you were being helped.

Please be patient, someone will assist you as soon as possible.

The past few days I've noticed that any time I'm connected to wireless audio from ads plays. It's a bunch of audio from all kinds of ads and movie previews playing all at the same time. Often the same audio playing slightly off from each other. I downloaded malwarebyres and hijackthis because I researched the topic on google a little bit. I noticed each case like mine had their own solutions so I thought I'd play it safe and try to get my own solution.

Here is the log from Malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.13.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Malicsi :: MALICSI-HP [administrator]

Protection: Enabled

7/13/2012 4:06:46 AM

mbam-log-2012-07-13 (03-50-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218351

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 3672 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

I tried to run hijackthis but it says that my system denied write access to the host files. It gave me instructions but I'm not exactly sure what to do with them.

Also malwarebytes keeps notifying me that it has blocked access to svchost.exe. I'm not sure what that is either.

correction: anytime I'm connected to "wifi/internet," audio from ads plays.

Share this post


Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/30/2012 10:53:47 AM

System Uptime: 7/14/2012 12:51:06 AM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 3583

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU1 | 989/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 286.186 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.593 GiB free.

E: is CDROM ()

F: is FIXED (FAT) - 0 GiB total, 0.087 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: BHDrvx64

Device ID: ROOT\LEGACY_BHDRVX64\0000

Manufacturer:

Name: BHDrvx64

PNP Device ID: ROOT\LEGACY_BHDRVX64\0000

Service: BHDrvx64

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Symantec Iron Driver

Device ID: ROOT\LEGACY_SYMIRON\0000

Manufacturer:

Name: Symantec Iron Driver

PNP Device ID: ROOT\LEGACY_SYMIRON\0000

Service: SymIRON

.

==== System Restore Points ===================

.

RP316: 7/9/2012 9:26:54 AM - Windows Update

RP317: 7/9/2012 5:15:33 PM - Windows Update

RP318: 7/10/2012 3:00:20 AM - Windows Update

RP319: 7/10/2012 7:43:01 AM - Windows Update

RP320: 7/11/2012 3:00:17 AM - Windows Update

RP321: 7/11/2012 7:51:37 AM - Windows Update

RP322: 7/11/2012 5:15:39 PM - Windows Update

RP323: 7/12/2012 1:35:00 AM - Windows Update

RP324: 7/12/2012 1:43:24 AM - Windows Update

RP325: 7/12/2012 2:12:11 AM - Installed AVG 2012

RP326: 7/12/2012 2:12:52 AM - Installed AVG 2012

RP327: 7/12/2012 3:04:48 AM - Windows Update

RP328: 7/12/2012 3:09:23 AM - Windows Update

RP329: 7/12/2012 9:48:21 AM - Removed Evernote v. 4.2.2

RP330: 7/12/2012 12:51:41 PM - Removed Synaptics Gesture Suite featuring SYNAPTICS | Scrybe.

RP331: 7/12/2012 12:54:01 PM - Windows Update

RP332: 7/12/2012 5:12:51 PM - Windows Update

RP333: 7/13/2012 3:00:18 AM - Windows Update

RP334: 7/13/2012 3:29:43 AM - Removed AVG 2012

RP335: 7/13/2012 3:35:26 AM - Removed AVG 2012

RP336: 7/13/2012 3:40:43 AM - Installed HiJackThis

RP337: 7/13/2012 6:09:48 AM - Windows Update

RP338: 7/13/2012 5:20:16 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3) MUI

Adobe Shockwave Player 11.5

Agatha Christie - Peril at End House

Apple Application Support

Apple Software Update

Bejeweled 2 Deluxe

Bejeweled 3

Bing Bar

Blackhawk Striker 2

Blasterball 3

Bounce Symphony

Build-a-lot 2

Cake Mania

Catalyst Control Center InstallProxy

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CyberLink YouCam

D3DX10

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

Energy Star Digital Logo

ESU for Microsoft Windows 7

Farm Frenzy

FATE - The Traitor Soul

Hewlett-Packard ACLM.NET v1.1.2.0

HiJackThis

HP Connection Manager

HP Customer Experience Enhancements

HP Documentation

HP Games

HP MovieStore

HP On Screen Display

HP Power Manager

HP Quick Launch

HP Setup

HP Setup Manager

HP SimplePass 2011

HP Software Framework

HP Support Assistant

IDT Audio

Incredibar Toolbar on IE

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® Wireless Display

Junk Mail filter update

Magic Desktop

Mah Jong Medley

Malwarebytes Anti-Malware version 1.62.0.1300

Mesh Runtime

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - Stolen in San Francisco

Namco All-Stars PAC-MAN

Norton Internet Security

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

QuickTime

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Recovery Manager

Renesas Electronics USB 3.0 Host Controller Driver

RoxioNow Player

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype Click to Call

Skype™ 5.9

Slingo Supreme

Synaptics Gesture Suite featuring SYNAPTICS | Scrybe

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

uTorrentControl2 Toolbar

Virtual Villagers 4 - The Tree of Life

Visual Studio 2008 x64 Redistributables

VLC media player 2.0.1

Wheel of Fortune 2

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip Driver Updater

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

7/7/2012 3:48:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

7/14/2012 12:51:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SymIRON

7/13/2012 5:20:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).

7/13/2012 5:20:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).

7/13/2012 5:20:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

7/12/2012 3:04:14 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.

7/11/2012 5:01:35 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MALICSI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F9150763-E22B-431E-BCE6-4B44BAF25B50}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Malicsi at 1:00:25 on 2012-07-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3478 [GMT -7:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

-netsvcs

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mystart.incredibar.com/mb139?a=6R8ubcdc2o&i=26

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll

mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL

BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [<NO NAME>]

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Scrybe.lnk - C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F9150763-E22B-431E-BCE6-4B44BAF25B50} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F9150763-E22B-431E-BCE6-4B44BAF25B50}\5427C656E656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F9150763-E22B-431E-BCE6-4B44BAF25B50}\54E2A402D416C6963637962E08993702960586F6E656 : DhcpNameServer = 172.18.64.215 172.18.64.215

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll

BHO-X64: uTorrentControl2 - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll

BHO-X64: Incredibar.com Helper Object - No File

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [(Default)]

mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Malicsi\AppData\Roaming\Mozilla\Firefox\Profiles\rb55nk9o.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - facebook.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5afa7270-21bd-453f-a893-c5235a78bcb6%7D&mid=75c3ace8c20347d0be18c15632fd24bf-2e9e459ab3d14f309204e6e90950dbe54f11dadf&ds=AVG&v=11.1.0.12〈=en&pr=fr&d=2012-07-12%2002%3A16%3A04&sap=ku&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Malicsi\AppData\Roaming\Mozilla\Firefox\Profiles\rb55nk9o.default\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Malicsi\AppData\Roaming\Mozilla\Firefox\Profiles\rb55nk9o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8ubcdc2o&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - aa4bd85b000000000000ac8112a63e5b

FF - user.js: extensions.incredibar_i.instlDay - 15487

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.145:45:56

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8ubcdc2o

FF - user.js: extensions.incredibar_i.upn2n - 92824432055419708

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10659

FF - user.js: extensions.incredibar_i.ppd - 105%5F5

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120214.003\IDSviA64.sys [2012-2-15 488568]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-31 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-3-30 514232]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-24 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-31 2413056]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2012-2-11 130008]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-24 2656280]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-14 07:56:59 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6A98E79-41AC-461E-B480-4D270CE2AF33}\mpengine.dll

2012-07-13 10:55:19 20480 ----a-w- C:\Windows\svchost.exe

2012-07-13 10:41:00 388096 ----a-r- C:\Users\Malicsi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-13 10:41:00 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-12 17:03:35 -------- d-----w- C:\Users\Malicsi\AppData\Roaming\Malwarebytes

