Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

BSOD and svchost.exe trojan agent


Recommended Posts

Hello zaylol and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall avast! Free Antivirus and to keep Norton Internet Security only if you have license for Norton Internet Security, if not uninstall it and keep avast! Free Antivirus . Finally, reboot your PC.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

Thank you for the fast responde! Here are the logs!

14:35:54.0040 1664 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

14:35:54.0305 1664 ============================================================

14:35:54.0305 1664 Current date / time: 2012/07/30 14:35:54.0305

14:35:54.0305 1664 SystemInfo:

14:35:54.0305 1664

14:35:54.0305 1664 OS Version: 6.1.7600 ServicePack: 0.0

14:35:54.0305 1664 Product type: Workstation

14:35:54.0305 1664 ComputerName: ALEX-PC

14:35:54.0305 1664 UserName: alex

14:35:54.0305 1664 Windows directory: C:\Windows

14:35:54.0305 1664 System windows directory: C:\Windows

14:35:54.0305 1664 Running under WOW64

14:35:54.0305 1664 Processor architecture: Intel x64

14:35:54.0305 1664 Number of processors: 2

14:35:54.0305 1664 Page size: 0x1000

14:35:54.0305 1664 Boot type: Safe boot with network

14:35:54.0305 1664 ============================================================

14:35:55.0896 1664 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040

14:35:55.0912 1664 ============================================================

14:35:55.0912 1664 \Device\Harddisk0\DR0:

14:35:55.0927 1664 MBR partitions:

14:35:55.0927 1664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

14:35:55.0927 1664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

14:35:55.0927 1664 ============================================================

14:35:55.0974 1664 C: <-> \Device\Harddisk0\DR0\Partition1

14:35:55.0974 1664 ============================================================

14:35:55.0974 1664 Initialize success

14:35:55.0974 1664 ============================================================

14:36:35.0395 1684 ============================================================

14:36:35.0395 1684 Scan started

14:36:35.0395 1684 Mode: Manual; SigCheck; TDLFS;

14:36:35.0395 1684 ============================================================

14:36:36.0518 1684 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

14:36:36.0596 1684 1394ohci - ok

14:36:36.0659 1684 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

14:36:36.0674 1684 ACPI - ok

14:36:36.0706 1684 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

14:36:36.0752 1684 AcpiPmi - ok

14:36:36.0908 1684 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

14:36:36.0908 1684 AdobeARMservice - ok

14:36:37.0064 1684 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:36:37.0096 1684 AdobeFlashPlayerUpdateSvc - ok

14:36:37.0158 1684 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

14:36:37.0174 1684 adp94xx - ok

14:36:37.0236 1684 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

14:36:37.0252 1684 adpahci - ok

14:36:37.0283 1684 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

14:36:37.0298 1684 adpu320 - ok

14:36:37.0345 1684 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

14:36:37.0486 1684 AeLookupSvc - ok

14:36:37.0579 1684 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

14:36:37.0626 1684 AFD - ok

14:36:37.0688 1684 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

14:36:37.0704 1684 agp440 - ok

14:36:37.0720 1684 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

14:36:37.0766 1684 ALG - ok

14:36:37.0782 1684 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

14:36:37.0798 1684 aliide - ok

14:36:37.0876 1684 AMD External Events Utility (ee048ef96ee7f7fdf1dce45c9ebbf19a) C:\Windows\system32\atiesrxx.exe

14:36:37.0938 1684 AMD External Events Utility - ok

14:36:37.0954 1684 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

14:36:37.0969 1684 amdide - ok

14:36:38.0000 1684 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

14:36:38.0032 1684 AmdK8 - ok

14:36:38.0375 1684 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys

14:36:38.0531 1684 amdkmdag - ok

14:36:38.0765 1684 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys

14:36:38.0796 1684 amdkmdap - ok

14:36:38.0874 1684 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

14:36:38.0905 1684 AmdPPM - ok

14:36:38.0936 1684 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

14:36:38.0952 1684 amdsata - ok

14:36:38.0983 1684 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

14:36:38.0999 1684 amdsbs - ok

14:36:38.0999 1684 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

14:36:39.0014 1684 amdxata - ok

14:36:39.0046 1684 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

14:36:39.0124 1684 AppID - ok

14:36:39.0170 1684 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

14:36:39.0217 1684 AppIDSvc - ok

14:36:39.0248 1684 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

14:36:39.0280 1684 Appinfo - ok

14:36:39.0420 1684 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:36:39.0436 1684 Apple Mobile Device - ok

14:36:39.0482 1684 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

14:36:39.0498 1684 arc - ok

14:36:39.0514 1684 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

14:36:39.0529 1684 arcsas - ok

14:36:39.0560 1684 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:36:39.0607 1684 AsyncMac - ok

14:36:39.0623 1684 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

14:36:39.0638 1684 atapi - ok

14:36:39.0748 1684 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

14:36:39.0810 1684 AudioEndpointBuilder - ok

14:36:39.0810 1684 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

14:36:39.0841 1684 AudioSrv - ok

14:36:39.0888 1684 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

14:36:39.0950 1684 AxInstSV - ok

14:36:40.0028 1684 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

14:36:40.0075 1684 b06bdrv - ok

14:36:40.0169 1684 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:36:40.0200 1684 b57nd60a - ok

14:36:40.0278 1684 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

14:36:40.0309 1684 BDESVC - ok

14:36:40.0325 1684 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:36:40.0372 1684 Beep - ok

14:36:40.0434 1684 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

14:36:40.0496 1684 BFE - ok

14:36:40.0730 1684 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120711.002\BHDrvx64.sys

14:36:40.0793 1684 BHDrvx64 - ok

14:36:41.0027 1684 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

14:36:41.0136 1684 BITS - ok

14:36:41.0261 1684 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:36:41.0292 1684 blbdrive - ok

14:36:41.0448 1684 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

14:36:41.0464 1684 Bonjour Service - ok

14:36:41.0526 1684 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

14:36:41.0557 1684 bowser - ok

14:36:41.0588 1684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:36:41.0620 1684 BrFiltLo - ok

14:36:41.0635 1684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:36:41.0651 1684 BrFiltUp - ok

14:36:41.0729 1684 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

14:36:41.0760 1684 Browser - ok

14:36:41.0807 1684 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:36:41.0854 1684 Brserid - ok

14:36:41.0885 1684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:36:41.0916 1684 BrSerWdm - ok

14:36:41.0932 1684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:36:41.0963 1684 BrUsbMdm - ok

14:36:41.0978 1684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:36:41.0994 1684 BrUsbSer - ok

