Jump to content

Svchost.exe won't go away


Recommended Posts

after installing and running Malwarebytes it continues to find C:\Windows\svchost.exe, block it, and quarantine it up to 6 times a minute. nothing I have tried can find the source. hope you can help

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.9.2

Run by Hellfire at 18:55:36 on 2013-02-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.3613 [GMT -8:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\XSrvSetup.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

D:\Steam\steam.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Users\Hellfire\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe

C:\Users\Hellfire\AppData\Local\Apps\2.0\Y27T3LBL.80L\B5J8MRKC.G0E\curs..tion_9e9e83ddf3ed3ead_0005.0001_f98d05d4713e76ec\CurseClient.exe

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\java.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://us.blizzard.com/en-us/

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ips\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coieplg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coieplg.dll

uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

uRun: [steam] "D:\Steam\Steam.exe" -silent

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Diagnostics] rundll32 "C:\Users\Hellfire\AppData\Local\Stronghold_LLC\Diagnostics\wcmqvjrqy.dll",DllRegisterServerW

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

StartupFolder: C:\Users\Hellfire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\Users\Hellfire\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Hellfire\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Hellfire\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MINECR~1.LNK - C:\Users\Hellfire\AppData\Roaming\.minecraft\Multiplayer\Server.bat

StartupFolder: C:\Users\Hellfire\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PS3MED~1.LNK - C:\Program Files (x86)\PS3 Media Server\PMS.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{7076D7A2-2FFA-4CD9-ABA6-6FD5AD8A59B4} : DHCPNameServer = 192.168.2.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

AppInit_DLLs= c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Hellfire\AppData\Roaming\Mozilla\Firefox\Profiles\g1ijgwmp.default\

FF - prefs.js: browser.startup.homepage - hxxp://us.blizzard.com/en-us/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-01-31 09:43; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn

FF - ExtSQL: 2013-01-31 17:08; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn

FF - ExtSQL: 2013-01-31 22:19; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Hellfire\AppData\Roaming\Mozilla\Firefox\Profiles\g1ijgwmp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1403000.024\symds64.sys [2013-2-26 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1403000.024\symefa64.sys [2013-2-26 1139800]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-2-26 39768]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-13 1388120]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1403000.024\ccsetx64.sys [2013-2-26 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130228.001\IDSviA64.sys [2013-2-28 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1403000.024\ironx64.sys [2013-2-26 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1403000.024\symnets.sys [2013-2-26 432800]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2012-11-5 65536]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-27 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-27 682344]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccsvchst.exe [2013-2-26 144520]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-26 968880]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-5 138912]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-27 24176]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-9-25 73728]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-9-25 178688]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-5 239616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-6 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-5 1255736]

.

=============== Created Last 30 ================

.

2013-02-28 22:14:21 -------- d-----w- C:\Program Files (x86)\Seagate

2013-02-28 22:13:38 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2013-02-28 00:46:20 -------- d-----w- C:\Users\Hellfire\AppData\Local\Avg2013

2013-02-28 00:46:19 -------- d-----w- C:\Users\Hellfire\AppData\Local\MFAData

2013-02-28 00:46:19 -------- d-----w- C:\ProgramData\MFAData

2013-02-27 19:56:28 -------- d-----w- C:\Users\Hellfire\AppData\Roaming\Malwarebytes

2013-02-27 19:56:15 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-27 19:56:14 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-02-27 19:56:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-27 11:21:23 -------- d-----w- C:\Users\Hellfire\AppData\Local\AVG Secure Search

2013-02-27 03:02:26 -------- d-----w- C:\Users\Hellfire\AppData\Local\AVG SafeGuard toolbar

2013-02-27 03:01:56 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-02-27 03:01:53 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2013-02-27 03:01:32 -------- d--h--w- C:\ProgramData\Common Files

2013-02-27 03:01:29 127384 ----a-w- C:\Windows\System32\drivers\scdemu.sys

2013-02-27 03:01:29 -------- d-----w- C:\Program Files (x86)\PowerISO

2013-02-27 01:33:49 796248 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\srtsp64.sys

2013-02-27 01:33:49 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\symds64.sys

2013-02-27 01:33:49 432800 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\symnets.sys

2013-02-27 01:33:49 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\srtspx64.sys

2013-02-27 01:33:49 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1403000.024\symelam.sys

2013-02-27 01:33:49 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\ironx64.sys

2013-02-27 01:33:49 168096 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\ccsetx64.sys

2013-02-27 01:33:49 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1403000.024\symefa64.sys

2013-02-27 01:33:39 -------- d-----w- C:\Windows\System32\drivers\NISx64\1403000.024

2013-02-26 22:50:13 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3C07.tmp

2013-02-26 22:50:13 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3C06.tmp

2013-02-15 06:14:41 -------- d-----w- C:\Program Files (x86)\The Promised Land

2013-02-15 05:20:52 -------- d-----w- C:\Users\Hellfire\AppData\Roaming\EPubMetadataEditor

2013-02-15 05:13:25 -------- d-----w- C:\Users\Hellfire\AppData\Local\Programs

2013-02-14 21:41:40 -------- d-----w- C:\ProgramData\Big Fish Games

2013-02-14 21:18:07 -------- d-----w- C:\Users\Hellfire\AppData\Roaming\Boolat Games

2013-02-14 20:54:17 -------- d-----w- C:\Windows\The Promised Land

2013-02-13 11:01:31 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 11:01:31 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 09:28:27 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 09:28:27 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 09:28:26 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 09:28:23 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 09:28:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 09:28:21 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 09:28:21 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 09:28:21 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 09:28:21 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 09:28:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 09:28:19 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 09:28:19 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-11 04:53:27 -------- d-----w- C:\ProgramData\Belkin

2013-02-10 06:49:09 -------- d-----w- C:\Users\Hellfire\AppData\Roaming\Lonely Troops

2013-02-10 06:41:04 -------- d-----w- C:\Program Files (x86)\ReflexiveArcade

2013-02-05 08:13:28 -------- d-----w- C:\Users\Hellfire\AppData\Local\TERA

2013-02-03 23:28:00 43680 ----a-r- C:\Windows\System32\drivers\SymIMV.sys

2013-02-02 11:18:49 -------- d-----r- C:\Program Files (x86)\Skype

2013-02-01 06:28:57 -------- d-----w- C:\Users\Hellfire\dwhelper

2013-02-01 01:22:52 -------- d-----w- C:\Users\Hellfire\AppData\Local\Macromedia

2013-02-01 01:17:54 -------- d-----w- C:\Users\Hellfire\AppData\Local\Mozilla

2013-02-01 01:17:42 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-02-01 00:41:32 -------- d-----w- C:\Windows\SysWow64\Adobe

2013-02-01 00:25:50 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-01 00:25:50 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-21 22:18:30 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-12-21 22:18:30 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-12-21 21:30:08 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-12-19 23:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe

2012-12-19 23:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-12-19 23:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-12-19 23:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-12-19 23:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-12-19 23:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll

2012-12-19 23:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-12-19 23:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-12-19 23:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll

2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll

2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll

2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe

2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll

.

============= FINISH: 18:56:24.49 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/5/2012 9:02:24 PM

System Uptime: 2/28/2013 5:37:01 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | Socket 1366 | 1596/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 49 GiB total, 10.996 GiB free.

D: is FIXED (NTFS) - 195 GiB total, 39.928 GiB free.

E: is FIXED (NTFS) - 454 GiB total, 84.93 GiB free.

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP119: 2/28/2013 3:01:26 AM - Scheduled Checkpoint

RP120: 2/28/2013 2:13:59 PM - Installed SeaTools for Windows

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Adobe Shockwave Player 11.6

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Assassin's Creed ® III

Belkin Setup and Router Monitor

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CDisplayEx 1.8

Combined Community Codec Pack 2011-11-11

Curse Client

Diablo III

Dragon Nest

Dropbox

Far Cry 2

Far Cry 3

Freelancer

Gigabyte Raid Cinfigurer

Gnumeric Spreadsheet 1.10.16-20110616

Java 7 Update 9

Java 7 Update 9 (64-bit)

Java Auto Updater

Legend of Grimrock

Malwarebytes Anti-Malware version 1.70.0.1100

Mass Effect

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Game Studios Common Redistributables Pack 1

Microsoft Office Excel Viewer

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XML Parser

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Mozilla Firefox 18.0.2 (x86 en-US)

Mozilla Maintenance Service

NEC Electronics USB 3.0 Host Controller Driver

Norton Internet Security

Path of Exile

PowerISO

PS3 Media Server

PunkBuster Services

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek High Definition Audio Driver

SeaTools for Windows

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Skype™ 6.1

Star Trek Online

Steam

Strike Suit Zero

Supreme Commander 2

swMSM

TERA

Terraria

The Promised Land

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Uplay

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.4

Warhammer 40000 - Space Marine

WinRAR 4.20 (64-bit)

World of Warcraft

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

2/28/2013 5:26:06 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/28/2013 5:26:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/28/2013 5:26:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

2/28/2013 12:42:33 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

2/28/2013 11:08:53 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fef800a, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ea9e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022813-30576-01.