2012-07-12 17:03:17 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-12 17:03:14 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-12 17:03:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-12 09:12:39 -------- d-----w- C:\Program Files (x86)\AVG

2012-07-12 09:08:19 -------- d--h--w- C:\ProgramData\Common Files

2012-07-12 09:08:19 -------- d-----w- C:\ProgramData\MFAData

2012-07-11 10:05:07 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 09:44:11 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 09:44:11 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 09:44:10 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-11 09:44:10 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-11 09:44:10 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 09:44:10 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-11 09:43:45 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-07-11 09:43:45 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-07-11 09:43:45 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-07-11 09:43:45 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-07-11 09:43:45 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-07-11 09:43:45 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-07-11 09:43:45 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-07-11 09:43:45 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-07-11 09:43:45 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-07-02 09:31:17 -------- d-----w- C:\Users\Malicsi\AppData\Roaming\WinZip

2012-07-02 09:31:04 -------- d-----w- C:\Program Files (x86)\WinZip Driver Updater

2012-06-26 08:04:09 -------- d-----w- C:\Program Files (x86)\uTorrentControl2

2012-06-21 06:04:01 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 06:03:36 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 06:03:24 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 06:03:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-20 00:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-06-16 01:48:45 -------- d-----w- C:\Program Files\iTunes

2012-06-16 01:48:45 -------- d-----w- C:\Program Files\iPod

2012-06-16 01:48:45 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M ====================

.

2012-07-12 09:06:42 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 09:06:42 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

.

============= FINISH: 1:03:00.74 ===============

Share this post


Link to post
Share on other sites

Here's the roguekiller report as well

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Malicsi [Admin rights]

Mode: Scan -- Date: 07/14/2012 01:15:11

¤¤¤ Bad processes: 2 ¤¤¤

[sUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5061GSYN +++++

--- User ---

[MBR] 8a59394045cc4ca976a1f1af00e22a6f

[bSP] b7a045a90304235be8d14908f8d1bfba : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 461974 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946534400 | Size: 14660 Mo

3 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 976558080 | Size: 104 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] f35a02c22aaa892441dc311bb5b92c47

[bSP] 76989679e9647d0ea33669aabc28aaaa : PiHar MBR Code!

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 461974 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946534400 | Size: 14660 Mo

3 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 976558080 | Size: 104 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] f35a02c22aaa892441dc311bb5b92c47

[bSP] 76989679e9647d0ea33669aabc28aaaa : PiHar MBR Code!

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 461974 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946534400 | Size: 14660 Mo

3 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 976558080 | Size: 104 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

-------------------------------

Then......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Share this post


Link to post
Share on other sites

10:24:19.0821 5716 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

10:24:20.0229 5716 ============================================================

10:24:20.0229 5716 Current date / time: 2012/07/14 10:24:20.0229

10:24:20.0229 5716 SystemInfo:

10:24:20.0229 5716

10:24:20.0230 5716 OS Version: 6.1.7601 ServicePack: 1.0

10:24:20.0230 5716 Product type: Workstation

10:24:20.0230 5716 ComputerName: MALICSI-HP

10:24:20.0230 5716 UserName: Malicsi

10:24:20.0230 5716 Windows directory: C:\Windows

10:24:20.0230 5716 System windows directory: C:\Windows

10:24:20.0230 5716 Running under WOW64

10:24:20.0230 5716 Processor architecture: Intel x64

10:24:20.0230 5716 Number of processors: 4

10:24:20.0230 5716 Page size: 0x1000

10:24:20.0230 5716 Boot type: Normal boot

10:24:20.0230 5716 ============================================================

10:24:24.0611 5716 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:24:24.0624 5716 ============================================================

10:24:24.0624 5716 \Device\Harddisk0\DR0:

10:24:24.0624 5716 MBR partitions:

10:24:24.0624 5716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000

10:24:24.0624 5716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x3864B000

10:24:24.0624 5716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x386AF800, BlocksNum 0x1CA2000

10:24:24.0624 5716 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xE, StartLBA 0x3A351800, BlocksNum 0x34030

10:24:24.0624 5716 ============================================================

10:24:24.0651 5716 C: <-> \Device\Harddisk0\DR0\Partition1

10:24:24.0695 5716 D: <-> \Device\Harddisk0\DR0\Partition2

10:24:24.0706 5716 F: <-> \Device\Harddisk0\DR0\Partition3

10:24:24.0706 5716 ============================================================

10:24:24.0706 5716 Initialize success

10:24:24.0706 5716 ============================================================

10:24:47.0303 2464 ============================================================

10:24:47.0303 2464 Scan started

10:24:47.0303 2464 Mode: Manual; SigCheck; TDLFS;

10:24:47.0303 2464 ============================================================

10:24:49.0678 2464 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:24:49.0965 2464 1394ohci - ok

10:24:50.0321 2464 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys

10:24:50.0397 2464 Accelerometer - ok

10:24:50.0477 2464 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:24:50.0515 2464 ACPI - ok

10:24:51.0554 2464 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:24:51.0654 2464 AcpiPmi - ok

10:24:51.0820 2464 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:24:51.0842 2464 AdobeARMservice - ok

10:24:51.0995 2464 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:24:52.0030 2464 AdobeFlashPlayerUpdateSvc - ok

10:24:52.0098 2464 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

10:24:52.0143 2464 adp94xx - ok

10:24:52.0199 2464 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

10:24:52.0228 2464 adpahci - ok

10:24:52.0246 2464 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

10:24:52.0271 2464 adpu320 - ok

10:24:52.0372 2464 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

10:24:52.0838 2464 AeLookupSvc - ok

10:24:52.0960 2464 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

10:24:53.0056 2464 AESTFilters - ok

10:24:53.0191 2464 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:24:53.0295 2464 AFD - ok

10:24:53.0333 2464 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:24:53.0358 2464 agp440 - ok

10:24:53.0405 2464 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

10:24:53.0466 2464 ALG - ok

10:24:53.0529 2464 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:24:53.0553 2464 aliide - ok

10:24:53.0604 2464 ALSysIO - ok

10:24:53.0691 2464 AMD External Events Utility (951f9713ebb69866ea24e4e53d270a02) C:\Windows\system32\atiesrxx.exe

10:24:53.0761 2464 AMD External Events Utility - ok

10:24:53.0814 2464 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:24:53.0836 2464 amdide - ok

10:24:53.0859 2464 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

10:24:53.0963 2464 AmdK8 - ok

10:24:54.0922 2464 amdkmdag (c4a36b9afb5c993c0a750589bbeac845) C:\Windows\system32\DRIVERS\atikmdag.sys

10:24:55.0384 2464 amdkmdag - ok

10:24:55.0590 2464 amdkmdap (ee789ea97d06bec75fcd5e69bb69a93b) C:\Windows\system32\DRIVERS\atikmpag.sys

10:24:55.0649 2464 amdkmdap - ok

10:24:55.0685 2464 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

10:24:55.0796 2464 AmdPPM - ok

10:24:55.0836 2464 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:24:55.0868 2464 amdsata - ok

10:24:55.0893 2464 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

10:24:55.0932 2464 amdsbs - ok

10:24:55.0965 2464 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:24:55.0994 2464 amdxata - ok

10:24:56.0043 2464 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:24:56.0231 2464 AppID - ok

10:24:56.0270 2464 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

10:24:56.0358 2464 AppIDSvc - ok

10:24:56.0376 2464 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

10:24:56.0505 2464 Appinfo - ok

10:24:56.0655 2464 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:24:56.0685 2464 Apple Mobile Device - ok