14:36:42.0010 1684 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

14:36:42.0025 1684 BTHMODEM - ok

14:36:42.0088 1684 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

14:36:42.0119 1684 bthserv - ok

14:36:42.0244 1684 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys

14:36:42.0259 1684 ccHP - ok

14:36:42.0275 1684 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:36:42.0322 1684 cdfs - ok

14:36:42.0353 1684 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

14:36:42.0384 1684 cdrom - ok

14:36:42.0415 1684 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

14:36:42.0462 1684 CertPropSvc - ok

14:36:42.0493 1684 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

14:36:42.0509 1684 circlass - ok

14:36:42.0602 1684 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:36:42.0618 1684 CLFS - ok

14:36:42.0758 1684 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:36:42.0758 1684 clr_optimization_v2.0.50727_32 - ok

14:36:42.0883 1684 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:36:42.0899 1684 clr_optimization_v2.0.50727_64 - ok

14:36:43.0008 1684 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:36:43.0039 1684 clr_optimization_v4.0.30319_32 - ok

14:36:43.0071 1684 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:36:43.0102 1684 clr_optimization_v4.0.30319_64 - ok

14:36:43.0117 1684 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

14:36:43.0149 1684 CmBatt - ok

14:36:43.0195 1684 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

14:36:43.0195 1684 cmdide - ok

14:36:43.0273 1684 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys

14:36:43.0320 1684 CNG - ok

14:36:43.0336 1684 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

14:36:43.0336 1684 Compbatt - ok

14:36:43.0383 1684 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:36:43.0398 1684 CompositeBus - ok

14:36:43.0398 1684 COMSysApp - ok

14:36:43.0429 1684 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

14:36:43.0429 1684 crcdisk - ok

14:36:43.0492 1684 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll

14:36:43.0539 1684 CryptSvc - ok

14:36:43.0617 1684 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

14:36:43.0663 1684 DcomLaunch - ok

14:36:43.0741 1684 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

14:36:43.0788 1684 defragsvc - ok

14:36:43.0835 1684 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

14:36:43.0866 1684 DfsC - ok

14:36:43.0913 1684 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

14:36:43.0991 1684 Dhcp - ok

14:36:44.0053 1684 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:36:44.0100 1684 discache - ok

14:36:44.0131 1684 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

14:36:44.0147 1684 Disk - ok

14:36:44.0178 1684 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

14:36:44.0194 1684 Dnscache - ok

14:36:44.0256 1684 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

14:36:44.0303 1684 dot3svc - ok

14:36:44.0319 1684 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

14:36:44.0365 1684 DPS - ok

14:36:44.0428 1684 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:36:44.0443 1684 drmkaud - ok

14:36:44.0506 1684 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

14:36:44.0537 1684 DXGKrnl - ok

14:36:44.0599 1684 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

14:36:44.0646 1684 EapHost - ok

14:36:44.0833 1684 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

14:36:44.0911 1684 ebdrv - ok

14:36:45.0036 1684 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

14:36:45.0052 1684 eeCtrl - ok

14:36:45.0223 1684 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

14:36:45.0255 1684 EFS - ok

14:36:45.0364 1684 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

14:36:45.0411 1684 ehRecvr - ok

14:36:45.0473 1684 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

14:36:45.0504 1684 ehSched - ok

14:36:45.0676 1684 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

14:36:45.0691 1684 elxstor - ok

14:36:45.0707 1684 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

14:36:45.0738 1684 ErrDev - ok

14:36:45.0816 1684 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

14:36:45.0863 1684 EventSystem - ok

14:36:45.0910 1684 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:36:45.0957 1684 exfat - ok

14:36:45.0972 1684 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:36:46.0003 1684 fastfat - ok

14:36:46.0081 1684 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

14:36:46.0128 1684 Fax - ok

14:36:46.0175 1684 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

14:36:46.0206 1684 fdc - ok

14:36:46.0237 1684 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

14:36:46.0269 1684 fdPHost - ok

14:36:46.0284 1684 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

14:36:46.0315 1684 FDResPub - ok

14:36:46.0347 1684 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:36:46.0362 1684 FileInfo - ok

14:36:46.0378 1684 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:36:46.0393 1684 Filetrace - ok

14:36:46.0409 1684 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

14:36:46.0425 1684 flpydisk - ok

14:36:46.0440 1684 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

14:36:46.0456 1684 FltMgr - ok

14:36:46.0534 1684 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll

14:36:46.0596 1684 FontCache - ok

14:36:46.0815 1684 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:36:46.0830 1684 FontCache3.0.0.0 - ok

14:36:46.0893 1684 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:36:46.0908 1684 FsDepends - ok

14:36:46.0939 1684 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

14:36:46.0939 1684 Fs_Rec - ok

14:36:47.0002 1684 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:36:47.0017 1684 fvevol - ok

14:36:47.0064 1684 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

14:36:47.0064 1684 gagp30kx - ok

14:36:47.0095 1684 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:36:47.0095 1684 GEARAspiWDM - ok

14:36:47.0205 1684 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

14:36:47.0236 1684 gpsvc - ok

14:36:47.0376 1684 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:36:47.0376 1684 gupdate - ok

14:36:47.0392 1684 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:36:47.0392 1684 gupdatem - ok

14:36:47.0407 1684 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:36:47.0439 1684 hcw85cir - ok

14:36:47.0485 1684 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:36:47.0517 1684 HDAudBus - ok

14:36:47.0517 1684 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

14:36:47.0532 1684 HidBatt - ok

14:36:47.0548 1684 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

14:36:47.0579 1684 HidBth - ok

14:36:47.0626 1684 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

14:36:47.0641 1684 HidIr - ok

14:36:47.0719 1684 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

14:36:47.0751 1684 hidserv - ok

14:36:47.0813 1684 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

14:36:47.0829 1684 HidUsb - ok

14:36:47.0907 1684 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

14:36:47.0938 1684 hkmsvc - ok

14:36:47.0969 1684 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

14:36:48.0000 1684 HomeGroupListener - ok

14:36:48.0063 1684 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

14:36:48.0094 1684 HomeGroupProvider - ok

14:36:48.0125 1684 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

14:36:48.0141 1684 HpSAMD - ok

14:36:48.0219 1684 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

14:36:48.0265 1684 HTTP - ok

14:36:48.0281 1684 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

14:36:48.0297 1684 hwpolicy - ok

14:36:48.0328 1684 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

14:36:48.0343 1684 i8042prt - ok

14:36:48.0406 1684 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

14:36:48.0421 1684 iaStorV - ok

14:36:48.0671 1684 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:36:48.0687 1684 idsvc - ok

14:36:48.0952 1684 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120722.001\IDSvia64.sys