2/27/2013 7:16:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

2/27/2013 7:16:11 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

2/27/2013 7:15:41 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

2/27/2013 7:15:41 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

2/27/2013 5:02:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e5926b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022713-47970-01.

2/27/2013 1:31:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

2/27/2013 1:31:13 PM, Error: Service Control Manager [7022] - The Server service hung on starting.

2/26/2013 3:02:56 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

2/26/2013 3:02:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

2/26/2013 3:02:44 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/26/2013 3:01:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

2/26/2013 3:01:50 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

2/26/2013 3:01:34 PM, Error: SRTSP [4] - Error loading virus definitions.

2/26/2013 2:58:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

2/26/2013 2:57:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 2:55:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/26/2013 2:55:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/26/2013 2:55:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

2/26/2013 2:55:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/26/2013 2:55:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/26/2013 2:55:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/26/2013 2:55:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002eb926b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022613-30685-01.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr SRTSP SRTSPX SymIM SymIRON SymNetS tdx Wanarpv6 WfpLwf

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/26/2013 2:55:29 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/26/2013 1:38:27 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Haven\Hellfire SID (S-1-5-21-1126144918-1096871225-3139060307-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

2/25/2013 4:56:48 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MUNCHKINS that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7076D7A2-2FFA-4CD9-ABA6-6FD5AD8A59B4}. The master browser is stopping or an election is being forced.

2/22/2013 7:20:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KATZ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7076D7A2-2FFA-4CD9-ABA6-6FD5AD8A59B4}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2013

Ran by SYSTEM at 28-02-2013 22:24:24

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8306208 2009-10-21] (Realtek Semiconductor)

HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()

HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-09-25] (NEC Electronics Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1885088 2012-02-23] (Affinegy, Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [337432 2013-01-27] (Power Software Ltd)

HKU\Default\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]

HKU\Default User\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]

HKU\Hellfire\...\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [x]

HKU\Hellfire\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [6595928 2012-05-25] (Yahoo! Inc.)

HKU\Hellfire\...\Run: [steam] "D:\Steam\Steam.exe" -silent [x]

HKU\Hellfire\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)

HKU\Hellfire\...\Run: [Diagnostics] rundll32 "C:\Users\Hellfire\AppData\Local\Stronghold_LLC\Diagnostics\wcmqvjrqy.dll",DllRegisterServerW [638976 2013-02-18] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Startup: C:\Users\Hellfire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\Hellfire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

Startup: C:\Users\Hellfire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Minecraft Server.lnk

ShortcutTarget: Minecraft Server.lnk -> C:\Users\Hellfire\AppData\Roaming\.minecraft\Multiplayer\Server.bat ()

Startup: C:\Users\Hellfire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PS3 Media Server.lnk

ShortcutTarget: PS3 Media Server.lnk -> C:\Program Files (x86)\PS3 Media Server\PMS.exe (PS3 Media Server)

==================== Services (Whitelisted) ===================

2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [563104 2012-02-23] (Affinegy, Inc.)

2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-05] ()

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)

2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\diMaster.dll" /prefetch:1 [551728 2013-02-06] (Symantec Corporation)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-03] ()

2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-26] ()

==================== Drivers (Whitelisted) =====================

1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-26] (AVG Technologies)

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)

1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys [168096 2012-11-15] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130228.001\IDSvia64.sys [513184 2012-11-03] (Symantec Corporation)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130228.017\ENG64.SYS [126192 2013-02-26] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130228.017\EX64.SYS [2087664 2013-02-26] (Symantec Corporation)

1 SRTSP; C:\Windows\System32\Drivers\NISx64\1403000.024\SRTSP64.SYS [796248 2013-01-28] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NISx64\1403000.024\SRTSPX64.SYS [36952 2013-01-28] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\NISx64\1403000.024\SYMDS64.SYS [493656 2013-01-21] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NISx64\1403000.024\SYMEFA64.SYS [1139800 2013-01-30] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-11-05] (Symantec Corporation)

1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2012-09-06] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS [224416 2012-11-15] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\NISx64\1403000.024\SYMNETS.SYS [432800 2013-01-30] (Symantec Corporation)

3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

3 gdrv; \??\C:\Windows\gdrv.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-02-28 22:23 - 2013-02-28 22:23 - 00000000 ____D C:\FRST

2013-02-28 18:56 - 2013-02-28 18:56 - 00024746 ____A C:\Users\Hellfire\Desktop\dds.txt

2013-02-28 18:56 - 2013-02-28 18:56 - 00014722 ____A C:\Users\Hellfire\Desktop\attach.txt

2013-02-28 18:55 - 2013-02-28 18:55 - 00688992 ____R (Swearware) C:\Users\Hellfire\Desktop\dds.scr

2013-02-28 17:54 - 2013-02-28 18:36 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part05.rar

2013-02-28 14:16 - 2013-02-28 14:52 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part04.rar

2013-02-28 14:14 - 2013-02-28 14:14 - 00000000 ____D C:\Program Files (x86)\Seagate

2013-02-28 11:08 - 2013-02-28 11:08 - 00274336 ____A C:\Windows\Minidump\022813-30576-01.dmp

2013-02-28 08:11 - 2013-02-28 08:47 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part03.rar

2013-02-28 00:48 - 2013-02-28 00:49 - 22697902 ____A C:\Users\Hellfire\Desktop\_Scream and Shout_ MLP FIM PMV.mp4

2013-02-27 22:51 - 2013-02-27 23:27 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part02.rar

2013-02-27 19:15 - 2013-02-28 22:11 - 00001188 ____A C:\Windows\setupact.log

2013-02-27 19:15 - 2013-02-27 19:15 - 00000000 ____A C:\Windows\setuperr.log

2013-02-27 17:42 - 2013-02-27 18:21 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part01.rar

2013-02-27 17:02 - 2013-02-28 11:08 - 00000000 ____D C:\Windows\Minidump

2013-02-27 16:46 - 2013-02-27 17:24 - 00000000 ____D C:\ProgramData\MFAData

2013-02-27 16:46 - 2013-02-27 16:46 - 00000000 ____D C:\Users\Hellfire\AppData\Local\MFAData

2013-02-27 16:46 - 2013-02-27 16:46 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Avg2013

2013-02-27 11:56 - 2013-02-27 11:56 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-02-27 11:56 - 2013-02-27 11:56 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Malwarebytes

2013-02-27 11:56 - 2013-02-27 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-02-27 11:56 - 2013-02-27 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-27 11:56 - 2012-12-14 16:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-02-27 03:21 - 2013-02-27 03:21 - 00000000 ____D C:\Users\Hellfire\AppData\Local\AVG Secure Search

2013-02-27 03:00 - 2013-01-13 13:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-02-27 03:00 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-02-27 03:00 - 2013-01-13 12:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-02-27 03:00 - 2013-01-13 12:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-02-27 03:00 - 2013-01-13 12:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-02-27 03:00 - 2013-01-13 12:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-02-27 03:00 - 2013-01-13 12:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-02-27 03:00 - 2013-01-13 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-02-27 03:00 - 2013-01-13 11:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-02-27 03:00 - 2013-01-13 11:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-02-27 03:00 - 2013-01-13 11:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-02-27 03:00 - 2013-01-13 11:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-02-27 03:00 - 2013-01-13 11:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-02-27 03:00 - 2013-01-13 11:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-02-27 03:00 - 2013-01-13 11:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-02-27 03:00 - 2013-01-13 11:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-02-27 03:00 - 2013-01-13 11:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-02-27 03:00 - 2013-01-13 11:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-02-27 03:00 - 2013-01-13 11:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-02-27 03:00 - 2013-01-13 11:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-02-27 03:00 - 2013-01-13 11:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-02-27 03:00 - 2013-01-13 11:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-02-27 03:00 - 2013-01-13 11:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-02-27 03:00 - 2013-01-13 11:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-02-27 03:00 - 2013-01-13 11:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-02-27 03:00 - 2013-01-13 11:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-02-27 03:00 - 2013-01-13 11:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-02-27 03:00 - 2013-01-13 11:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-02-27 03:00 - 2013-01-13 11:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-02-27 03:00 - 2013-01-13 10:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-02-27 03:00 - 2013-01-13 10:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-02-27 03:00 - 2013-01-13 10:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-02-27 03:00 - 2013-01-13 09:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-02-27 03:00 - 2013-01-13 09:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-02-27 03:00 - 2013-01-03 22:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-02-27 03:00 - 2013-01-03 22:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-02-26 19:24 - 2013-02-26 19:24 - 00000830 ____A C:\Users\Public\Desktop\SSZ.lnk