10:24:56.0721 2464 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

10:24:56.0750 2464 arc - ok

10:24:56.0773 2464 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

10:24:56.0807 2464 arcsas - ok

10:24:56.0831 2464 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:24:56.0969 2464 AsyncMac - ok

10:24:57.0022 2464 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:24:57.0052 2464 atapi - ok

10:24:57.0168 2464 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:24:57.0309 2464 AudioEndpointBuilder - ok

10:24:57.0327 2464 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:24:57.0469 2464 AudioSrv - ok

10:24:57.0532 2464 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

10:24:57.0632 2464 AxInstSV - ok

10:24:57.0710 2464 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

10:24:57.0772 2464 b06bdrv - ok

10:24:57.0816 2464 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:24:57.0881 2464 b57nd60a - ok

10:24:58.0019 2464 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

10:24:58.0069 2464 BBSvc - ok

10:24:58.0457 2464 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys

10:24:58.0588 2464 BCM43XX - ok

10:24:58.0718 2464 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

10:24:58.0757 2464 BDESVC - ok

10:24:58.0935 2464 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:24:59.0056 2464 Beep - ok

10:24:59.0176 2464 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

10:24:59.0344 2464 BFE - ok

10:24:59.0617 2464 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys

10:24:59.0670 2464 BHDrvx64 - ok

10:24:59.0800 2464 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

10:24:59.0944 2464 BITS - ok

10:24:59.0985 2464 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

10:25:00.0008 2464 blbdrive - ok

10:25:00.0292 2464 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

10:25:00.0317 2464 Bonjour Service - ok

10:25:00.0402 2464 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:25:00.0493 2464 bowser - ok

10:25:00.0534 2464 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

10:25:00.0590 2464 BrFiltLo - ok

10:25:00.0597 2464 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

10:25:00.0630 2464 BrFiltUp - ok

10:25:00.0673 2464 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

10:25:00.0826 2464 Browser - ok

10:25:00.0876 2464 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:25:00.0955 2464 Brserid - ok

10:25:00.0964 2464 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:25:01.0011 2464 BrSerWdm - ok

10:25:01.0044 2464 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:25:01.0102 2464 BrUsbMdm - ok

10:25:01.0128 2464 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:25:01.0181 2464 BrUsbSer - ok

10:25:01.0207 2464 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

10:25:01.0249 2464 BTHMODEM - ok

10:25:01.0337 2464 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

10:25:01.0449 2464 bthserv - ok

10:25:01.0559 2464 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:25:01.0738 2464 cdfs - ok

10:25:01.0778 2464 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

10:25:01.0868 2464 cdrom - ok

10:25:01.0948 2464 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:25:02.0079 2464 CertPropSvc - ok

10:25:02.0154 2464 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

10:25:02.0213 2464 circlass - ok

10:25:02.0277 2464 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:25:02.0342 2464 CLFS - ok

10:25:02.0555 2464 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:25:02.0584 2464 clr_optimization_v2.0.50727_32 - ok

10:25:02.0790 2464 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:25:02.0822 2464 clr_optimization_v2.0.50727_64 - ok

10:25:02.0889 2464 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:25:02.0978 2464 clr_optimization_v4.0.30319_32 - ok

10:25:03.0027 2464 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:25:03.0052 2464 clr_optimization_v4.0.30319_64 - ok

10:25:03.0186 2464 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

10:25:03.0215 2464 clwvd - ok

10:25:03.0233 2464 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

10:25:03.0287 2464 CmBatt - ok

10:25:03.0323 2464 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:25:03.0353 2464 cmdide - ok

10:25:03.0405 2464 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

10:25:03.0473 2464 CNG - ok

10:25:03.0498 2464 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

10:25:03.0520 2464 Compbatt - ok

10:25:03.0547 2464 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:25:03.0586 2464 CompositeBus - ok

10:25:03.0598 2464 COMSysApp - ok

10:25:03.0618 2464 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

10:25:03.0641 2464 crcdisk - ok

10:25:03.0692 2464 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

10:25:03.0752 2464 CryptSvc - ok

10:25:03.0809 2464 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:25:03.0923 2464 DcomLaunch - ok

10:25:04.0022 2464 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

10:25:04.0147 2464 defragsvc - ok

10:25:04.0205 2464 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:25:04.0311 2464 DfsC - ok

10:25:04.0370 2464 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

10:25:04.0511 2464 Dhcp - ok

10:25:04.0529 2464 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:25:04.0637 2464 discache - ok

10:25:04.0824 2464 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

10:25:04.0848 2464 Disk - ok

10:25:04.0895 2464 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

10:25:04.0954 2464 Dnscache - ok

10:25:05.0003 2464 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

10:25:05.0107 2464 dot3svc - ok

10:25:05.0223 2464 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

10:25:05.0328 2464 DPS - ok

10:25:05.0365 2464 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:25:05.0421 2464 drmkaud - ok

10:25:05.0500 2464 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:25:05.0562 2464 DXGKrnl - ok

10:25:05.0607 2464 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

10:25:05.0724 2464 EapHost - ok

10:25:06.0223 2464 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

10:25:06.0395 2464 ebdrv - ok

10:25:06.0585 2464 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

10:25:06.0620 2464 eeCtrl - ok

10:25:06.0784 2464 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

10:25:06.0841 2464 EFS - ok

10:25:06.0982 2464 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

10:25:07.0051 2464 ehRecvr - ok

10:25:07.0077 2464 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

10:25:07.0116 2464 ehSched - ok

10:25:07.0254 2464 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

10:25:07.0292 2464 elxstor - ok

10:25:07.0401 2464 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

10:25:07.0425 2464 EraserUtilRebootDrv - ok

10:25:07.0433 2464 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:25:07.0477 2464 ErrDev - ok

10:25:07.0560 2464 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

10:25:07.0686 2464 EventSystem - ok

10:25:07.0924 2464 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

10:25:08.0025 2464 EvtEng - ok

10:25:08.0137 2464 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:25:08.0231 2464 exfat - ok

10:25:08.0266 2464 ezSharedSvc - ok

10:25:08.0296 2464 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:25:08.0411 2464 fastfat - ok

10:25:08.0477 2464 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

10:25:08.0533 2464 Fax - ok

10:25:08.0571 2464 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

10:25:08.0596 2464 fdc - ok

10:25:08.0622 2464 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

10:25:08.0736 2464 fdPHost - ok

10:25:08.0765 2464 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

10:25:08.0863 2464 FDResPub - ok

10:25:08.0883 2464 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:25:08.0912 2464 FileInfo - ok

10:25:08.0941 2464 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:25:09.0055 2464 Filetrace - ok

10:25:09.0081 2464 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

10:25:09.0109 2464 flpydisk - ok

10:25:09.0153 2464 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:25:09.0190 2464 FltMgr - ok

10:25:09.0289 2464 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

10:25:09.0369 2464 FontCache - ok

10:25:09.0421 2464 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:25:09.0438 2464 FontCache3.0.0.0 - ok

10:25:09.0582 2464 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

10:25:09.0613 2464 FPLService - ok

10:25:09.0692 2464 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:25:09.0714 2464 FsDepends - ok

10:25:09.0744 2464 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

10:25:09.0764 2464 Fs_Rec - ok

10:25:09.0799 2464 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:25:09.0834 2464 fvevol - ok

10:25:09.0866 2464 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

10:25:09.0891 2464 gagp30kx - ok

10:25:09.0967 2464 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

10:25:09.0984 2464 GamesAppService - ok

10:25:10.0076 2464 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:25:10.0087 2464 GEARAspiWDM - ok

10:25:10.0171 2464 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

10:25:10.0292 2464 gpsvc - ok

10:25:10.0349 2464 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:25:10.0410 2464 hcw85cir - ok