14:36:48.0967 1684 IDSVia64 - ok

14:36:49.0170 1684 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

14:36:49.0186 1684 iirsp - ok

14:36:49.0279 1684 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

14:36:49.0342 1684 IKEEXT - ok

14:36:49.0357 1684 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

14:36:49.0357 1684 intelide - ok

14:36:49.0404 1684 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

14:36:49.0420 1684 intelppm - ok

14:36:49.0467 1684 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

14:36:49.0498 1684 IPBusEnum - ok

14:36:49.0529 1684 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:36:49.0560 1684 IpFilterDriver - ok

14:36:49.0623 1684 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

14:36:49.0654 1684 iphlpsvc - ok

14:36:49.0685 1684 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

14:36:49.0701 1684 IPMIDRV - ok

14:36:49.0732 1684 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:36:49.0763 1684 IPNAT - ok

14:36:49.0966 1684 iPod Service (b7cb0b121962cd89f98c0dd89331b0c0) C:\Program Files\iPod\bin\iPodService.exe

14:36:49.0981 1684 iPod Service - ok

14:36:50.0013 1684 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:36:50.0028 1684 IRENUM - ok

14:36:50.0044 1684 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

14:36:50.0044 1684 isapnp - ok

14:36:50.0059 1684 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

14:36:50.0075 1684 iScsiPrt - ok

14:36:50.0106 1684 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:36:50.0122 1684 kbdclass - ok

14:36:50.0153 1684 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

14:36:50.0169 1684 kbdhid - ok

14:36:50.0184 1684 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

14:36:50.0184 1684 KeyIso - ok

14:36:50.0200 1684 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys

14:36:50.0215 1684 KSecDD - ok

14:36:50.0231 1684 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys

14:36:50.0247 1684 KSecPkg - ok

14:36:50.0247 1684 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:36:50.0293 1684 ksthunk - ok

14:36:50.0356 1684 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

14:36:50.0403 1684 KtmRm - ok

14:36:50.0465 1684 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

14:36:50.0496 1684 LanmanServer - ok

14:36:50.0559 1684 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

14:36:50.0621 1684 LanmanWorkstation - ok

14:36:50.0652 1684 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:36:50.0699 1684 lltdio - ok

14:36:50.0761 1684 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

14:36:50.0793 1684 lltdsvc - ok

14:36:50.0839 1684 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

14:36:50.0855 1684 lmhosts - ok

14:36:50.0902 1684 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

14:36:50.0902 1684 LSI_FC - ok

14:36:50.0964 1684 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

14:36:50.0980 1684 LSI_SAS - ok

14:36:50.0995 1684 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:36:50.0995 1684 LSI_SAS2 - ok

14:36:51.0027 1684 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:36:51.0027 1684 LSI_SCSI - ok

14:36:51.0042 1684 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:36:51.0089 1684 luafv - ok

14:36:51.0105 1684 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

14:36:51.0120 1684 MBAMProtector - ok

14:36:51.0307 1684 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

14:36:51.0339 1684 MBAMService - ok

14:36:51.0385 1684 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

14:36:51.0417 1684 Mcx2Svc - ok

14:36:51.0432 1684 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

14:36:51.0448 1684 megasas - ok

14:36:51.0479 1684 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

14:36:51.0479 1684 MegaSR - ok

14:36:51.0557 1684 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:36:51.0588 1684 MMCSS - ok

14:36:51.0588 1684 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:36:51.0635 1684 Modem - ok

14:36:51.0666 1684 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:36:51.0682 1684 monitor - ok

14:36:51.0713 1684 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:36:51.0713 1684 mouclass - ok

14:36:51.0744 1684 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:36:51.0775 1684 mouhid - ok

14:36:51.0807 1684 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

14:36:51.0807 1684 mountmgr - ok

14:36:51.0947 1684 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

14:36:51.0963 1684 MozillaMaintenance - ok

14:36:51.0978 1684 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

14:36:51.0994 1684 mpio - ok

14:36:52.0009 1684 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:36:52.0041 1684 mpsdrv - ok

14:36:52.0134 1684 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

14:36:52.0181 1684 MpsSvc - ok

14:36:52.0197 1684 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

14:36:52.0228 1684 MRxDAV - ok

14:36:52.0259 1684 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:36:52.0306 1684 mrxsmb - ok

14:36:52.0321 1684 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:36:52.0353 1684 mrxsmb10 - ok

14:36:52.0384 1684 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:36:52.0399 1684 mrxsmb20 - ok

14:36:52.0462 1684 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

14:36:52.0462 1684 msahci - ok

14:36:52.0477 1684 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

14:36:52.0493 1684 msdsm - ok

14:36:52.0540 1684 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

14:36:52.0571 1684 MSDTC - ok

14:36:52.0587 1684 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:36:52.0618 1684 Msfs - ok

14:36:52.0649 1684 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:36:52.0665 1684 mshidkmdf - ok

14:36:52.0680 1684 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

14:36:52.0696 1684 msisadrv - ok

14:36:52.0758 1684 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

14:36:52.0805 1684 MSiSCSI - ok

14:36:52.0805 1684 msiserver - ok

14:36:52.0836 1684 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:36:52.0883 1684 MSKSSRV - ok

14:36:52.0914 1684 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:36:52.0961 1684 MSPCLOCK - ok

14:36:53.0008 1684 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:36:53.0039 1684 MSPQM - ok

14:36:53.0070 1684 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

14:36:53.0101 1684 MsRPC - ok

14:36:53.0117 1684 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

14:36:53.0117 1684 mssmbios - ok

14:36:53.0133 1684 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:36:53.0164 1684 MSTEE - ok

14:36:53.0179 1684 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

14:36:53.0211 1684 MTConfig - ok

14:36:53.0226 1684 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:36:53.0242 1684 Mup - ok

14:36:53.0320 1684 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

14:36:53.0367 1684 napagent - ok

14:36:53.0429 1684 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:36:53.0460 1684 NativeWifiP - ok

14:36:53.0585 1684 NAVENG - ok

14:36:53.0585 1684 NAVEX15 - ok

14:36:53.0679 1684 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

14:36:53.0710 1684 NDIS - ok

14:36:53.0725 1684 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:36:53.0757 1684 NdisCap - ok

14:36:53.0788 1684 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:36:53.0835 1684 NdisTapi - ok

14:36:53.0850 1684 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

14:36:53.0897 1684 Ndisuio - ok

14:36:53.0928 1684 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:36:53.0944 1684 NdisWan - ok

14:36:53.0975 1684 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

14:36:54.0006 1684 NDProxy - ok

14:36:54.0037 1684 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:36:54.0084 1684 NetBIOS - ok

14:36:54.0100 1684 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

14:36:54.0147 1684 NetBT - ok

14:36:54.0193 1684 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

14:36:54.0193 1684 Netlogon - ok

14:36:54.0271 1684 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

14:36:54.0318 1684 Netman - ok

14:36:54.0365 1684 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

14:36:54.0412 1684 netprofm - ok

14:36:54.0630 1684 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:36:54.0646 1684 NetTcpPortSharing - ok