2013-02-26 19:02 - 2013-02-26 19:02 - 00001011 ____A C:\Users\Public\Desktop\PowerISO.lnk

2013-02-26 19:02 - 2013-02-26 19:02 - 00000000 ____D C:\Users\Hellfire\AppData\Local\AVG SafeGuard toolbar

2013-02-26 19:01 - 2013-02-26 19:02 - 00000000 ____D C:\Program Files (x86)\PowerISO

2013-02-26 19:01 - 2013-02-26 19:01 - 00039768 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys

2013-02-26 19:01 - 2013-01-27 05:35 - 00127384 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys

2013-02-20 19:10 - 2013-02-20 19:11 - 35112960 ____A C:\Users\Hellfire\Desktop\Amo-Chan_Sunshine.avi

2013-02-20 19:10 - 2013-02-20 19:10 - 30316766 ____A C:\Users\Hellfire\Desktop\Blessed Days In The Cherry Blossoms [Radical_Yue].mp4

2013-02-20 16:13 - 2013-02-20 16:14 - 16677171 ____A C:\Users\Hellfire\Desktop\RWBY _White_ Trailer.mp4

2013-02-20 16:06 - 2013-02-20 16:06 - 17620779 ____A C:\Users\Hellfire\Desktop\RWBY _Red_ Trailer.mp4

2013-02-20 12:59 - 2013-02-20 12:59 - 13475287 ____A C:\Users\Hellfire\Desktop\[PMV] To the sky.mp4

2013-02-17 09:04 - 2013-02-17 09:09 - 00007748 ____A C:\Users\Hellfire\Desktop\GameFAQs Dynasty Warriors 7 (PS3) Dim Sum Location Guide by divini.txt

2013-02-14 22:14 - 2013-02-14 22:14 - 00002019 ____A C:\Users\Hellfire\Desktop\The Promised Land .lnk

2013-02-14 22:14 - 2013-02-14 22:14 - 00000000 ____D C:\Program Files (x86)\The Promised Land

2013-02-14 21:20 - 2013-02-14 21:20 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\EPubMetadataEditor

2013-02-14 21:13 - 2013-02-14 21:13 - 00000840 ____A C:\Users\Hellfire\.recently-used.xbel

2013-02-14 13:41 - 2013-02-14 13:45 - 00000000 ____D C:\ProgramData\Big Fish Games

2013-02-14 13:18 - 2013-02-14 13:18 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Boolat Games

2013-02-14 12:54 - 2013-02-14 12:54 - 00000000 ____D C:\Windows\The Promised Land

2013-02-14 12:51 - 2013-02-14 12:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2013-02-13 09:30 - 2013-02-13 09:32 - 145802744 ____A (Symantec Corporation) C:\Users\Public\NIS-TW-30-20-1-0-24-EN-US.exe

2013-02-13 03:06 - 2013-02-13 03:06 - 00000118 ____A C:\Windows\System32\MRT.INI

2013-02-13 03:00 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-02-13 03:00 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-02-13 03:00 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-02-13 03:00 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-02-13 03:00 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-02-13 03:00 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-02-13 03:00 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-02-13 03:00 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-02-13 03:00 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-02-13 03:00 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-02-13 03:00 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-02-13 03:00 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-02-13 03:00 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-02-13 03:00 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-02-13 03:00 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-02-13 03:00 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-02-13 03:00 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-02-13 03:00 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-02-13 03:00 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-02-13 03:00 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-02-13 03:00 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-02-13 03:00 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-02-13 03:00 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-02-13 03:00 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-02-13 03:00 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-02-13 03:00 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-02-13 03:00 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-02-13 03:00 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-02-13 03:00 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-02-13 03:00 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-02-13 03:00 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-02-13 03:00 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-02-13 01:28 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-02-13 01:28 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-02-13 01:28 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-02-13 01:28 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-02-13 01:28 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-02-13 01:28 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-02-13 01:28 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-02-13 01:28 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-02-13 01:28 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-02-13 01:28 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-02-13 01:28 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-02-13 01:28 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2013-02-11 23:24 - 2012-08-19 17:35 - 00000000 ____D C:\Users\Hellfire\Desktop\FightingIsMagic

2013-02-11 23:23 - 2013-02-11 23:23 - 00000651 ____A C:\Users\Public\Desktop\Diablo III.lnk

2013-02-10 20:53 - 2013-02-10 20:53 - 00000000 ____D C:\ProgramData\Belkin

2013-02-10 20:47 - 2013-02-10 20:48 - 00000000 ____D C:\Users\Hellfire\Desktop\MCEdit-0.1.6.win-amd64

2013-02-09 22:49 - 2013-02-09 22:49 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Lonely Troops

2013-02-09 22:44 - 2013-02-09 22:44 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\PlayFirst

2013-02-09 22:44 - 2013-02-09 22:44 - 00000000 ____D C:\ProgramData\PlayFirst

2013-02-09 22:41 - 2013-02-09 22:41 - 00000000 ____D C:\Program Files (x86)\ReflexiveArcade

2013-02-09 22:40 - 2013-02-07 21:51 - 99145558 ____A C:\Users\Public\World Mosaics 3 - Fairy Tales - Full PreCracked - Foxy Games.exe

2013-02-07 09:38 - 2013-02-07 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-02-05 00:13 - 2013-02-05 00:14 - 00000000 ____D C:\Users\Hellfire\AppData\Local\TERA

2013-02-05 00:13 - 2013-02-05 00:13 - 00000419 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk

2013-02-04 00:59 - 2013-02-04 00:59 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-02-04 00:59 - 2013-02-04 00:59 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-02-04 00:59 - 2013-02-04 00:59 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-02-04 00:59 - 2013-02-04 00:59 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-02-04 00:59 - 2013-02-04 00:59 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-02-04 00:59 - 2013-02-04 00:59 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-02-04 00:59 - 2013-02-04 00:59 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-02-03 15:28 - 2012-09-06 18:05 - 00043680 ___RA (Symantec Corporation) C:\Windows\System32\Drivers\SymIMV.sys

2013-02-02 03:18 - 2013-02-02 03:18 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-01-31 23:09 - 2013-01-31 23:10 - 14798794 ____A C:\Users\Hellfire\Desktop\Let_s Go and Meet the Bronies.mp4

2013-01-31 22:28 - 2013-01-31 22:40 - 00000000 ____D C:\Users\Hellfire\dwhelper

2013-01-31 17:53 - 2012-11-09 00:46 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE

2013-01-31 17:22 - 2013-01-31 17:22 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Macromedia

2013-01-31 17:17 - 2013-02-09 22:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-01-31 17:17 - 2013-01-31 17:18 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Mozilla

2013-01-31 17:17 - 2013-01-31 17:17 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Mozilla

2013-01-31 17:17 - 2013-01-31 17:17 - 00000000 ____D C:\ProgramData\Mozilla

2013-01-31 16:41 - 2013-01-31 16:41 - 00000000 ____D C:\Windows\SysWOW64\Adobe

2013-01-31 16:25 - 2013-02-28 21:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-01-31 16:25 - 2013-02-26 16:24 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-01-31 16:25 - 2013-02-26 16:24 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified Files and Folders =======

2013-02-28 22:23 - 2013-02-28 22:23 - 00000000 ____D C:\FRST

2013-02-28 22:18 - 2012-11-05 21:02 - 01303025 ____A C:\Windows\WindowsUpdate.log

2013-02-28 22:14 - 2012-11-05 21:47 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Skype

2013-02-28 22:14 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI

2013-02-28 22:11 - 2013-02-27 19:15 - 00001188 ____A C:\Windows\setupact.log

2013-02-28 21:24 - 2013-01-31 16:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-02-28 19:39 - 2012-11-06 08:02 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Deployment

2013-02-28 18:56 - 2013-02-28 18:56 - 00024746 ____A C:\Users\Hellfire\Desktop\dds.txt

2013-02-28 18:56 - 2013-02-28 18:56 - 00014722 ____A C:\Users\Hellfire\Desktop\attach.txt

2013-02-28 18:55 - 2013-02-28 18:55 - 00688992 ____R (Swearware) C:\Users\Hellfire\Desktop\dds.scr

2013-02-28 18:54 - 2012-11-05 21:33 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\BitTorrent

2013-02-28 18:36 - 2013-02-28 17:54 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part05.rar

2013-02-28 17:44 - 2009-07-13 20:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-02-28 17:44 - 2009-07-13 20:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-02-28 17:38 - 2013-01-22 07:31 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Dropbox

2013-02-28 17:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-02-28 14:52 - 2013-02-28 14:16 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part04.rar

2013-02-28 14:14 - 2013-02-28 14:14 - 00000000 ____D C:\Program Files (x86)\Seagate