10:25:10.0497 2464 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:25:10.0560 2464 HdAudAddService - ok

10:25:10.0588 2464 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:25:10.0645 2464 HDAudBus - ok

10:25:10.0734 2464 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

10:25:10.0784 2464 HidBatt - ok

10:25:10.0796 2464 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

10:25:10.0872 2464 HidBth - ok

10:25:11.0099 2464 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

10:25:11.0141 2464 HidIr - ok

10:25:11.0393 2464 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

10:25:11.0501 2464 hidserv - ok

10:25:11.0566 2464 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

10:25:11.0596 2464 HidUsb - ok

10:25:11.0760 2464 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

10:25:11.0891 2464 hkmsvc - ok

10:25:12.0463 2464 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

10:25:12.0513 2464 HomeGroupListener - ok

10:25:12.0556 2464 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

10:25:12.0611 2464 HomeGroupProvider - ok

10:25:12.0707 2464 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

10:25:12.0726 2464 HP Support Assistant Service - ok

10:25:12.0796 2464 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

10:25:12.0826 2464 HPClientSvc - ok

10:25:12.0938 2464 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

10:25:13.0007 2464 hpCMSrv - ok

10:25:13.0092 2464 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

10:25:13.0117 2464 HPDrvMntSvc.exe - ok

10:25:13.0221 2464 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys

10:25:13.0242 2464 hpdskflt - ok

10:25:13.0353 2464 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

10:25:13.0408 2464 hpqwmiex - ok

10:25:13.0453 2464 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:25:13.0481 2464 HpSAMD - ok

10:25:13.0510 2464 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe

10:25:13.0534 2464 hpsrv - ok

10:25:13.0606 2464 HPWMISVC (491ce9b6321fb74e4b37af2c47f98434) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

10:25:13.0625 2464 HPWMISVC - ok

10:25:13.0697 2464 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:25:13.0846 2464 HTTP - ok

10:25:13.0883 2464 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:25:13.0906 2464 hwpolicy - ok

10:25:13.0938 2464 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

10:25:13.0971 2464 i8042prt - ok

10:25:14.0050 2464 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys

10:25:14.0089 2464 iaStor - ok

10:25:14.0181 2464 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

10:25:14.0198 2464 IAStorDataMgrSvc - ok

10:25:14.0309 2464 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:25:14.0353 2464 iaStorV - ok

10:25:14.0529 2464 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

10:25:14.0636 2464 IconMan_R ( UnsignedFile.Multi.Generic ) - warning

10:25:14.0636 2464 IconMan_R - detected UnsignedFile.Multi.Generic (1)

10:25:14.0768 2464 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

10:25:14.0799 2464 IDriverT ( UnsignedFile.Multi.Generic ) - warning

10:25:14.0799 2464 IDriverT - detected UnsignedFile.Multi.Generic (1)

10:25:14.0944 2464 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:25:15.0007 2464 idsvc - ok

10:25:15.0171 2464 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120214.003\IDSvia64.sys

10:25:15.0206 2464 IDSVia64 - ok

10:25:15.0908 2464 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys

10:25:16.0569 2464 igfx - ok

10:25:16.0763 2464 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

10:25:16.0788 2464 iirsp - ok

10:25:16.0855 2464 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

10:25:16.0986 2464 IKEEXT - ok

10:25:17.0061 2464 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

10:25:17.0108 2464 IntcDAud - ok

10:25:17.0115 2464 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:25:17.0139 2464 intelide - ok

10:25:18.0506 2464 intelkmd (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdpmd64.sys

10:25:19.0068 2464 intelkmd - ok

10:25:19.0364 2464 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:25:19.0434 2464 intelppm - ok

10:25:19.0542 2464 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

10:25:19.0659 2464 IPBusEnum - ok

10:25:19.0686 2464 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:25:19.0776 2464 IpFilterDriver - ok

10:25:19.0931 2464 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

10:25:20.0082 2464 iphlpsvc - ok

10:25:20.0208 2464 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:25:20.0254 2464 IPMIDRV - ok

10:25:20.0267 2464 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:25:20.0388 2464 IPNAT - ok

10:25:20.0547 2464 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

10:25:20.0610 2464 iPod Service - ok

10:25:20.0656 2464 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:25:20.0694 2464 IRENUM - ok

10:25:20.0711 2464 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:25:20.0733 2464 isapnp - ok

10:25:20.0756 2464 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:25:20.0789 2464 iScsiPrt - ok

10:25:20.0818 2464 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

10:25:20.0839 2464 kbdclass - ok

10:25:20.0858 2464 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

10:25:20.0906 2464 kbdhid - ok

10:25:20.0942 2464 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:25:20.0963 2464 KeyIso - ok

10:25:21.0007 2464 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

10:25:21.0032 2464 KSecDD - ok

10:25:21.0057 2464 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

10:25:21.0081 2464 KSecPkg - ok

10:25:21.0115 2464 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:25:21.0200 2464 ksthunk - ok

10:25:21.0250 2464 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

10:25:21.0351 2464 KtmRm - ok

10:25:21.0400 2464 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

10:25:21.0481 2464 LanmanServer - ok

10:25:21.0518 2464 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

10:25:21.0595 2464 LanmanWorkstation - ok

10:25:21.0640 2464 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:25:21.0723 2464 lltdio - ok

10:25:21.0775 2464 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

10:25:21.0859 2464 lltdsvc - ok

10:25:21.0879 2464 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

10:25:21.0945 2464 lmhosts - ok

10:25:22.0034 2464 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

10:25:22.0058 2464 LMS - ok

10:25:22.0097 2464 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

10:25:22.0116 2464 LSI_FC - ok

10:25:22.0126 2464 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

10:25:22.0143 2464 LSI_SAS - ok

10:25:22.0153 2464 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

10:25:22.0168 2464 LSI_SAS2 - ok

10:25:22.0179 2464 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

10:25:22.0197 2464 LSI_SCSI - ok

10:25:22.0222 2464 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:25:22.0295 2464 luafv - ok

10:25:22.0366 2464 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

10:25:22.0380 2464 MBAMProtector - ok

10:25:22.0479 2464 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

10:25:22.0513 2464 MBAMService - ok

10:25:22.0535 2464 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

10:25:22.0570 2464 Mcx2Svc - ok

10:25:22.0596 2464 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

10:25:22.0622 2464 megasas - ok

10:25:22.0652 2464 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

10:25:22.0687 2464 MegaSR - ok

10:25:22.0715 2464 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

10:25:22.0735 2464 MEIx64 - ok

10:25:22.0779 2464 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:25:22.0885 2464 MMCSS - ok

10:25:22.0893 2464 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:25:22.0984 2464 Modem - ok

10:25:23.0023 2464 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:25:23.0071 2464 monitor - ok

10:25:23.0111 2464 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:25:23.0135 2464 mouclass - ok

10:25:23.0172 2464 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys

10:25:23.0216 2464 mouhid - ok

10:25:23.0244 2464 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:25:23.0270 2464 mountmgr - ok

10:25:23.0367 2464 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

10:25:23.0393 2464 MozillaMaintenance - ok

10:25:23.0408 2464 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:25:23.0436 2464 mpio - ok

10:25:23.0458 2464 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:25:23.0547 2464 mpsdrv - ok

10:25:23.0612 2464 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

10:25:23.0716 2464 MpsSvc - ok

10:25:23.0744 2464 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:25:23.0794 2464 MRxDAV - ok

10:25:23.0834 2464 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:25:23.0895 2464 mrxsmb - ok

10:25:23.0940 2464 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:25:23.0973 2464 mrxsmb10 - ok

10:25:23.0995 2464 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:25:24.0024 2464 mrxsmb20 - ok