14:36:54.0677 1684 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

14:36:54.0677 1684 nfrd960 - ok

14:36:54.0833 1684 NIS (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe

14:36:54.0833 1684 NIS - ok

14:36:54.0880 1684 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

14:36:54.0927 1684 NlaSvc - ok

14:36:54.0927 1684 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:36:54.0973 1684 Npfs - ok

14:36:55.0020 1684 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

14:36:55.0067 1684 nsi - ok

14:36:55.0083 1684 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:36:55.0129 1684 nsiproxy - ok

14:36:55.0239 1684 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

14:36:55.0285 1684 Ntfs - ok

14:36:55.0504 1684 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:36:55.0535 1684 Null - ok

14:36:55.0566 1684 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

14:36:55.0566 1684 nvraid - ok

14:36:55.0582 1684 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

14:36:55.0597 1684 nvstor - ok

14:36:55.0613 1684 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

14:36:55.0629 1684 nv_agp - ok

14:36:55.0644 1684 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

14:36:55.0660 1684 ohci1394 - ok

14:36:55.0738 1684 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:36:55.0785 1684 p2pimsvc - ok

14:36:55.0863 1684 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

14:36:55.0878 1684 p2psvc - ok

14:36:55.0956 1684 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

14:36:55.0972 1684 Parport - ok

14:36:56.0003 1684 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

14:36:56.0003 1684 partmgr - ok

14:36:56.0034 1684 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

14:36:56.0065 1684 PcaSvc - ok

14:36:56.0081 1684 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

14:36:56.0097 1684 pci - ok

14:36:56.0112 1684 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

14:36:56.0128 1684 pciide - ok

14:36:56.0143 1684 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

14:36:56.0159 1684 pcmcia - ok

14:36:56.0175 1684 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:36:56.0190 1684 pcw - ok

14:36:56.0237 1684 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:36:56.0299 1684 PEAUTH - ok

14:36:56.0440 1684 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

14:36:56.0455 1684 PerfHost - ok

14:36:56.0580 1684 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

14:36:56.0643 1684 pla - ok

14:36:56.0705 1684 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

14:36:56.0721 1684 PlugPlay - ok

14:36:56.0736 1684 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

14:36:56.0752 1684 PNRPAutoReg - ok

14:36:56.0799 1684 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:36:56.0799 1684 PNRPsvc - ok

14:36:56.0877 1684 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

14:36:56.0939 1684 PolicyAgent - ok

14:36:57.0017 1684 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

14:36:57.0033 1684 Power - ok

14:36:57.0173 1684 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

14:36:57.0204 1684 PptpMiniport - ok

14:36:57.0267 1684 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

14:36:57.0282 1684 Processor - ok

14:36:57.0329 1684 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll

14:36:57.0360 1684 ProfSvc - ok

14:36:57.0376 1684 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

14:36:57.0376 1684 ProtectedStorage - ok

14:36:57.0454 1684 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

14:36:57.0485 1684 Psched - ok

14:36:57.0579 1684 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

14:36:57.0625 1684 ql2300 - ok

14:36:57.0906 1684 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

14:36:57.0922 1684 ql40xx - ok

14:36:57.0984 1684 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

14:36:58.0015 1684 QWAVE - ok

14:36:58.0031 1684 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:36:58.0062 1684 QWAVEdrv - ok

14:36:58.0078 1684 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:36:58.0109 1684 RasAcd - ok

14:36:58.0171 1684 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:36:58.0203 1684 RasAgileVpn - ok

14:36:58.0234 1684 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

14:36:58.0265 1684 RasAuto - ok

14:36:58.0281 1684 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:36:58.0327 1684 Rasl2tp - ok

14:36:58.0374 1684 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

14:36:58.0421 1684 RasMan - ok

14:36:58.0437 1684 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:36:58.0483 1684 RasPppoe - ok

14:36:58.0515 1684 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:36:58.0546 1684 RasSstp - ok

14:36:58.0577 1684 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

14:36:58.0639 1684 rdbss - ok

14:36:58.0655 1684 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

14:36:58.0686 1684 rdpbus - ok

14:36:58.0702 1684 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:36:58.0733 1684 RDPCDD - ok

14:36:58.0749 1684 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:36:58.0780 1684 RDPENCDD - ok

14:36:58.0811 1684 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:36:58.0842 1684 RDPREFMP - ok

14:36:58.0873 1684 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys

14:36:58.0920 1684 RDPWD - ok

14:36:58.0951 1684 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

14:36:58.0967 1684 rdyboost - ok

14:36:59.0029 1684 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

14:36:59.0061 1684 RemoteAccess - ok

14:36:59.0139 1684 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

14:36:59.0185 1684 RemoteRegistry - ok

14:36:59.0373 1684 RichVideo (8cfca7e2fd4b57c2bef929c1c1a4c56e) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

14:36:59.0388 1684 RichVideo - ok

14:36:59.0466 1684 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

14:36:59.0497 1684 RpcEptMapper - ok

14:36:59.0560 1684 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

14:36:59.0575 1684 RpcLocator - ok

14:36:59.0622 1684 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

14:36:59.0653 1684 RpcSs - ok

14:36:59.0794 1684 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:36:59.0825 1684 rspndr - ok

14:36:59.0919 1684 RTHDMIAzAudService (116d03e901246ac7af006121e1e22842) C:\Windows\system32\drivers\RtHDMIVX.sys

14:36:59.0919 1684 RTHDMIAzAudService - ok

14:37:00.0012 1684 RTL8167 (47032c855ddcb5ad7236286689ede288) C:\Windows\system32\DRIVERS\Rt64win7.sys

14:37:00.0028 1684 RTL8167 - ok

14:37:00.0043 1684 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

14:37:00.0043 1684 SamSs - ok

14:37:00.0059 1684 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

14:37:00.0075 1684 sbp2port - ok

14:37:00.0106 1684 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

14:37:00.0137 1684 SCardSvr - ok

14:37:00.0137 1684 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

14:37:00.0184 1684 scfilter - ok

14:37:00.0262 1684 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

14:37:00.0309 1684 Schedule - ok

14:37:00.0371 1684 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

14:37:00.0402 1684 SCPolicySvc - ok

14:37:00.0465 1684 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

14:37:00.0511 1684 SDRSVC - ok

14:37:00.0652 1684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:37:00.0683 1684 secdrv - ok