2013-02-28 11:19 - 2012-11-05 22:10 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\.minecraft

2013-02-28 11:08 - 2013-02-28 11:08 - 00274336 ____A C:\Windows\Minidump\022813-30576-01.dmp

2013-02-28 11:08 - 2013-02-27 17:02 - 00000000 ____D C:\Windows\Minidump

2013-02-28 09:42 - 2012-11-05 23:41 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\vlc

2013-02-28 08:47 - 2013-02-28 08:11 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part03.rar

2013-02-28 00:49 - 2013-02-28 00:48 - 22697902 ____A C:\Users\Hellfire\Desktop\_Scream and Shout_ MLP FIM PMV.mp4

2013-02-27 23:27 - 2013-02-27 22:51 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part02.rar

2013-02-27 19:15 - 2013-02-27 19:15 - 00000000 ____A C:\Windows\setuperr.log

2013-02-27 19:09 - 2012-11-06 00:00 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Media Player Classic

2013-02-27 19:09 - 2012-11-05 20:53 - 00000000 ____D C:\Windows\Panther

2013-02-27 18:21 - 2013-02-27 17:42 - 111671872 ____A C:\Users\Hellfire\Desktop\3dfoerstories.part01.rar

2013-02-27 17:24 - 2013-02-27 16:46 - 00000000 ____D C:\ProgramData\MFAData

2013-02-27 16:46 - 2013-02-27 16:46 - 00000000 ____D C:\Users\Hellfire\AppData\Local\MFAData

2013-02-27 16:46 - 2013-02-27 16:46 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Avg2013

2013-02-27 13:27 - 2012-12-20 21:06 - 00000000 ____D C:\Users\Hellfire\AppData\Local\SwvUpdater

2013-02-27 11:56 - 2013-02-27 11:56 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-02-27 11:56 - 2013-02-27 11:56 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Malwarebytes

2013-02-27 11:56 - 2013-02-27 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-02-27 11:56 - 2013-02-27 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-27 06:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-02-27 03:21 - 2013-02-27 03:21 - 00000000 ____D C:\Users\Hellfire\AppData\Local\AVG Secure Search

2013-02-27 03:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-02-27 03:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-02-27 03:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-02-27 03:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-02-26 19:24 - 2013-02-26 19:24 - 00000830 ____A C:\Users\Public\Desktop\SSZ.lnk

2013-02-26 19:02 - 2013-02-26 19:02 - 00001011 ____A C:\Users\Public\Desktop\PowerISO.lnk

2013-02-26 19:02 - 2013-02-26 19:02 - 00000000 ____D C:\Users\Hellfire\AppData\Local\AVG SafeGuard toolbar

2013-02-26 19:02 - 2013-02-26 19:01 - 00000000 ____D C:\Program Files (x86)\PowerISO

2013-02-26 19:01 - 2013-02-26 19:01 - 00039768 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys

2013-02-26 18:05 - 2012-11-05 21:19 - 00000000 ____D C:\Windows\System32\Drivers\NISx64

2013-02-26 16:24 - 2013-01-31 16:25 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-02-26 16:24 - 2013-01-31 16:25 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-02-26 15:01 - 2012-11-05 21:02 - 00000000 ____D C:\users\Hellfire

2013-02-26 15:00 - 2012-11-05 21:19 - 00000000 ____D C:\ProgramData\Norton

2013-02-26 15:00 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-02-26 15:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep

2013-02-26 15:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-02-26 15:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2013-02-20 19:11 - 2013-02-20 19:10 - 35112960 ____A C:\Users\Hellfire\Desktop\Amo-Chan_Sunshine.avi

2013-02-20 19:10 - 2013-02-20 19:10 - 30316766 ____A C:\Users\Hellfire\Desktop\Blessed Days In The Cherry Blossoms [Radical_Yue].mp4

2013-02-20 16:14 - 2013-02-20 16:13 - 16677171 ____A C:\Users\Hellfire\Desktop\RWBY _White_ Trailer.mp4

2013-02-20 16:06 - 2013-02-20 16:06 - 17620779 ____A C:\Users\Hellfire\Desktop\RWBY _Red_ Trailer.mp4

2013-02-20 12:59 - 2013-02-20 12:59 - 13475287 ____A C:\Users\Hellfire\Desktop\[PMV] To the sky.mp4

2013-02-19 19:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2013-02-18 08:15 - 2012-12-20 21:07 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Stronghold_LLC

2013-02-17 09:09 - 2013-02-17 09:04 - 00007748 ____A C:\Users\Hellfire\Desktop\GameFAQs Dynasty Warriors 7 (PS3) Dim Sum Location Guide by divini.txt

2013-02-14 22:14 - 2013-02-14 22:14 - 00002019 ____A C:\Users\Hellfire\Desktop\The Promised Land .lnk

2013-02-14 22:14 - 2013-02-14 22:14 - 00000000 ____D C:\Program Files (x86)\The Promised Land

2013-02-14 21:20 - 2013-02-14 21:20 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\EPubMetadataEditor

2013-02-14 21:13 - 2013-02-14 21:13 - 00000840 ____A C:\Users\Hellfire\.recently-used.xbel

2013-02-14 21:09 - 2013-01-11 01:02 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\gtk-2.0

2013-02-14 13:45 - 2013-02-14 13:41 - 00000000 ____D C:\ProgramData\Big Fish Games

2013-02-14 13:18 - 2013-02-14 13:18 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Boolat Games

2013-02-14 12:54 - 2013-02-14 12:54 - 00000000 ____D C:\Windows\The Promised Land

2013-02-14 12:51 - 2013-02-14 12:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2013-02-13 11:55 - 2012-11-05 21:14 - 00000000 ____D C:\Users\Hellfire\AppData\Local\ATI

2013-02-13 09:32 - 2013-02-13 09:30 - 145802744 ____A (Symantec Corporation) C:\Users\Public\NIS-TW-30-20-1-0-24-EN-US.exe

2013-02-13 03:25 - 2009-07-13 20:45 - 00284136 ____A C:\Windows\System32\FNTCACHE.DAT

2013-02-13 03:06 - 2013-02-13 03:06 - 00000118 ____A C:\Windows\System32\MRT.INI

2013-02-13 03:04 - 2012-11-05 23:27 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-02-11 23:25 - 2012-11-05 21:02 - 00000000 ____D C:\Users\Hellfire\AppData\Local\VirtualStore

2013-02-11 23:23 - 2013-02-11 23:23 - 00000651 ____A C:\Users\Public\Desktop\Diablo III.lnk

2013-02-10 20:53 - 2013-02-10 20:53 - 00000000 ____D C:\ProgramData\Belkin

2013-02-10 20:48 - 2013-02-10 20:47 - 00000000 ____D C:\Users\Hellfire\Desktop\MCEdit-0.1.6.win-amd64

2013-02-09 22:49 - 2013-02-09 22:49 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Lonely Troops

2013-02-09 22:44 - 2013-02-09 22:44 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\PlayFirst

2013-02-09 22:44 - 2013-02-09 22:44 - 00000000 ____D C:\ProgramData\PlayFirst

2013-02-09 22:41 - 2013-02-09 22:41 - 00000000 ____D C:\Program Files (x86)\ReflexiveArcade

2013-02-09 22:33 - 2013-01-31 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-02-07 21:51 - 2013-02-09 22:40 - 99145558 ____A C:\Users\Public\World Mosaics 3 - Fairy Tales - Full PreCracked - Foxy Games.exe

2013-02-07 09:38 - 2013-02-07 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-02-05 00:14 - 2013-02-05 00:13 - 00000000 ____D C:\Users\Hellfire\AppData\Local\TERA

2013-02-05 00:13 - 2013-02-05 00:13 - 00000419 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk

2013-02-04 01:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-02-04 00:59 - 2013-02-04 00:59 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-02-04 00:59 - 2013-02-04 00:59 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-02-04 00:59 - 2013-02-04 00:59 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-02-04 00:59 - 2013-02-04 00:59 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-02-04 00:59 - 2013-02-04 00:59 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-02-04 00:59 - 2013-02-04 00:59 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-02-04 00:59 - 2013-02-04 00:59 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-02-04 00:59 - 2013-02-04 00:59 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-02-04 00:59 - 2013-02-04 00:59 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-02-04 00:37 - 2012-11-05 23:02 - 00000000 ____D C:\ProgramData\Adobe

2013-02-02 03:19 - 2012-11-05 21:47 - 00000000 ____D C:\ProgramData\Skype

2013-02-02 03:18 - 2013-02-02 03:18 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-01-31 23:10 - 2013-01-31 23:09 - 14798794 ____A C:\Users\Hellfire\Desktop\Let_s Go and Meet the Bronies.mp4