10:25:24.0052 2464 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:25:24.0076 2464 msahci - ok

10:25:24.0101 2464 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:25:24.0132 2464 msdsm - ok

10:25:24.0202 2464 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

10:25:24.0256 2464 MSDTC - ok

10:25:24.0292 2464 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:25:24.0378 2464 Msfs - ok

10:25:24.0393 2464 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:25:24.0496 2464 mshidkmdf - ok

10:25:24.0519 2464 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:25:24.0543 2464 msisadrv - ok

10:25:24.0597 2464 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

10:25:24.0708 2464 MSiSCSI - ok

10:25:24.0713 2464 msiserver - ok

10:25:24.0763 2464 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:25:24.0878 2464 MSKSSRV - ok

10:25:24.0884 2464 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:25:24.0982 2464 MSPCLOCK - ok

10:25:24.0988 2464 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:25:25.0082 2464 MSPQM - ok

10:25:25.0126 2464 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:25:25.0163 2464 MsRPC - ok

10:25:25.0187 2464 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:25:25.0211 2464 mssmbios - ok

10:25:25.0216 2464 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:25:25.0320 2464 MSTEE - ok

10:25:25.0328 2464 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

10:25:25.0356 2464 MTConfig - ok

10:25:25.0396 2464 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:25:25.0420 2464 Mup - ok

10:25:25.0528 2464 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

10:25:25.0561 2464 MyWiFiDHCPDNS - ok

10:25:25.0629 2464 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

10:25:25.0749 2464 napagent - ok

10:25:25.0817 2464 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:25:25.0887 2464 NativeWifiP - ok

10:25:26.0030 2464 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120214.023\ENG64.SYS

10:25:26.0052 2464 NAVENG - ok

10:25:26.0175 2464 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120214.023\EX64.SYS

10:25:26.0280 2464 NAVEX15 - ok

10:25:26.0447 2464 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:25:26.0510 2464 NDIS - ok

10:25:26.0538 2464 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:25:26.0647 2464 NdisCap - ok

10:25:26.0678 2464 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:25:26.0766 2464 NdisTapi - ok

10:25:26.0775 2464 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:25:26.0862 2464 Ndisuio - ok

10:25:26.0890 2464 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:25:26.0993 2464 NdisWan - ok

10:25:27.0022 2464 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:25:27.0108 2464 NDProxy - ok

10:25:27.0123 2464 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:25:27.0226 2464 NetBIOS - ok

10:25:27.0247 2464 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:25:27.0338 2464 NetBT - ok

10:25:27.0376 2464 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:25:27.0405 2464 Netlogon - ok

10:25:27.0465 2464 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

10:25:27.0584 2464 Netman - ok

10:25:27.0696 2464 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

10:25:27.0843 2464 netprofm - ok

10:25:27.0958 2464 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:25:27.0986 2464 NetTcpPortSharing - ok

10:25:29.0071 2464 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys

10:25:29.0435 2464 NETwNs64 - ok

10:25:29.0635 2464 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

10:25:29.0661 2464 nfrd960 - ok

10:25:29.0771 2464 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe

10:25:29.0799 2464 NIS - ok

10:25:29.0858 2464 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

10:25:29.0969 2464 NlaSvc - ok

10:25:30.0001 2464 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:25:30.0087 2464 Npfs - ok

10:25:30.0099 2464 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

10:25:30.0210 2464 nsi - ok

10:25:30.0237 2464 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:25:30.0323 2464 nsiproxy - ok

10:25:30.0468 2464 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:25:30.0561 2464 Ntfs - ok

10:25:30.0673 2464 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:25:30.0758 2464 Null - ok

10:25:30.0798 2464 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys

10:25:30.0820 2464 nusb3hub - ok

10:25:30.0867 2464 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys

10:25:30.0914 2464 nusb3xhc - ok

10:25:30.0976 2464 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

10:25:31.0035 2464 NVENETFD - ok

10:25:31.0088 2464 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:25:31.0117 2464 nvraid - ok

10:25:31.0162 2464 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:25:31.0191 2464 nvstor - ok

10:25:31.0214 2464 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:25:31.0242 2464 nv_agp - ok

10:25:31.0262 2464 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:25:31.0289 2464 ohci1394 - ok

10:25:31.0340 2464 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:25:31.0375 2464 p2pimsvc - ok

10:25:31.0415 2464 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

10:25:31.0454 2464 p2psvc - ok

10:25:31.0466 2464 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

10:25:31.0496 2464 Parport - ok

10:25:31.0534 2464 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

10:25:31.0560 2464 partmgr - ok

10:25:31.0586 2464 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

10:25:31.0647 2464 PcaSvc - ok

10:25:31.0688 2464 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:25:31.0718 2464 pci - ok

10:25:31.0743 2464 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:25:31.0766 2464 pciide - ok

10:25:31.0790 2464 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

10:25:31.0822 2464 pcmcia - ok

10:25:31.0849 2464 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:25:31.0879 2464 pcw - ok

10:25:31.0955 2464 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:25:32.0091 2464 PEAUTH - ok

10:25:32.0179 2464 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

10:25:32.0228 2464 PerfHost - ok

10:25:32.0381 2464 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

10:25:32.0595 2464 pla - ok

10:25:32.0663 2464 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

10:25:32.0716 2464 PlugPlay - ok

10:25:32.0762 2464 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

10:25:32.0804 2464 PNRPAutoReg - ok

10:25:32.0842 2464 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:25:32.0871 2464 PNRPsvc - ok

10:25:32.0929 2464 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

10:25:33.0047 2464 PolicyAgent - ok

10:25:33.0096 2464 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

10:25:33.0242 2464 Power - ok

10:25:33.0316 2464 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:25:33.0461 2464 PptpMiniport - ok

10:25:33.0490 2464 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

10:25:33.0545 2464 Processor - ok

10:25:33.0608 2464 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

10:25:33.0673 2464 ProfSvc - ok

10:25:33.0778 2464 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:25:33.0811 2464 ProtectedStorage - ok

10:25:33.0867 2464 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:25:33.0975 2464 Psched - ok

10:25:34.0112 2464 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

10:25:34.0210 2464 ql2300 - ok

10:25:34.0341 2464 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

10:25:34.0376 2464 ql40xx - ok

10:25:34.0427 2464 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

10:25:34.0502 2464 QWAVE - ok

10:25:34.0531 2464 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:25:34.0600 2464 QWAVEdrv - ok

10:25:34.0622 2464 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:25:34.0742 2464 RasAcd - ok

10:25:34.0793 2464 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:25:34.0884 2464 RasAgileVpn - ok

10:25:34.0906 2464 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

10:25:35.0006 2464 RasAuto - ok

10:25:35.0033 2464 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:25:35.0122 2464 Rasl2tp - ok

10:25:35.0213 2464 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

10:25:35.0294 2464 RasMan - ok

10:25:35.0325 2464 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:25:35.0422 2464 RasPppoe - ok

10:25:35.0470 2464 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:25:35.0566 2464 RasSstp - ok

10:25:35.0606 2464 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:25:35.0705 2464 rdbss - ok

10:25:35.0721 2464 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

10:25:35.0768 2464 rdpbus - ok

10:25:35.0791 2464 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:25:35.0861 2464 RDPCDD - ok

10:25:35.0883 2464 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:25:35.0973 2464 RDPENCDD - ok

10:25:35.0998 2464 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:25:36.0070 2464 RDPREFMP - ok

10:25:36.0114 2464 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

10:25:36.0142 2464 RDPWD - ok

10:25:36.0275 2464 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:25:36.0326 2464 rdyboost - ok