14:37:00.0683 1684 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

14:37:00.0730 1684 seclogon - ok

14:37:00.0761 1684 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

14:37:00.0792 1684 SENS - ok

14:37:00.0823 1684 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

14:37:00.0855 1684 SensrSvc - ok

14:37:00.0870 1684 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

14:37:00.0886 1684 Serenum - ok

14:37:00.0933 1684 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

14:37:00.0948 1684 Serial - ok

14:37:00.0979 1684 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

14:37:01.0011 1684 sermouse - ok

14:37:01.0026 1684 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

14:37:01.0057 1684 SessionEnv - ok

14:37:01.0073 1684 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

14:37:01.0089 1684 sffdisk - ok

14:37:01.0104 1684 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

14:37:01.0135 1684 sffp_mmc - ok

14:37:01.0151 1684 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

14:37:01.0167 1684 sffp_sd - ok

14:37:01.0182 1684 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

14:37:01.0198 1684 sfloppy - ok

14:37:01.0260 1684 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

14:37:01.0307 1684 SharedAccess - ok

14:37:01.0385 1684 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

14:37:01.0416 1684 ShellHWDetection - ok

14:37:01.0447 1684 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:37:01.0463 1684 SiSRaid2 - ok

14:37:01.0479 1684 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

14:37:01.0494 1684 SiSRaid4 - ok

14:37:01.0775 1684 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

14:37:01.0853 1684 Skype C2C Service - ok

14:37:01.0993 1684 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe

14:37:01.0993 1684 SkypeUpdate - ok

14:37:02.0305 1684 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:37:02.0337 1684 Smb - ok

14:37:02.0415 1684 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

14:37:02.0430 1684 SNMPTRAP - ok

14:37:02.0446 1684 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:37:02.0461 1684 spldr - ok

14:37:02.0508 1684 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

14:37:02.0555 1684 Spooler - ok

14:37:02.0727 1684 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

14:37:02.0789 1684 sppsvc - ok

14:37:02.0961 1684 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

14:37:02.0992 1684 sppuinotify - ok

14:37:03.0179 1684 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS

14:37:03.0195 1684 SRTSP - ok

14:37:03.0195 1684 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS

14:37:03.0195 1684 SRTSPX - ok

14:37:03.0241 1684 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

14:37:03.0288 1684 srv - ok

14:37:03.0319 1684 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

14:37:03.0351 1684 srv2 - ok

14:37:03.0382 1684 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

14:37:03.0413 1684 srvnet - ok

14:37:03.0475 1684 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

14:37:03.0522 1684 SSDPSRV - ok

14:37:03.0553 1684 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

14:37:03.0569 1684 SstpSvc - ok

14:37:03.0663 1684 Steam Client Service - ok

14:37:03.0694 1684 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

14:37:03.0709 1684 stexstor - ok

14:37:03.0803 1684 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

14:37:03.0850 1684 stisvc - ok

14:37:03.0865 1684 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

14:37:03.0865 1684 swenum - ok

14:37:03.0912 1684 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

14:37:03.0959 1684 swprv - ok

14:37:04.0053 1684 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS

14:37:04.0068 1684 SymDS - ok

14:37:04.0084 1684 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS

14:37:04.0099 1684 SymEFA - ok

14:37:04.0131 1684 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

14:37:04.0146 1684 SymEvent - ok

14:37:04.0193 1684 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS

14:37:04.0193 1684 SymIRON - ok

14:37:04.0224 1684 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS

14:37:04.0240 1684 SYMTDIv - ok

14:37:04.0333 1684 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

14:37:04.0396 1684 SysMain - ok

14:37:04.0599 1684 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

14:37:04.0630 1684 TabletInputService - ok

14:37:04.0661 1684 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

14:37:04.0708 1684 TapiSrv - ok

14:37:04.0723 1684 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

14:37:04.0755 1684 TBS - ok

14:37:04.0926 1684 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

14:37:04.0973 1684 Tcpip - ok

14:37:05.0254 1684 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

14:37:05.0285 1684 TCPIP6 - ok

14:37:05.0379 1684 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

14:37:05.0410 1684 tcpipreg - ok

14:37:05.0457 1684 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:37:05.0488 1684 TDPIPE - ok

14:37:05.0503 1684 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

14:37:05.0535 1684 TDTCP - ok

14:37:05.0581 1684 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

14:37:05.0613 1684 tdx - ok

14:37:05.0628 1684 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

14:37:05.0644 1684 TermDD - ok

14:37:05.0737 1684 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

14:37:05.0784 1684 TermService - ok

14:37:05.0800 1684 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

14:37:05.0831 1684 Themes - ok

14:37:05.0893 1684 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:37:05.0909 1684 THREADORDER - ok

14:37:05.0940 1684 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

14:37:05.0971 1684 TrkWks - ok

14:37:06.0081 1684 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

14:37:06.0096 1684 TrustedInstaller - ok

14:37:06.0096 1684 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:37:06.0143 1684 tssecsrv - ok

14:37:06.0237 1684 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

14:37:06.0268 1684 tunnel - ok

14:37:06.0283 1684 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

14:37:06.0299 1684 uagp35 - ok

14:37:06.0330 1684 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

14:37:06.0377 1684 udfs - ok

14:37:06.0439 1684 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

14:37:06.0455 1684 UI0Detect - ok

14:37:06.0471 1684 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

14:37:06.0486 1684 uliagpkx - ok

14:37:06.0517 1684 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

14:37:06.0533 1684 umbus - ok

14:37:06.0564 1684 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

14:37:06.0595 1684 UmPass - ok

14:37:06.0627 1684 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

14:37:06.0673 1684 upnphost - ok

14:37:06.0720 1684 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys

14:37:06.0751 1684 usbccgp - ok

14:37:06.0767 1684 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

14:37:06.0783 1684 usbcir - ok

14:37:06.0798 1684 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

14:37:06.0798 1684 usbehci - ok

14:37:06.0829 1684 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

14:37:06.0861 1684 usbhub - ok

14:37:06.0861 1684 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys

14:37:06.0861 1684 usbohci - ok

14:37:06.0876 1684 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

14:37:06.0892 1684 usbprint - ok

14:37:06.0892 1684 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

14:37:06.0939 1684 USBSTOR - ok

14:37:06.0939 1684 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

14:37:06.0939 1684 usbuhci - ok

14:37:07.0001 1684 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

14:37:07.0048 1684 UxSms - ok

14:37:07.0063 1684 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

14:37:07.0079 1684 VaultSvc - ok

14:37:07.0110 1684 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

14:37:07.0110 1684 vdrvroot - ok

14:37:07.0157 1684 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

14:37:07.0188 1684 vds - ok

14:37:07.0204 1684 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:37:07.0219 1684 vga - ok

14:37:07.0235 1684 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:37:07.0282 1684 VgaSave - ok