2013-01-31 22:40 - 2013-01-31 22:28 - 00000000 ____D C:\Users\Hellfire\dwhelper

2013-01-31 17:22 - 2013-01-31 17:22 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Macromedia

2013-01-31 17:18 - 2013-01-31 17:17 - 00000000 ____D C:\Users\Hellfire\AppData\Roaming\Mozilla

2013-01-31 17:17 - 2013-01-31 17:17 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Mozilla

2013-01-31 17:17 - 2013-01-31 17:17 - 00000000 ____D C:\ProgramData\Mozilla

2013-01-31 17:01 - 2013-01-07 11:29 - 00000000 ____D C:\Users\Hellfire\AppData\Local\Unity

2013-01-31 16:41 - 2013-01-31 16:41 - 00000000 ____D C:\Windows\SysWOW64\Adobe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-28 03:01:35

Restore point made on: 2013-02-28 14:14:10

==================== Memory info ===========================

Percentage of memory in use: 11%

Total physical RAM: 6142.49 MB

Available physical RAM: 5438.49 MB

Total Pagefile: 6140.64 MB

Available Pagefile: 5423.81 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:48.73 GB) (Free:10.9 GB) NTFS

2 Drive e: () (Fixed) (Total:195.31 GB) (Free:39.93 GB) NTFS

4 Drive g: () (Removable) (Total:7.45 GB) (Free:3.36 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 454 GB

Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:

===============

Disk ID: EED4EEC7

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 48 GB 101 MB

Partition 3 Primary 195 GB 48 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 48 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E NTFS Partition 195 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 00000000

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G FAT32 Removable 7633 MB Healthy

=========================================================

Last Boot: 2013-02-23 01:34

==================== End Of Log =============================

Link to post
Share on other sites

  • Staff

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\Hellfire\...\Run: [Diagnostics] rundll32 "C:\Users\Hellfire\AppData\Local\Stronghold_LLC\Diagnostics\wcmqvjrqy.dll",DllRegisterServerW [638976 2013-02-18] (Microsoft Corporation)
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

NEXT

Please download TDSSKiller.zip

  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now

    [*]Copy and paste the log in your next reply

    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Link to post
Share on other sites

Had 2 tdss logs, posting both

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-02-2013

Ran by SYSTEM at 2013-03-01 10:22:37 Run:1

Running from G:\

==============================================

HKEY_USERS\Hellfire\Software\Microsoft\Windows\CurrentVersion\Run\\Diagnostics Value deleted successfully.

==== End of Fixlog ====

10:27:09.0818 6224 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

10:27:11.0669 6224 ============================================================

10:27:11.0669 6224 Current date / time: 2013/03/01 10:27:11.0669

10:27:11.0669 6224 SystemInfo:

10:27:11.0669 6224

10:27:11.0670 6224 OS Version: 6.1.7601 ServicePack: 1.0

10:27:11.0670 6224 Product type: Workstation

10:27:11.0670 6224 ComputerName: HAVEN

10:27:11.0670 6224 UserName: Hellfire

10:27:11.0670 6224 Windows directory: C:\Windows

10:27:11.0670 6224 System windows directory: C:\Windows

10:27:11.0670 6224 Running under WOW64

10:27:11.0670 6224 Processor architecture: Intel x64

10:27:11.0670 6224 Number of processors: 8

10:27:11.0670 6224 Page size: 0x1000

10:27:11.0670 6224 Boot type: Normal boot

10:27:11.0670 6224 ============================================================

10:27:14.0459 6224 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

10:27:14.0474 6224 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:27:14.0476 6224 ============================================================

10:27:14.0476 6224 \Device\Harddisk0\DR0:

10:27:14.0480 6224 MBR partitions:

10:27:14.0480 6224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:27:14.0480 6224 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6175800

10:27:14.0480 6224 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x61A8000, BlocksNum 0x186A0000

10:27:14.0480 6224 \Device\Harddisk1\DR1:

10:27:14.0481 6224 MBR partitions:

10:27:14.0481 6224 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0

10:27:14.0481 6224 ============================================================

10:27:14.0610 6224 C: <-> \Device\Harddisk0\DR0\Partition2

10:27:14.0740 6224 D: <-> \Device\Harddisk0\DR0\Partition3

10:27:14.0740 6224 ============================================================

10:27:14.0740 6224 Initialize success

10:27:14.0740 6224 ============================================================

10:27:32.0823 4944 ============================================================

10:27:32.0823 4944 Scan started

10:27:32.0823 4944 Mode: Manual; TDLFS;

10:27:32.0823 4944 ============================================================

10:27:34.0940 4944 ================ Scan system memory ========================

10:27:34.0940 4944 System memory - ok

10:27:34.0941 4944 ================ Scan services =============================

10:27:35.0039 4944 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

10:27:35.0042 4944 1394ohci - ok

10:27:35.0062 4944 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

10:27:35.0066 4944 ACPI - ok

10:27:35.0091 4944 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

10:27:35.0092 4944 AcpiPmi - ok

10:27:35.0145 4944 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:27:35.0146 4944 AdobeARMservice - ok

10:27:35.0234 4944 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:27:35.0236 4944 AdobeFlashPlayerUpdateSvc - ok

10:27:35.0278 4944 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

10:27:35.0284 4944 adp94xx - ok

10:27:35.0302 4944 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

10:27:35.0306 4944 adpahci - ok

10:27:35.0322 4944 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

10:27:35.0324 4944 adpu320 - ok

10:27:35.0353 4944 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

10:27:35.0354 4944 AeLookupSvc - ok

10:27:35.0393 4944 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

10:27:35.0399 4944 AFD - ok

10:27:35.0465 4944 [ 91637684AFBC847A563654C9B39A642C ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

10:27:35.0469 4944 AffinegyService - ok

10:27:35.0494 4944 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

10:27:35.0497 4944 agp440 - ok

10:27:35.0506 4944 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

10:27:35.0508 4944 ALG - ok

10:27:35.0521 4944 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

10:27:35.0522 4944 aliide - ok

10:27:35.0544 4944 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

10:27:35.0546 4944 AMD External Events Utility - ok

10:27:35.0566 4944 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

10:27:35.0567 4944 amdide - ok

10:27:35.0579 4944 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

10:27:35.0581 4944 AmdK8 - ok

10:27:35.0764 4944 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

10:27:35.0936 4944 amdkmdag - ok

10:27:35.0970 4944 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

10:27:35.0972 4944 amdkmdap - ok

10:27:35.0975 4944 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

10:27:35.0976 4944 AmdPPM - ok

10:27:35.0990 4944 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

10:27:35.0992 4944 amdsata - ok

10:27:36.0000 4944 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

10:27:36.0002 4944 amdsbs - ok

10:27:36.0010 4944 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

10:27:36.0011 4944 amdxata - ok

10:27:36.0045 4944 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

10:27:36.0071 4944 AppID - ok

10:27:36.0097 4944 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

10:27:36.0099 4944 AppIDSvc - ok

10:27:36.0116 4944 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

10:27:36.0117 4944 Appinfo - ok

10:27:36.0138 4944 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

10:27:36.0145 4944 arc - ok

10:27:36.0158 4944 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

10:27:36.0160 4944 arcsas - ok

10:27:36.0232 4944 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

10:27:36.0268 4944 aspnet_state - ok

10:27:36.0283 4944 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

10:27:36.0283 4944 AsyncMac - ok

10:27:36.0289 4944 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

10:27:36.0289 4944 atapi - ok

10:27:36.0309 4944 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

10:27:36.0311 4944 AtiHDAudioService - ok

10:27:36.0344 4944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

10:27:36.0347 4944 AudioEndpointBuilder - ok

10:27:36.0355 4944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

10:27:36.0358 4944 AudioSrv - ok

10:27:36.0400 4944 [ 90CF04574CF47B19EE5B2FE41BA52B32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys

10:27:36.0401 4944 avgtp - ok

10:27:36.0448 4944 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

10:27:36.0451 4944 AxInstSV - ok

10:27:36.0467 4944 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

10:27:36.0473 4944 b06bdrv - ok

10:27:36.0490 4944 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

10:27:36.0493 4944 b57nd60a - ok

10:27:36.0514 4944 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

10:27:36.0517 4944 BDESVC - ok

10:27:36.0529 4944 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

10:27:36.0530 4944 Beep - ok

10:27:36.0560 4944 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

10:27:36.0565 4944 BFE - ok

10:27:36.0654 4944 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys

10:27:36.0664 4944 BHDrvx64 - ok

10:27:36.0694 4944 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

10:27:36.0705 4944 BITS - ok

10:27:36.0719 4944 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

10:27:36.0720 4944 blbdrive - ok

10:27:36.0742 4944 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

10:27:36.0744 4944 bowser - ok

10:27:36.0758 4944 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:27:36.0760 4944 BrFiltLo - ok

10:27:36.0766 4944 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:27:36.0767 4944 BrFiltUp - ok