10:25:36.0842 2464 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

10:25:36.0920 2464 RegSrvc - ok

10:25:37.0095 2464 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

10:25:37.0273 2464 RemoteAccess - ok

10:25:37.0389 2464 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

10:25:37.0465 2464 RemoteRegistry - ok

10:25:37.0598 2464 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

10:25:37.0653 2464 RoxioNow Service - ok

10:25:37.0703 2464 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

10:25:37.0811 2464 RpcEptMapper - ok

10:25:37.0845 2464 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

10:25:37.0872 2464 RpcLocator - ok

10:25:37.0921 2464 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:25:38.0019 2464 RpcSs - ok

10:25:38.0089 2464 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys

10:25:38.0121 2464 RSPCIESTOR - ok

10:25:38.0191 2464 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:25:38.0293 2464 rspndr - ok

10:25:38.0431 2464 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys

10:25:38.0470 2464 RTL8167 - ok

10:25:38.0528 2464 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:25:38.0560 2464 SamSs - ok

10:25:38.0607 2464 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:25:38.0640 2464 sbp2port - ok

10:25:38.0717 2464 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

10:25:38.0959 2464 SCardSvr - ok

10:25:38.0989 2464 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:25:39.0135 2464 scfilter - ok

10:25:39.0282 2464 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

10:25:39.0408 2464 Schedule - ok

10:25:39.0451 2464 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:25:39.0520 2464 SCPolicySvc - ok

10:25:39.0766 2464 ScrybeUpdater (b60e9769655ddee8368e3abb6668e076) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

10:25:39.0846 2464 ScrybeUpdater - ok

10:25:40.0111 2464 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

10:25:40.0166 2464 sdbus - ok

10:25:40.0229 2464 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

10:25:40.0284 2464 SDRSVC - ok

10:25:40.0378 2464 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

10:25:40.0412 2464 SeaPort - ok

10:25:40.0433 2464 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:25:40.0547 2464 secdrv - ok

10:25:40.0572 2464 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

10:25:40.0662 2464 seclogon - ok

10:25:40.0700 2464 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

10:25:40.0807 2464 SENS - ok

10:25:40.0836 2464 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

10:25:40.0881 2464 SensrSvc - ok

10:25:40.0933 2464 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

10:25:40.0975 2464 Serenum - ok

10:25:40.0987 2464 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

10:25:41.0025 2464 Serial - ok

10:25:41.0050 2464 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

10:25:41.0095 2464 sermouse - ok

10:25:41.0160 2464 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

10:25:41.0272 2464 SessionEnv - ok

10:25:41.0293 2464 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:25:41.0327 2464 sffdisk - ok

10:25:41.0340 2464 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:25:41.0393 2464 sffp_mmc - ok

10:25:41.0399 2464 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:25:41.0442 2464 sffp_sd - ok

10:25:41.0448 2464 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

10:25:41.0484 2464 sfloppy - ok

10:25:41.0540 2464 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

10:25:41.0638 2464 SharedAccess - ok

10:25:41.0688 2464 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

10:25:41.0807 2464 ShellHWDetection - ok

10:25:41.0863 2464 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

10:25:41.0889 2464 SiSRaid2 - ok

10:25:41.0912 2464 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

10:25:41.0938 2464 SiSRaid4 - ok

10:25:42.0348 2464 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

10:25:42.0511 2464 Skype C2C Service - ok

10:25:42.0586 2464 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe

10:25:42.0609 2464 SkypeUpdate - ok

10:25:42.0727 2464 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:25:42.0838 2464 Smb - ok

10:25:42.0886 2464 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

10:25:42.0932 2464 SNMPTRAP - ok

10:25:42.0949 2464 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:25:42.0973 2464 spldr - ok

10:25:43.0034 2464 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

10:25:43.0136 2464 Spooler - ok

10:25:43.0417 2464 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

10:25:43.0656 2464 sppsvc - ok

10:25:43.0818 2464 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

10:25:43.0908 2464 sppuinotify - ok

10:25:44.0112 2464 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS

10:25:44.0168 2464 SRTSP - ok

10:25:44.0214 2464 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS

10:25:44.0235 2464 SRTSPX - ok

10:25:44.0291 2464 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:25:44.0381 2464 srv - ok

10:25:44.0499 2464 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:25:44.0568 2464 srv2 - ok

10:25:44.0654 2464 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

10:25:44.0690 2464 SrvHsfHDA - ok

10:25:44.0855 2464 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

10:25:44.0950 2464 SrvHsfV92 - ok

10:25:45.0249 2464 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

10:25:45.0306 2464 SrvHsfWinac - ok

10:25:45.0368 2464 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:25:45.0398 2464 srvnet - ok

10:25:45.0448 2464 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

10:25:45.0567 2464 SSDPSRV - ok

10:25:45.0603 2464 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

10:25:45.0697 2464 SstpSvc - ok

10:25:45.0830 2464 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe

10:25:45.0893 2464 STacSV - ok

10:25:45.0922 2464 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

10:25:45.0945 2464 stexstor - ok

10:25:46.0009 2464 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys

10:25:46.0070 2464 STHDA - ok

10:25:46.0149 2464 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

10:25:46.0209 2464 stisvc - ok

10:25:46.0244 2464 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:25:46.0266 2464 swenum - ok

10:25:46.0329 2464 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

10:25:46.0450 2464 swprv - ok

10:25:46.0583 2464 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS

10:25:46.0634 2464 SymDS - ok

10:25:46.0730 2464 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS

10:25:46.0781 2464 SymEFA - ok

10:25:46.0813 2464 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

10:25:46.0836 2464 SymEvent - ok

10:25:46.0857 2464 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS

10:25:46.0876 2464 SymIRON - ok

10:25:46.0907 2464 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS

10:25:46.0935 2464 SymNetS - ok

10:25:47.0069 2464 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys

10:25:47.0133 2464 SynTP - ok

10:25:47.0350 2464 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

10:25:47.0451 2464 SysMain - ok

10:25:47.0593 2464 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

10:25:47.0632 2464 TabletInputService - ok

10:25:47.0671 2464 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

10:25:47.0771 2464 TapiSrv - ok

10:25:47.0784 2464 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

10:25:47.0860 2464 TBS - ok

10:25:48.0033 2464 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

10:25:48.0121 2464 Tcpip - ok

10:25:48.0364 2464 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

10:25:48.0472 2464 TCPIP6 - ok

10:25:48.0606 2464 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:25:48.0705 2464 tcpipreg - ok

10:25:48.0742 2464 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:25:48.0768 2464 TDPIPE - ok

10:25:48.0794 2464 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

10:25:48.0847 2464 TDTCP - ok

10:25:48.0895 2464 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:25:48.0985 2464 tdx - ok

10:25:49.0006 2464 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:25:49.0039 2464 TermDD - ok

10:25:49.0119 2464 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

10:25:49.0256 2464 TermService - ok

10:25:49.0279 2464 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

10:25:49.0327 2464 Themes - ok

10:25:49.0358 2464 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:25:49.0451 2464 THREADORDER - ok

10:25:49.0500 2464 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

10:25:49.0680 2464 TrkWks - ok

10:25:49.0737 2464 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

10:25:49.0863 2464 TrustedInstaller - ok

10:25:49.0905 2464 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:25:50.0019 2464 tssecsrv - ok

10:25:50.0058 2464 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:25:50.0086 2464 TsUsbFlt - ok

10:25:50.0107 2464 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

10:25:50.0135 2464 TsUsbGD - ok

10:25:50.0174 2464 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:25:50.0292 2464 tunnel - ok

10:25:50.0321 2464 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

10:25:50.0346 2464 uagp35 - ok

10:25:50.0381 2464 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:25:50.0491 2464 udfs - ok