14:37:07.0297 1684 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

14:37:07.0313 1684 vhdmp - ok

14:37:07.0438 1684 VIAHdAudAddService (627270f2103d41086bab9675a3315dab) C:\Windows\system32\drivers\viahduaa.sys

14:37:07.0500 1684 VIAHdAudAddService - ok

14:37:07.0516 1684 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

14:37:07.0516 1684 viaide - ok

14:37:07.0531 1684 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

14:37:07.0531 1684 volmgr - ok

14:37:07.0563 1684 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

14:37:07.0594 1684 volmgrx - ok

14:37:07.0609 1684 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

14:37:07.0641 1684 volsnap - ok

14:37:07.0687 1684 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

14:37:07.0687 1684 vsmraid - ok

14:37:07.0843 1684 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

14:37:07.0890 1684 VSS - ok

14:37:08.0124 1684 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

14:37:08.0140 1684 vwifibus - ok

14:37:08.0202 1684 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

14:37:08.0249 1684 W32Time - ok

14:37:08.0265 1684 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

14:37:08.0265 1684 WacomPen - ok

14:37:08.0311 1684 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

14:37:08.0343 1684 WANARP - ok

14:37:08.0358 1684 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

14:37:08.0389 1684 Wanarpv6 - ok

14:37:08.0514 1684 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

14:37:08.0545 1684 WatAdminSvc - ok

14:37:08.0639 1684 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

14:37:08.0701 1684 wbengine - ok

14:37:08.0873 1684 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

14:37:08.0889 1684 WbioSrvc - ok

14:37:08.0920 1684 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

14:37:08.0967 1684 wcncsvc - ok

14:37:08.0982 1684 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

14:37:09.0029 1684 WcsPlugInService - ok

14:37:09.0138 1684 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

14:37:09.0154 1684 Wd - ok

14:37:09.0185 1684 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:37:09.0216 1684 Wdf01000 - ok

14:37:09.0232 1684 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:37:09.0263 1684 WdiServiceHost - ok

14:37:09.0263 1684 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:37:09.0279 1684 WdiSystemHost - ok

14:37:09.0310 1684 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

14:37:09.0341 1684 WebClient - ok

14:37:09.0403 1684 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

14:37:09.0450 1684 Wecsvc - ok

14:37:09.0466 1684 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

14:37:09.0513 1684 wercplsupport - ok

14:37:09.0544 1684 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

14:37:09.0575 1684 WerSvc - ok

14:37:09.0700 1684 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:37:09.0731 1684 WfpLwf - ok

14:37:09.0731 1684 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:37:09.0747 1684 WIMMount - ok

14:37:09.0825 1684 WinDefend - ok

14:37:09.0825 1684 WinHttpAutoProxySvc - ok

14:37:09.0934 1684 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

14:37:09.0981 1684 Winmgmt - ok

14:37:10.0121 1684 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

14:37:10.0183 1684 WinRM - ok

14:37:10.0433 1684 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

14:37:10.0449 1684 Wlansvc - ok

14:37:10.0573 1684 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:37:10.0589 1684 WmiAcpi - ok

14:37:10.0698 1684 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

14:37:10.0714 1684 wmiApSrv - ok

14:37:10.0792 1684 WMPNetworkSvc - ok

14:37:10.0807 1684 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

14:37:10.0823 1684 WPCSvc - ok

14:37:10.0839 1684 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

14:37:10.0870 1684 WPDBusEnum - ok

14:37:10.0885 1684 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:37:10.0917 1684 ws2ifsl - ok

14:37:10.0948 1684 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll

14:37:10.0963 1684 wscsvc - ok

14:37:10.0979 1684 WSearch - ok

14:37:11.0119 1684 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

14:37:11.0182 1684 wuauserv - ok

14:37:11.0463 1684 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

14:37:11.0509 1684 WudfPf - ok

14:37:11.0556 1684 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:37:11.0603 1684 WUDFRd - ok

14:37:11.0665 1684 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

14:37:11.0681 1684 wudfsvc - ok

14:37:11.0728 1684 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

14:37:11.0775 1684 WwanSvc - ok

14:37:11.0837 1684 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:37:11.0884 1684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

14:37:11.0884 1684 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

14:37:11.0946 1684 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

14:37:11.0946 1684 \Device\Harddisk0\DR0 - detected TDSS File System (1)

14:37:11.0946 1684 Boot (0x1200) (96650bdb6ba864ea1aede6ee2036234a) \Device\Harddisk0\DR0\Partition0

14:37:11.0946 1684 \Device\Harddisk0\DR0\Partition0 - ok

14:37:11.0993 1684 Boot (0x1200) (d9a7fd2f7b5ca724898329e876af955d) \Device\Harddisk0\DR0\Partition1

14:37:11.0993 1684 \Device\Harddisk0\DR0\Partition1 - ok

14:37:11.0993 1684 ============================================================

14:37:11.0993 1684 Scan finished

14:37:11.0993 1684 ============================================================

14:37:11.0993 1700 Detected object count: 2

14:37:11.0993 1700 Actual detected object count: 2

14:38:05.0049 1700 \Device\Harddisk0\DR0\# - copied to quarantine

14:38:05.0049 1700 \Device\Harddisk0\DR0 - copied to quarantine

14:38:05.0095 1700 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

14:38:05.0095 1700 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

14:38:05.0095 1700 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

14:38:05.0095 1700 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

14:38:05.0111 1700 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

14:38:05.0127 1700 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

14:38:05.0158 1700 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

14:38:05.0158 1700 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

14:38:05.0158 1700 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

14:38:05.0173 1700 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

14:38:05.0205 1700 \Device\Harddisk0\DR0 - ok

14:38:05.0251 1700 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

14:38:05.0251 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

14:38:05.0251 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

14:38:59.0040 1668 Deinitialize success

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.30.10

Windows 7 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7600.16385

alex :: ALEX-PC [administrator]

7/30/2012 2:50:46 PM

mbam-log-2012-07-30 (14-50-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 193015

Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.0

Run by alex at 15:10:50 on 2012-07-30

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.2445 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

TB: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRunOnce: [spybotDeletingB9224] command.com /c del "C:\Windows\svchost.exe_old"

uRunOnce: [spybotDeletingD8855] cmd.exe /c del "C:\Windows\svchost.exe_old"

uRunOnce: [spybotDeletingB9693] command.com /c del "C:\Windows\svchost.exe_old"

uRunOnce: [spybotDeletingD8216] cmd.exe /c del "C:\Windows\svchost.exe_old"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

mRunOnce: [spybotDeletingA7510] command.com /c del "C:\Windows\svchost.exe_old"

mRunOnce: [spybotDeletingC5199] cmd.exe /c del "C:\Windows\svchost.exe_old"

mRunOnce: [spybotDeletingA5083] command.com /c del "C:\Windows\svchost.exe_old"

mRunOnce: [spybotDeletingC4557] cmd.exe /c del "C:\Windows\svchost.exe_old"