10:27:36.0785 4944 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

10:27:36.0787 4944 Browser - ok

10:27:36.0801 4944 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

10:27:36.0805 4944 Brserid - ok

10:27:36.0821 4944 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

10:27:36.0822 4944 BrSerWdm - ok

10:27:36.0835 4944 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

10:27:36.0836 4944 BrUsbMdm - ok

10:27:36.0839 4944 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

10:27:36.0840 4944 BrUsbSer - ok

10:27:36.0850 4944 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

10:27:36.0852 4944 BTHMODEM - ok

10:27:36.0865 4944 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

10:27:36.0867 4944 bthserv - ok

10:27:36.0926 4944 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys

10:27:36.0927 4944 ccSet_NIS - ok

10:27:36.0932 4944 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

10:27:36.0934 4944 cdfs - ok

10:27:36.0974 4944 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

10:27:36.0977 4944 cdrom - ok

10:27:37.0002 4944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

10:27:37.0004 4944 CertPropSvc - ok

10:27:37.0014 4944 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

10:27:37.0016 4944 circlass - ok

10:27:37.0040 4944 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

10:27:37.0045 4944 CLFS - ok

10:27:37.0092 4944 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:27:37.0094 4944 clr_optimization_v2.0.50727_32 - ok

10:27:37.0125 4944 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:27:37.0128 4944 clr_optimization_v2.0.50727_64 - ok

10:27:37.0196 4944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:27:37.0283 4944 clr_optimization_v4.0.30319_32 - ok

10:27:37.0296 4944 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:27:37.0307 4944 clr_optimization_v4.0.30319_64 - ok

10:27:37.0326 4944 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

10:27:37.0328 4944 CmBatt - ok

10:27:37.0340 4944 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

10:27:37.0341 4944 cmdide - ok

10:27:37.0357 4944 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

10:27:37.0361 4944 CNG - ok

10:27:37.0369 4944 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

10:27:37.0370 4944 Compbatt - ok

10:27:37.0406 4944 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

10:27:37.0408 4944 CompositeBus - ok

10:27:37.0410 4944 COMSysApp - ok

10:27:37.0426 4944 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

10:27:37.0427 4944 crcdisk - ok

10:27:37.0446 4944 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

10:27:37.0447 4944 CryptSvc - ok

10:27:37.0475 4944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

10:27:37.0479 4944 DcomLaunch - ok

10:27:37.0510 4944 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

10:27:37.0514 4944 defragsvc - ok

10:27:37.0524 4944 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

10:27:37.0526 4944 DfsC - ok

10:27:37.0567 4944 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

10:27:37.0570 4944 Dhcp - ok

10:27:37.0577 4944 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

10:27:37.0579 4944 discache - ok

10:27:37.0591 4944 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

10:27:37.0598 4944 Disk - ok

10:27:37.0629 4944 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

10:27:37.0630 4944 Dnscache - ok

10:27:37.0658 4944 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

10:27:37.0662 4944 dot3svc - ok

10:27:37.0695 4944 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

10:27:37.0696 4944 DPS - ok

10:27:37.0707 4944 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

10:27:37.0709 4944 drmkaud - ok

10:27:37.0730 4944 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

10:27:37.0736 4944 DXGKrnl - ok

10:27:37.0748 4944 EagleX64 - ok

10:27:37.0762 4944 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

10:27:37.0763 4944 EapHost - ok

10:27:37.0817 4944 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

10:27:37.0858 4944 ebdrv - ok

10:27:37.0935 4944 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

10:27:37.0939 4944 eeCtrl - ok

10:27:37.0958 4944 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

10:27:37.0959 4944 EFS - ok

10:27:37.0985 4944 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

10:27:37.0994 4944 ehRecvr - ok

10:27:38.0018 4944 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

10:27:38.0021 4944 ehSched - ok

10:27:38.0047 4944 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

10:27:38.0054 4944 elxstor - ok

10:27:38.0082 4944 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

10:27:38.0083 4944 EraserUtilRebootDrv - ok

10:27:38.0103 4944 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

10:27:38.0105 4944 ErrDev - ok

10:27:38.0127 4944 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

10:27:38.0131 4944 EventSystem - ok

10:27:38.0149 4944 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

10:27:38.0152 4944 exfat - ok

10:27:38.0168 4944 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

10:27:38.0171 4944 fastfat - ok

10:27:38.0204 4944 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

10:27:38.0213 4944 Fax - ok

10:27:38.0227 4944 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

10:27:38.0228 4944 fdc - ok

10:27:38.0237 4944 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

10:27:38.0238 4944 fdPHost - ok

10:27:38.0247 4944 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

10:27:38.0248 4944 FDResPub - ok

10:27:38.0258 4944 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

10:27:38.0260 4944 FileInfo - ok

10:27:38.0271 4944 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

10:27:38.0273 4944 Filetrace - ok

10:27:38.0281 4944 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

10:27:38.0283 4944 flpydisk - ok

10:27:38.0307 4944 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

10:27:38.0311 4944 FltMgr - ok

10:27:38.0359 4944 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

10:27:38.0364 4944 FontCache - ok

10:27:38.0402 4944 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:27:38.0403 4944 FontCache3.0.0.0 - ok

10:27:38.0413 4944 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

10:27:38.0415 4944 FsDepends - ok

10:27:38.0435 4944 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

10:27:38.0436 4944 Fs_Rec - ok

10:27:38.0457 4944 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

10:27:38.0460 4944 fvevol - ok

10:27:38.0474 4944 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

10:27:38.0475 4944 gagp30kx - ok

10:27:38.0487 4944 gdrv - ok

10:27:38.0518 4944 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

10:27:38.0523 4944 gpsvc - ok

10:27:38.0533 4944 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

10:27:38.0534 4944 hcw85cir - ok

10:27:38.0567 4944 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

10:27:38.0571 4944 HdAudAddService - ok

10:27:38.0608 4944 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

10:27:38.0610 4944 HDAudBus - ok

10:27:38.0626 4944 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

10:27:38.0627 4944 HidBatt - ok

10:27:38.0632 4944 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

10:27:38.0634 4944 HidBth - ok

10:27:38.0643 4944 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

10:27:38.0645 4944 HidIr - ok

10:27:38.0666 4944 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

10:27:38.0668 4944 hidserv - ok

10:27:38.0701 4944 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

10:27:38.0703 4944 HidUsb - ok

10:27:38.0730 4944 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

10:27:38.0734 4944 hkmsvc - ok

10:27:38.0746 4944 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

10:27:38.0748 4944 HomeGroupListener - ok

10:27:38.0763 4944 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

10:27:38.0765 4944 HomeGroupProvider - ok

10:27:38.0780 4944 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

10:27:38.0783 4944 HpSAMD - ok

10:27:38.0816 4944 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

10:27:38.0825 4944 HTTP - ok

10:27:38.0836 4944 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

10:27:38.0836 4944 hwpolicy - ok

10:27:38.0848 4944 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

10:27:38.0850 4944 i8042prt - ok

10:27:38.0863 4944 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

10:27:38.0867 4944 iaStorV - ok

10:27:38.0904 4944 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:27:38.0917 4944 idsvc - ok

10:27:38.0985 4944 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130228.001\IDSvia64.sys

10:27:38.0988 4944 IDSVia64 - ok

10:27:39.0049 4944 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

10:27:39.0051 4944 iirsp - ok

10:27:39.0076 4944 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

10:27:39.0083 4944 IKEEXT - ok

10:27:39.0136 4944 [ 59B0BBA422F04467E8C89B7CE6AE95E1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

10:27:39.0148 4944 IntcAzAudAddService - ok

10:27:39.0170 4944 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

10:27:39.0172 4944 intelide - ok

10:27:39.0193 4944 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

10:27:39.0195 4944 intelppm - ok

10:27:39.0217 4944 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

10:27:39.0219 4944 IPBusEnum - ok

10:27:39.0242 4944 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:27:39.0244 4944 IpFilterDriver - ok

10:27:39.0275 4944 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

10:27:39.0279 4944 iphlpsvc - ok

10:27:39.0289 4944 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

10:27:39.0291 4944 IPMIDRV - ok

10:27:39.0304 4944 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

10:27:39.0307 4944 IPNAT - ok

10:27:39.0319 4944 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

10:27:39.0321 4944 IRENUM - ok

10:27:39.0326 4944 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

10:27:39.0327 4944 isapnp - ok

10:27:39.0333 4944 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

10:27:39.0336 4944 iScsiPrt - ok

10:27:39.0385 4944 [ B4CDA1B4263B53D249AC27A4892DA634 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe

10:27:39.0388 4944 JMB36X - ok

10:27:39.0396 4944 [ 6EBE4832B1A7C063FDF87035AFC1E3DC ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