10:25:50.0533 2464 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

10:25:50.0567 2464 UI0Detect - ok

10:25:50.0611 2464 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:25:50.0638 2464 uliagpkx - ok

10:25:50.0663 2464 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

10:25:50.0713 2464 umbus - ok

10:25:50.0720 2464 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

10:25:50.0757 2464 UmPass - ok

10:25:51.0214 2464 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

10:25:51.0347 2464 UNS - ok

10:25:51.0549 2464 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

10:25:51.0670 2464 upnphost - ok

10:25:51.0743 2464 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

10:25:51.0789 2464 USBAAPL64 - ok

10:25:51.0828 2464 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:25:51.0858 2464 usbccgp - ok

10:25:51.0903 2464 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:25:51.0940 2464 usbcir - ok

10:25:51.0963 2464 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

10:25:52.0011 2464 usbehci - ok

10:25:52.0068 2464 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:25:52.0121 2464 usbhub - ok

10:25:52.0165 2464 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

10:25:52.0217 2464 usbohci - ok

10:25:52.0251 2464 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

10:25:52.0305 2464 usbprint - ok

10:25:52.0336 2464 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:25:52.0385 2464 USBSTOR - ok

10:25:52.0406 2464 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:25:52.0448 2464 usbuhci - ok

10:25:52.0491 2464 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

10:25:52.0531 2464 usbvideo - ok

10:25:52.0561 2464 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

10:25:52.0673 2464 UxSms - ok

10:25:52.0730 2464 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:25:52.0757 2464 VaultSvc - ok

10:25:52.0794 2464 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:25:52.0818 2464 vdrvroot - ok

10:25:52.0873 2464 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

10:25:52.0994 2464 vds - ok

10:25:53.0016 2464 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:25:53.0051 2464 vga - ok

10:25:53.0067 2464 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:25:53.0170 2464 VgaSave - ok

10:25:53.0204 2464 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:25:53.0238 2464 vhdmp - ok

10:25:53.0266 2464 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:25:53.0291 2464 viaide - ok

10:25:53.0314 2464 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:25:53.0339 2464 volmgr - ok

10:25:53.0384 2464 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:25:53.0423 2464 volmgrx - ok

10:25:53.0446 2464 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:25:53.0483 2464 volsnap - ok

10:25:53.0521 2464 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

10:25:53.0553 2464 vsmraid - ok

10:25:53.0692 2464 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

10:25:53.0849 2464 VSS - ok

10:25:53.0975 2464 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:25:54.0025 2464 vwifibus - ok

10:25:54.0069 2464 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:25:54.0111 2464 vwififlt - ok

10:25:54.0145 2464 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

10:25:54.0214 2464 vwifimp - ok

10:25:54.0291 2464 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

10:25:54.0407 2464 W32Time - ok

10:25:54.0477 2464 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

10:25:54.0518 2464 WacomPen - ok

10:25:54.0560 2464 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:25:54.0678 2464 WANARP - ok

10:25:54.0695 2464 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:25:54.0788 2464 Wanarpv6 - ok

10:25:54.0966 2464 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

10:25:55.0050 2464 WatAdminSvc - ok

10:25:55.0177 2464 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

10:25:55.0277 2464 wbengine - ok

10:25:55.0418 2464 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

10:25:55.0467 2464 WbioSrvc - ok

10:25:55.0507 2464 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

10:25:55.0580 2464 wcncsvc - ok

10:25:55.0606 2464 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

10:25:55.0636 2464 WcsPlugInService - ok

10:25:55.0707 2464 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

10:25:55.0731 2464 Wd - ok

10:25:55.0794 2464 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:25:55.0846 2464 Wdf01000 - ok

10:25:55.0886 2464 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:25:55.0932 2464 WdiServiceHost - ok

10:25:55.0940 2464 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:25:55.0986 2464 WdiSystemHost - ok

10:25:56.0016 2464 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys

10:25:56.0036 2464 wdkmd - ok

10:25:56.0083 2464 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

10:25:56.0154 2464 WebClient - ok

10:25:56.0201 2464 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

10:25:56.0321 2464 Wecsvc - ok

10:25:56.0340 2464 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

10:25:56.0492 2464 wercplsupport - ok

10:25:56.0526 2464 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

10:25:56.0640 2464 WerSvc - ok

10:25:56.0680 2464 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:25:56.0770 2464 WfpLwf - ok

10:25:56.0788 2464 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:25:56.0812 2464 WIMMount - ok

10:25:56.0872 2464 WinDefend - ok

10:25:56.0885 2464 WinHttpAutoProxySvc - ok

10:25:56.0964 2464 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

10:25:57.0061 2464 Winmgmt - ok

10:25:57.0240 2464 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

10:25:57.0395 2464 WinRM - ok

10:25:57.0549 2464 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

10:25:57.0585 2464 WinUsb - ok

10:25:57.0674 2464 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

10:25:57.0765 2464 Wlansvc - ok

10:25:57.0882 2464 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

10:25:57.0904 2464 wlcrasvc - ok

10:25:58.0177 2464 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:25:58.0305 2464 wlidsvc - ok

10:25:58.0444 2464 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:25:58.0490 2464 WmiAcpi - ok

10:25:58.0563 2464 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

10:25:58.0608 2464 wmiApSrv - ok

10:25:58.0670 2464 WMPNetworkSvc - ok

10:25:58.0748 2464 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

10:25:58.0777 2464 WPCSvc - ok

10:25:58.0812 2464 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

10:25:58.0848 2464 WPDBusEnum - ok

10:25:58.0897 2464 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:25:58.0987 2464 ws2ifsl - ok

10:25:59.0009 2464 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

10:25:59.0064 2464 wscsvc - ok

10:25:59.0071 2464 WSearch - ok

10:25:59.0344 2464 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

10:25:59.0487 2464 wuauserv - ok

10:25:59.0597 2464 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:25:59.0704 2464 WudfPf - ok

10:25:59.0749 2464 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:25:59.0855 2464 WUDFRd - ok

10:25:59.0900 2464 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

10:25:59.0994 2464 wudfsvc - ok

10:26:00.0022 2464 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

10:26:00.0090 2464 WwanSvc - ok

10:26:00.0168 2464 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

10:26:00.0196 2464 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

10:26:00.0196 2464 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

10:26:00.0317 2464 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:26:00.0317 2464 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:26:00.0327 2464 Boot (0x1200) (c69de73856060d96bac4b6ddc7ef0ade) \Device\Harddisk0\DR0\Partition0

10:26:00.0330 2464 \Device\Harddisk0\DR0\Partition0 - ok

10:26:00.0342 2464 Boot (0x1200) (ca1327c9569cb15acfe41042872529c4) \Device\Harddisk0\DR0\Partition1

10:26:00.0345 2464 \Device\Harddisk0\DR0\Partition1 - ok

10:26:00.0379 2464 Boot (0x1200) (4255b0fbf01c79f5e7e34b30dca34921) \Device\Harddisk0\DR0\Partition2

10:26:00.0384 2464 \Device\Harddisk0\DR0\Partition2 - ok

10:26:00.0428 2464 Boot (0x1200) (812d7fb1d43f7d98ebb974db6273e61f) \Device\Harddisk0\DR0\Partition3

10:26:00.0430 2464 \Device\Harddisk0\DR0\Partition3 - ok

10:26:00.0436 2464 ============================================================

10:26:00.0437 2464 Scan finished

10:26:00.0437 2464 ============================================================

10:26:00.0463 4032 Detected object count: 4

10:26:00.0463 4032 Actual detected object count: 4

10:27:09.0792 4032 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user

10:27:09.0792 4032 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:27:09.0796 4032 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