StartupFolder: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{C586CC9B-EA3B-4DFF-8586-CAC24E85BA53} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{C586CC9B-EA3B-4DFF-8586-CAC24E85BA53} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

mRunOnce-x64: [spybotDeletingA7510] command.com /c del "C:\Windows\svchost.exe_old"

mRunOnce-x64: [spybotDeletingC5199] cmd.exe /c del "C:\Windows\svchost.exe_old"

mRunOnce-x64: [spybotDeletingA5083] command.com /c del "C:\Windows\svchost.exe_old"

mRunOnce-x64: [spybotDeletingC4557] cmd.exe /c del "C:\Windows\svchost.exe_old"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\k15n400i.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc494d9c3-4575-492f-a3fc-410b8d48ed66%7D&mid=80d92f78c6a647d0bcbc41b2e0095930-c85fc113044bd8c366b4bf06810b10f7f3da2474&ds=AVG&v=10.0.0.7〈=en&pr=pr&d=2012-07-18%2001%3A54%3A00&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

FF - component: C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\k15n400i.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\components\dtTransparency.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-11 1161376]

S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120722.001\IDSviA64.sys [2012-7-23 509088]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [?]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 136176]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]

S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2012-7-22 126400]

S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-24 250056]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 136176]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-30 18:38:04 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-30 01:30:30 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-07-30 00:35:45 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-07-30 00:35:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-07-29 01:52:12 -------- d-----w- C:\$WINDOWS.~LS

2012-07-29 01:51:19 -------- d-----w- C:\$UPGRADE.~OS

2012-07-22 04:56:41 505392 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\srtsp64.sys

2012-07-22 04:56:41 451704 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys

2012-07-22 04:56:41 433200 ----a-r- C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys

2012-07-22 04:56:41 32304 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\srtspx64.sys

2012-07-22 04:56:41 221304 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys

2012-07-22 04:56:40 593544 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys

2012-07-22 04:56:40 150064 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys

2012-07-22 04:55:55 -------- d-----w- C:\Windows\System32\drivers\NISx64\1109000.00C

2012-07-19 01:17:55 -------- d-----w- C:\Users\alex\AppData\Local\CrashDumps

2012-07-18 21:50:59 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2012-07-18 21:50:56 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2012-07-18 21:46:21 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-07-18 21:27:47 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2012-07-18 21:27:46 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2012-07-18 20:52:37 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-07-18 20:52:36 80896 ----a-w- C:\Windows\System32\imagehlp.dll

2012-07-18 20:52:36 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-07-18 20:52:36 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-07-18 20:52:36 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-07-18 20:52:35 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-07-18 20:52:35 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-07-18 20:47:10 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2012-07-18 20:41:57 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll

2012-07-18 20:40:06 552960 ----a-w- C:\Windows\System32\msdri.dll

2012-07-18 20:38:57 84992 ----a-w- C:\Windows\System32\asycfilt.dll

2012-07-18 20:37:45 2228224 ----a-w- C:\Windows\System32\mssrch.dll

2012-07-18 20:36:53 2870272 ----a-w- C:\Windows\explorer.exe

2012-07-18 20:35:51 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2012-07-18 20:34:57 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys

2012-07-18 20:33:59 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2012-07-18 20:32:58 640896 ----a-w- C:\Windows\System32\winload.efi

2012-07-18 20:18:39 -------- d-----w- C:\Windows\Panther

2012-07-18 20:14:02 77312 ----a-w- C:\Windows\System32\packager.dll

2012-07-18 20:14:02 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-07-18 20:08:33 -------- d--h--w- C:\$WINDOWS.~Q

2012-07-18 20:02:15 -------- d--h--w- C:\$INPLACE.~TR

2012-07-18 18:15:14 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-07-18 18:13:13 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-07-18 18:13:05 -------- d-----w- C:\Program Files\Symantec

2012-07-18 18:13:05 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2012-07-18 18:10:55 -------- d-----w- C:\Windows\System32\drivers\NISx64

2012-07-18 18:10:52 -------- d-----w- C:\Program Files (x86)\Norton Internet Security

2012-07-18 18:10:51 -------- d-----w- C:\ProgramData\Norton

2012-07-18 18:10:07 -------- d-----w- C:\ProgramData\NortonInstaller

2012-07-18 18:10:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2012-07-18 17:25:15 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2012-07-18 17:25:15 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2012-07-18 17:25:15 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2012-07-18 17:25:15 444752 ----a-w- C:\Windows\System32\mscoree.dll

2012-07-18 17:25:15 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2012-07-18 17:25:15 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2012-07-18 17:25:15 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2012-07-18 17:25:15 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2012-07-18 17:25:15 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2012-07-18 17:25:14 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2012-07-18 17:16:29 139264 ----a-w- C:\Windows\System32\cabview.dll

2012-07-18 17:16:29 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2012-07-18 17:16:27 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-07-18 17:16:27 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-07-18 17:16:27 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-07-18 17:12:39 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-18 17:04:54 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-07-18 17:04:49 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-18 17:04:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-18 16:23:39 -------- d-----w- C:\Program Files\Realtek

2012-07-18 16:23:34 0 ----a-w- C:\Windows\ativpsrm.bin

2012-07-18 07:09:40 -------- d-----w- C:\Users\alex\AppData\Local\uTorrent

2012-07-18 05:55:33 -------- d-----w- C:\Users\alex\AppData\Roaming\AVG2012

2012-07-18 05:51:35 -------- d-----w- C:\ProgramData\AVG2012

2012-07-18 05:49:59 -------- d-----w- C:\Program Files (x86)\AVG

2012-07-18 05:42:15 -------- d--h--w- C:\ProgramData\Common Files

2012-07-18 05:41:44 -------- d-----w- C:\ProgramData\MFAData

2012-07-14 21:10:52 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-13 03:24:25 -------- d-----w- C:\Users\alex\AppData\Roaming\Malwarebytes

2012-07-13 03:23:59 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-13 03:23:57 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-13 03:23:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-11 07:02:28 2311680 ------w- C:\Windows\System32\jscript9.dll

2012-07-11 07:02:27 1800192 ------w- C:\Windows\SysWow64\jscript9.dll

2012-07-11 00:58:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{436673BF-C065-4016-BC46-1A05C39D19F8}\mpengine.dll

2012-07-05 22:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2012-07-12 03:13:43 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 03:13:43 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-24 17:39:06 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-05-24 17:39:06 687560 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll

.