10:27:39.0398 4944 JRAID - ok

10:27:39.0411 4944 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

10:27:39.0411 4944 kbdclass - ok

10:27:39.0442 4944 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

10:27:39.0443 4944 kbdhid - ok

10:27:39.0465 4944 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

10:27:39.0466 4944 KeyIso - ok

10:27:39.0490 4944 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

10:27:39.0492 4944 KSecDD - ok

10:27:39.0516 4944 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

10:27:39.0519 4944 KSecPkg - ok

10:27:39.0530 4944 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

10:27:39.0531 4944 ksthunk - ok

10:27:39.0561 4944 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

10:27:39.0567 4944 KtmRm - ok

10:27:39.0581 4944 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

10:27:39.0584 4944 LanmanServer - ok

10:27:39.0604 4944 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

10:27:39.0607 4944 LanmanWorkstation - ok

10:27:39.0622 4944 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

10:27:39.0624 4944 lltdio - ok

10:27:39.0651 4944 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

10:27:39.0656 4944 lltdsvc - ok

10:27:39.0671 4944 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

10:27:39.0672 4944 lmhosts - ok

10:27:39.0685 4944 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

10:27:39.0692 4944 LSI_FC - ok

10:27:39.0702 4944 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

10:27:39.0705 4944 LSI_SAS - ok

10:27:39.0714 4944 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:27:39.0716 4944 LSI_SAS2 - ok

10:27:39.0730 4944 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:27:39.0732 4944 LSI_SCSI - ok

10:27:39.0747 4944 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

10:27:39.0749 4944 luafv - ok

10:27:39.0798 4944 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

10:27:39.0799 4944 MBAMProtector - ok

10:27:39.0850 4944 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

10:27:39.0852 4944 MBAMScheduler - ok

10:27:39.0900 4944 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

10:27:39.0904 4944 MBAMService - ok

10:27:39.0936 4944 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

10:27:39.0940 4944 Mcx2Svc - ok

10:27:39.0957 4944 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

10:27:39.0958 4944 megasas - ok

10:27:39.0975 4944 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

10:27:39.0979 4944 MegaSR - ok

10:27:39.0994 4944 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

10:27:39.0996 4944 MMCSS - ok

10:27:40.0006 4944 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

10:27:40.0008 4944 Modem - ok

10:27:40.0027 4944 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

10:27:40.0029 4944 monitor - ok

10:27:40.0050 4944 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

10:27:40.0050 4944 mouclass - ok

10:27:40.0062 4944 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

10:27:40.0063 4944 mouhid - ok

10:27:40.0085 4944 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

10:27:40.0087 4944 mountmgr - ok

10:27:40.0139 4944 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

10:27:40.0141 4944 MozillaMaintenance - ok

10:27:40.0169 4944 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

10:27:40.0172 4944 mpio - ok

10:27:40.0189 4944 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

10:27:40.0191 4944 mpsdrv - ok

10:27:40.0229 4944 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

10:27:40.0236 4944 MpsSvc - ok

10:27:40.0260 4944 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

10:27:40.0263 4944 MRxDAV - ok

10:27:40.0285 4944 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

10:27:40.0288 4944 mrxsmb - ok

10:27:40.0304 4944 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:27:40.0309 4944 mrxsmb10 - ok

10:27:40.0316 4944 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:27:40.0319 4944 mrxsmb20 - ok

10:27:40.0328 4944 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

10:27:40.0329 4944 msahci - ok

10:27:40.0340 4944 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

10:27:40.0342 4944 msdsm - ok

10:27:40.0356 4944 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

10:27:40.0359 4944 MSDTC - ok

10:27:40.0369 4944 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

10:27:40.0370 4944 Msfs - ok

10:27:40.0374 4944 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

10:27:40.0375 4944 mshidkmdf - ok

10:27:40.0387 4944 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

10:27:40.0387 4944 msisadrv - ok

10:27:40.0407 4944 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

10:27:40.0411 4944 MSiSCSI - ok

10:27:40.0413 4944 msiserver - ok

10:27:40.0422 4944 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

10:27:40.0423 4944 MSKSSRV - ok

10:27:40.0434 4944 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

10:27:40.0436 4944 MSPCLOCK - ok

10:27:40.0458 4944 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

10:27:40.0459 4944 MSPQM - ok

10:27:40.0475 4944 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

10:27:40.0479 4944 MsRPC - ok

10:27:40.0492 4944 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

10:27:40.0492 4944 mssmbios - ok

10:27:40.0505 4944 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

10:27:40.0506 4944 MSTEE - ok

10:27:40.0516 4944 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

10:27:40.0517 4944 MTConfig - ok

10:27:40.0533 4944 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

10:27:40.0533 4944 Mup - ok

10:27:40.0551 4944 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

10:27:40.0556 4944 napagent - ok

10:27:40.0585 4944 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

10:27:40.0589 4944 NativeWifiP - ok

10:27:40.0641 4944 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130301.005\ENG64.SYS

10:27:40.0643 4944 NAVENG - ok

10:27:40.0687 4944 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130301.005\EX64.SYS

10:27:40.0701 4944 NAVEX15 - ok

10:27:40.0746 4944 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

10:27:40.0756 4944 NDIS - ok

10:27:40.0770 4944 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

10:27:40.0771 4944 NdisCap - ok

10:27:40.0791 4944 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

10:27:40.0792 4944 NdisTapi - ok

10:27:40.0822 4944 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

10:27:40.0824 4944 Ndisuio - ok

10:27:40.0845 4944 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

10:27:40.0846 4944 NdisWan - ok

10:27:40.0872 4944 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

10:27:40.0873 4944 NDProxy - ok

10:27:40.0879 4944 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

10:27:40.0880 4944 NetBIOS - ok

10:27:40.0891 4944 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

10:27:40.0894 4944 NetBT - ok

10:27:40.0905 4944 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

10:27:40.0906 4944 Netlogon - ok

10:27:40.0939 4944 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

10:27:40.0942 4944 Netman - ok

10:27:40.0974 4944 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:27:40.0992 4944 NetMsmqActivator - ok

10:27:40.0996 4944 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:27:40.0998 4944 NetPipeActivator - ok

10:27:41.0013 4944 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

10:27:41.0017 4944 netprofm - ok

10:27:41.0022 4944 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:27:41.0024 4944 NetTcpActivator - ok

10:27:41.0028 4944 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:27:41.0029 4944 NetTcpPortSharing - ok

10:27:41.0046 4944 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

10:27:41.0047 4944 nfrd960 - ok

10:27:41.0138 4944 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe

10:27:41.0140 4944 NIS - ok

10:27:41.0169 4944 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

10:27:41.0174 4944 NlaSvc - ok

10:27:41.0183 4944 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

10:27:41.0185 4944 Npfs - ok

10:27:41.0208 4944 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

10:27:41.0209 4944 nsi - ok

10:27:41.0216 4944 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

10:27:41.0218 4944 nsiproxy - ok

10:27:41.0260 4944 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

10:27:41.0294 4944 Ntfs - ok

10:27:41.0307 4944 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

10:27:41.0309 4944 Null - ok

10:27:41.0328 4944 [ A61B0AF4D6B934928CFD1140DEEA5C8D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

10:27:41.0330 4944 nusb3hub - ok

10:27:41.0353 4944 [ FA4B2F20561BDBCC6B9AC3E3BDCD7E3F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