10:27:09.0796 4032 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:27:12.0044 4032 \Device\Harddisk0\DR0\# - copied to quarantine

10:27:12.0045 4032 \Device\Harddisk0\DR0 - copied to quarantine

10:27:12.0425 4032 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:27:12.0430 4032 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

10:27:12.0442 4032 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

10:27:12.0454 4032 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

10:27:12.0546 4032 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

10:27:12.0566 4032 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

10:27:12.0569 4032 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

10:27:12.0574 4032 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

10:27:12.0577 4032 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

10:27:12.0580 4032 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

10:27:12.0585 4032 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

10:27:12.0589 4032 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

10:27:12.0626 4032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

10:27:12.0656 4032 \Device\Harddisk0\DR0 - ok

10:27:13.0409 4032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

10:27:13.0429 4032 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:27:13.0434 4032 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

10:27:13.0441 4032 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

10:27:13.0453 4032 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

10:27:13.0468 4032 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

10:27:13.0486 4032 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

10:27:13.0489 4032 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

10:27:13.0493 4032 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

10:27:13.0498 4032 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

10:27:13.0503 4032 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

10:27:13.0508 4032 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

10:27:13.0513 4032 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

10:27:13.0513 4032 \Device\Harddisk0\DR0\TDLFS - deleted

10:27:13.0513 4032 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

10:27:16.0939 5720 Deinitialize success

Share this post


Link to post
Share on other sites

Next......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

ComboFix 12-07-14.01 - Malicsi 07/14/2012 11:54:41.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3746 [GMT -7:00]

Running from: c:\users\Malicsi\Desktop\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Incredibar.com

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe

c:\programdata\Roaming

c:\windows\svchost.exe

c:\windows\SysWow64\C__Windows_system32_config_systemprofile_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_LFZ6Y0HK_CACAZOV4.HTM

.

.

((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))

.

.

2012-07-14 19:48 . 2012-07-14 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-14 17:20 . 2012-07-14 17:27 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-13 10:41 . 2012-07-13 10:41 388096 ----a-r- c:\users\Malicsi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-13 10:41 . 2012-07-13 10:41 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-12 17:03 . 2012-07-12 17:03 -------- d-----w- c:\users\Malicsi\AppData\Roaming\Malwarebytes

2012-07-12 17:03 . 2012-07-12 17:03 -------- d-----w- c:\programdata\Malwarebytes

2012-07-12 17:03 . 2012-07-12 17:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-12 17:03 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-12 09:12 . 2012-07-12 09:12 -------- d-----w- c:\program files (x86)\AVG

2012-07-12 09:08 . 2012-07-13 10:50 -------- d-----w- c:\programdata\MFAData

2012-07-12 09:08 . 2012-07-12 09:08 -------- d--h--w- c:\programdata\Common Files

2012-07-11 10:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 10:00 . 2012-06-02 12:12 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-07-11 09:44 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 09:44 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-11 09:44 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 09:44 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-07-11 09:44 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-11 09:44 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2012-07-11 09:43 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-11 09:43 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 09:43 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-11 09:43 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 09:43 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-11 09:43 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-07-11 09:43 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-07-11 09:43 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-07-11 09:43 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-07-02 09:31 . 2012-07-02 09:31 -------- d-----w- c:\users\Malicsi\AppData\Roaming\WinZip

2012-07-02 09:31 . 2012-07-02 09:31 -------- d-----w- c:\program files (x86)\WinZip Driver Updater

2012-06-26 08:04 . 2012-07-02 09:31 -------- d-----w- c:\program files (x86)\uTorrentControl2

2012-06-21 06:04 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 06:04 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 06:04 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 06:04 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 06:03 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 06:03 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 06:03 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 06:03 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 06:03 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 00:35 . 2012-06-20 00:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-06-16 01:48 . 2012-06-16 01:49 -------- d-----w- c:\program files\iTunes

2012-06-16 01:48 . 2012-06-16 01:49 -------- d-----w- c:\program files (x86)\iTunes

2012-06-16 01:48 . 2012-06-16 01:48 -------- d-----w- c:\program files\iPod

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 09:06 . 2012-04-05 06:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 09:06 . 2012-01-30 19:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-31 04:04 . 2012-07-14 07:56 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6A98E79-41AC-461E-B480-4D270CE2AF33}\mpengine.dll

2012-05-01 05:40 . 2012-06-14 07:12 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-14 07:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-14 07:12 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-14 07:12 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-14 07:12 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:37 . 2012-06-14 07:11 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:37 . 2012-06-14 07:11 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 05:37 . 2012-06-14 07:11 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-14 07:11 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-24 04:36 . 2012-06-14 07:11 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36 . 2012-06-14 07:11 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2012-1-31 45056]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-01-21 1157240]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [2011-01-27 171128]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 ALSysIO;ALSysIO;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-13 9259520]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-13 301568]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-06 138360]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-26 12262336]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-24 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [2011-01-27 450680]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [2011-03-15 912504]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120214.003\IDSvia64.sys [2012-01-29 488568]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [2011-04-21 386168]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-31 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-13 203776]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-31 2413056]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-20 3048136]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-31 338536]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 09:06]

.

2012-07-12 c:\windows\Tasks\HPCeeScheduleForMalicsi.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-16 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-16 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-16 416024]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-31 1128448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mystart.incredibar.com/mb139?a=6R8ubcdc2o&i=26

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Malicsi\AppData\Roaming\Mozilla\Firefox\Profiles\rb55nk9o.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - facebook.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5afa7270-21bd-453f-a893-c5235a78bcb6%7D&mid=75c3ace8c20347d0be18c15632fd24bf-2e9e459ab3d14f309204e6e90950dbe54f11dadf&ds=AVG&v=11.1.0.12〈=en&pr=fr&d=2012-07-12%2002%3A16%3A04&sap=ku&q=

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8ubcdc2o&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - aa4bd85b000000000000ac8112a63e5b

FF - user.js: extensions.incredibar_i.instlDay - 15487

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.145:45

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8ubcdc2o

FF - user.js: extensions.incredibar_i.upn2n - 92824432055419708

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10659

FF - user.js: extensions.incredibar_i.ppd - 105%5F5

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,

0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70

"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,

6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17

"{F9639E4A-801B-4843-AEE3-03D9DA199E77}"=hex:51,66,7a,6c,4c,1d,38,12,24,9d,70,

fd,29,ce,2d,0d,d1,f5,40,99,df,47,da,63

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}"=hex:51,66,7a,6c,4c,1d,38,12,8f,de,00,

6a,5c,65,a0,03,f4,70,9f,cb,f6,31,2f,8d

"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,

81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,

b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:83,27,bb,ec,1e,4d,cd,01

.

[HKEY_USERS\S-1-5-21-282408895-3333434447-599352310-1001\Software\SecuROM\License information*]

"datasecu"=hex:2a,ba,fa,b3,48,96,5b,6c,ea,b3,e2,6b,a0,8b,f8,d4,e0,55,4c,76,e9,

f0,e0,11,f1,50,53,e4,29,59,2c,8e,99,e0,1c,35,3d,b4,fc,06,fb,d1,3b,4f,19,6d,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Internet Explorer\IELowutil.exe

.

**************************************************************************

.

Completion time: 2012-07-14 12:56:43 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-14 19:56

.

Pre-Run: 306,534,154,240 bytes free

Post-Run: 313,251,217,408 bytes free

.

- - End Of File - - 142362316A32208C6F3AF2B63EA4C14B

Share this post


Link to post
Share on other sites

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.14.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Malicsi :: MALICSI-HP [administrator]

Protection: Enabled

7/14/2012 1:15:56 PM

mbam-log-2012-07-14 (13-15-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219374

Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

It's running perfectly! Thank you so much for the help!

Share this post


Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.