============= FINISH: 15:12:29.10 ===============

Link to post
Share on other sites

Please re-run TDSSKiller, but this time use Delete option for this entry:

14:38:05.0251 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

14:38:05.0251 1700 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Next:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 12-07-30.01 - alex 07/30/2012 18:06:53.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1520 [GMT -4:00]

Running from: c:\users\alex\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\k15n400i.default\searchplugins\bing-zugo.xml

c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\@

c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\L\00000004.@

c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\L\201d3dde

c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\00000004.@

c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\000000cb.@

c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trz1170.tmp

c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trzA0AB.tmp

c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trzA2AF.tmp

c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trzD32F.tmp

c:\windows\Installer\{57a22c58-5554-62a7-7cbe-7e74f84b2839}\U\trzFCF3.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))

.

.

2012-07-30 22:12 . 2012-07-30 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-30 18:38 . 2012-07-30 21:30 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-30 01:30 . 2012-07-30 01:30 -------- d-----w- c:\programdata\Kaspersky Lab

2012-07-30 00:35 . 2012-07-30 06:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-07-30 00:35 . 2012-07-30 06:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-29 01:52 . 2012-07-29 01:52 -------- d-----w- C:\$WINDOWS.~LS

2012-07-29 01:51 . 2012-07-29 02:05 -------- d-----w- C:\$UPGRADE.~OS

2012-07-18 21:50 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2012-07-18 21:50 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2012-07-18 21:46 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-07-18 21:27 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

2012-07-18 21:27 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll

2012-07-18 21:02 . 2012-07-03 07:19 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-18 20:52 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-07-18 20:52 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-07-18 20:52 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-07-18 20:52 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-07-18 20:52 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-07-18 20:52 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-07-18 20:52 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-07-18 20:47 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2012-07-18 20:41 . 2010-06-26 05:31 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll

2012-07-18 20:40 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll

2012-07-18 20:38 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll

2012-07-18 20:37 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll

2012-07-18 20:36 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe

2012-07-18 20:35 . 2011-06-15 09:58 106496 ----a-w- c:\windows\system32\odbccu32.dll

2012-07-18 20:34 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys

2012-07-18 20:33 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys

2012-07-18 20:32 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi

2012-07-18 20:18 . 2012-07-18 17:24 -------- d-----w- c:\windows\Panther

2012-07-18 20:14 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-07-18 20:14 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-07-18 20:08 . 2012-07-29 03:15 -------- d-----w- C:\$WINDOWS.~Q

2012-07-18 20:02 . 2012-07-29 03:15 -------- d-----w- C:\$INPLACE.~TR

2012-07-18 18:15 . 2012-07-29 03:15 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-07-18 18:13 . 2012-07-18 18:13 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-07-18 18:13 . 2012-07-29 03:15 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-07-18 18:13 . 2012-07-18 18:13 -------- d-----w- c:\program files\Symantec

2012-07-18 18:10 . 2012-07-29 03:15 -------- d-----w- c:\windows\system32\drivers\NISx64

2012-07-18 18:10 . 2012-07-29 03:15 -------- d-----w- c:\program files (x86)\Norton Internet Security

2012-07-18 18:10 . 2012-07-29 03:15 -------- d-----w- c:\programdata\Norton

2012-07-18 18:10 . 2012-07-18 18:10 -------- d-----w- c:\program files (x86)\NortonInstaller

2012-07-18 17:27 . 2012-07-18 17:27 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-07-18 17:25 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-07-18 17:25 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-07-18 17:25 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-07-18 17:25 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-07-18 17:25 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-07-18 17:25 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-07-18 17:25 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-07-18 17:25 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-07-18 17:25 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-07-18 17:25 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-07-18 17:16 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

2012-07-18 17:16 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

2012-07-18 17:16 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-07-18 17:16 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-07-18 17:16 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-07-18 17:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-18 17:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-07-18 17:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-07-18 17:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-18 17:04 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-07-18 17:04 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-07-18 17:04 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-07-18 17:04 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-18 17:04 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-07-18 16:24 . 2012-07-29 05:10 -------- d-----w- c:\users\alex

2012-07-18 16:23 . 2012-07-18 16:23 -------- d-----w- c:\program files\Realtek

2012-07-18 16:23 . 2012-07-18 16:23 0 ----a-w- c:\windows\ativpsrm.bin

2012-07-18 05:51 . 2012-07-18 16:31 -------- d-----w- c:\programdata\AVG2012

2012-07-18 05:49 . 2012-07-18 16:26 -------- d-----w- c:\program files (x86)\AVG

2012-07-18 05:42 . 2012-07-18 16:31 -------- d--h--w- c:\programdata\Common Files

2012-07-18 05:41 . 2012-07-18 16:31 -------- d-----w- c:\programdata\MFAData

2012-07-14 21:10 . 2012-07-18 16:35 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-13 03:23 . 2012-07-18 16:31 -------- d-----w- c:\programdata\Malwarebytes

2012-07-13 03:23 . 2012-07-29 03:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-13 03:23 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-11 07:02 . 2012-06-02 12:12 2311680 ------w- c:\windows\system32\jscript9.dll

2012-07-11 07:02 . 2012-06-02 08:33 1800192 ------w- c:\windows\SysWow64\jscript9.dll

2012-07-11 00:58 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{436673BF-C065-4016-BC46-1A05C39D19F8}\mpengine.dll

2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 03:13 . 2012-05-24 17:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 03:13 . 2011-09-08 00:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 16:21 . 2011-01-16 03:30 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-05-24 17:39 . 2012-05-24 17:39 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-05-24 17:39 . 2010-12-20 22:09 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-03 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 2245120]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-30 210216]

.

c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2011-1-11 0]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-6-23 510464]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-19 1255736]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [2009-08-30 433200]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-11 1161376]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120722.001\IDSvia64.sys [2012-07-18 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [2010-04-29 150064]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 203264]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 7451648]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 268288]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-20 349800]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1222144]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - aswFsBlk

*Deregistered* - aswMonFlt

*Deregistered* - aswRdr

*Deregistered* - aswSnx

*Deregistered* - aswSP

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 03:13]

.

2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:00]

.

2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:00]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{C586CC9B-EA3B-4DFF-8586-CAC24E85BA53}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\k15n400i.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc494d9c3-4575-492f-a3fc-410b8d48ed66%7D&mid=80d92f78c6a647d0bcbc41b2e0095930-c85fc113044bd8c366b4bf06810b10f7f3da2474&ds=AVG&v=10.0.0.7〈=en&pr=pr&d=2012-07-18%2001%3A54%3A00&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

.

**************************************************************************

.

Completion time: 2012-07-30 18:22:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-30 22:22

.

Pre-Run: 254,327,181,312 bytes free

Post-Run: 256,748,392,448 bytes free

.

- - End Of File - - 59135C4BB4EA48AB97A07B35894DB6EF

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.