10:27:41.0355 4944 nusb3xhc - ok

10:27:41.0379 4944 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

10:27:41.0382 4944 nvraid - ok

10:27:41.0402 4944 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

10:27:41.0405 4944 nvstor - ok

10:27:41.0417 4944 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

10:27:41.0420 4944 nv_agp - ok

10:27:41.0430 4944 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

10:27:41.0432 4944 ohci1394 - ok

10:27:41.0444 4944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

10:27:41.0447 4944 p2pimsvc - ok

10:27:41.0461 4944 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

10:27:41.0465 4944 p2psvc - ok

10:27:41.0477 4944 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

10:27:41.0480 4944 Parport - ok

10:27:41.0499 4944 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

10:27:41.0501 4944 partmgr - ok

10:27:41.0516 4944 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

10:27:41.0518 4944 PcaSvc - ok

10:27:41.0531 4944 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

10:27:41.0533 4944 pci - ok

10:27:41.0538 4944 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

10:27:41.0539 4944 pciide - ok

10:27:41.0553 4944 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

10:27:41.0556 4944 pcmcia - ok

10:27:41.0573 4944 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

10:27:41.0574 4944 pcw - ok

10:27:41.0597 4944 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

10:27:41.0605 4944 PEAUTH - ok

10:27:41.0627 4944 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

10:27:41.0630 4944 PerfHost - ok

10:27:41.0679 4944 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

10:27:41.0713 4944 pla - ok

10:27:41.0731 4944 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

10:27:41.0735 4944 PlugPlay - ok

10:27:41.0753 4944 PnkBstrA - ok

10:27:41.0766 4944 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

10:27:41.0769 4944 PNRPAutoReg - ok

10:27:41.0785 4944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

10:27:41.0789 4944 PNRPsvc - ok

10:27:41.0804 4944 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

10:27:41.0808 4944 PolicyAgent - ok

10:27:41.0827 4944 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

10:27:41.0829 4944 Power - ok

10:27:41.0854 4944 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

10:27:41.0856 4944 PptpMiniport - ok

10:27:41.0871 4944 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

10:27:41.0873 4944 Processor - ok

10:27:41.0903 4944 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

10:27:41.0905 4944 ProfSvc - ok

10:27:41.0928 4944 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

10:27:41.0929 4944 ProtectedStorage - ok

10:27:41.0975 4944 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

10:27:41.0977 4944 Psched - ok

10:27:42.0012 4944 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

10:27:42.0038 4944 ql2300 - ok

10:27:42.0056 4944 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

10:27:42.0060 4944 ql40xx - ok

10:27:42.0085 4944 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

10:27:42.0089 4944 QWAVE - ok

10:27:42.0101 4944 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

10:27:42.0103 4944 QWAVEdrv - ok

10:27:42.0115 4944 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

10:27:42.0117 4944 RasAcd - ok

10:27:42.0137 4944 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

10:27:42.0139 4944 RasAgileVpn - ok

10:27:42.0150 4944 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

10:27:42.0153 4944 RasAuto - ok

10:27:42.0184 4944 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

10:27:42.0186 4944 Rasl2tp - ok

10:27:42.0215 4944 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

10:27:42.0221 4944 RasMan - ok

10:27:42.0234 4944 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

10:27:42.0237 4944 RasPppoe - ok

10:27:42.0250 4944 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

10:27:42.0252 4944 RasSstp - ok

10:27:42.0279 4944 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

10:27:42.0283 4944 rdbss - ok

10:27:42.0292 4944 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

10:27:42.0293 4944 rdpbus - ok

10:27:42.0308 4944 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

10:27:42.0310 4944 RDPCDD - ok

10:27:42.0325 4944 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

10:27:42.0326 4944 RDPENCDD - ok

10:27:42.0334 4944 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

10:27:42.0336 4944 RDPREFMP - ok

10:27:42.0359 4944 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

10:27:42.0362 4944 RDPWD - ok

10:27:42.0379 4944 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

10:27:42.0381 4944 rdyboost - ok

10:27:42.0407 4944 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

10:27:42.0410 4944 RemoteAccess - ok

10:27:42.0422 4944 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

10:27:42.0425 4944 RemoteRegistry - ok

10:27:42.0443 4944 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

10:27:42.0444 4944 RpcEptMapper - ok

10:27:42.0451 4944 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

10:27:42.0452 4944 RpcLocator - ok

10:27:42.0471 4944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

10:27:42.0475 4944 RpcSs - ok

10:27:42.0485 4944 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

10:27:42.0487 4944 rspndr - ok

10:27:42.0512 4944 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

10:27:42.0515 4944 RTL8167 - ok

10:27:42.0520 4944 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

10:27:42.0522 4944 SamSs - ok

10:27:42.0543 4944 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

10:27:42.0545 4944 sbp2port - ok

10:27:42.0574 4944 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

10:27:42.0577 4944 SCardSvr - ok

10:27:42.0614 4944 [ 6FAC52B8F98795243D836BF6CCCAFB23 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys

10:27:42.0615 4944 SCDEmu - ok

10:27:42.0639 4944 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

10:27:42.0641 4944 scfilter - ok

10:27:42.0679 4944 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

10:27:42.0688 4944 Schedule - ok

10:27:42.0713 4944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

10:27:42.0714 4944 SCPolicySvc - ok

10:27:42.0730 4944 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

10:27:42.0734 4944 SDRSVC - ok

10:27:42.0766 4944 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

10:27:42.0767 4944 secdrv - ok

10:27:42.0790 4944 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

10:27:42.0793 4944 seclogon - ok

10:27:42.0799 4944 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

10:27:42.0801 4944 SENS - ok

10:27:42.0816 4944 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

10:27:42.0819 4944 SensrSvc - ok

10:27:42.0830 4944 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

10:27:42.0832 4944 Serenum - ok

10:27:42.0855 4944 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

10:27:42.0858 4944 Serial - ok

10:27:42.0875 4944 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

10:27:42.0876 4944 sermouse - ok

10:27:42.0899 4944 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

10:27:42.0903 4944 SessionEnv - ok

10:27:42.0926 4944 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

10:27:42.0928 4944 sffdisk - ok

10:27:42.0934 4944 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

10:27:42.0935 4944 sffp_mmc - ok

10:27:42.0945 4944 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

10:27:42.0955 4944 sffp_sd - ok

10:27:42.0966 4944 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

10:27:42.0967 4944 sfloppy - ok

10:27:43.0117 4944 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

10:27:43.0235 4944 SharedAccess - ok

10:27:43.0271 4944 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

10:27:43.0275 4944 ShellHWDetection - ok

10:27:43.0289 4944 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:27:43.0291 4944 SiSRaid2 - ok

10:27:43.0307 4944 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

10:27:43.0309 4944 SiSRaid4 - ok

10:27:43.0363 4944 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

10:27:43.0364 4944 SkypeUpdate - ok

10:27:43.0383 4944 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

10:27:43.0385 4944 Smb - ok

10:27:43.0398 4944 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

10:27:43.0400 4944 SNMPTRAP - ok

10:27:43.0412 4944 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

10:27:43.0412 4944 spldr - ok

10:27:43.0435 4944 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

10:27:43.0439 4944 Spooler - ok

10:27:43.0508 4944 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

10:27:43.0548 4944 sppsvc - ok

10:27:43.0566 4944 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

10:27:43.0569 4944 sppuinotify - ok

10:27:43.0637 4944 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\System32\Drivers\NISx64\1403000.024\SRTSP64.SYS

10:27:43.0642 4944 SRTSP - ok

10:27:43.0672 4944 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403000.024\SRTSPX64.SYS

10:27:43.0672 4944 SRTSPX - ok

10:27:43.0698 4944 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

10:27:43.0704 4944 srv - ok

10:27:43.0721 4944 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

10:27:43.0727 4944 srv2 - ok

10:27:43.0739 4944 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

10:27:43.0741 4944 srvnet - ok

10:27:43.0766 4944 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

10:27:43.0768 4944 SSDPSRV - ok

10:27:43.0777 4944 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

10:27:43.0779 4944 SstpSvc - ok

10:27:43.0811 4944 Steam Client Service - ok

10:27:43.0831 4944 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

10:27:43.0833 4944 stexstor - ok

10:27:43.0862 4944 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

10:27:43.0865 4944 stisvc - ok

10:27:43.0884 4944 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

10:27:43.0884 4944 swenum - ok

10:27:43.0911 4944 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

10:27:43.0919 4944 swprv - ok

10:27:43.0954 4944 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS

10:27:43.0967 4944 SymDS - ok

10:27:44.0008 4944 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS

10:27:44.0026 4944 SymEFA - ok

10:27:44.0049 4944 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

10:27:44.0051 4944 SymEvent - ok

10:27:44.0087 4944 [ BFD99DC6C7FEB2F8B20D488FDF3A9A55 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys

10:27:44.0088 4944 SymIM - ok

10:27:44.0103 4944 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS

10:27:44.0105 4944 SymIRON - ok

10:27:44.0120 4944 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1403000.024\SYMNETS.SYS

10:27:44.0123 4944 SymNetS - ok

10:27:44.0170 4944 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

10:27:44.0196 4944 SysMain - ok

10:27:44.0223 4944 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

10:27:44.0226 4944 TabletInputService - ok

10:27:44.0242 4944 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

10:27:44.0247 4944 TapiSrv - ok

10:27:44.0270 4944 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

10:27:44.0272 4944 TBS - ok

10:27:44.0326 4944 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

10:27:44.0351 4944 Tcpip - ok

10:27:44.0393 4944 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

10:27:44.0402 4944 TCPIP6 - ok

10:27:44.0420 4944 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

10:27:44.0422 4944 tcpipreg - ok

10:27:44.0444 4944 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

10:27:44.0445 4944 TDPIPE - ok

10:27:44.0459 4944 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

10:27:44.0460 4944 TDTCP - ok

10:27:44.0488 4944 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

10:27:44.0490 4944 tdx - ok

10:27:44.0510 4944 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

10:27:44.0511 4944 TermDD - ok

10:27:44.0525 4944 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

10:27:44.0533 4944 TermService - ok

10:27:44.0544 4944 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

10:27:44.0545 4944 Themes - ok

10:27:44.0565 4944 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

10:27:44.0566 4944 THREADORDER - ok

10:27:44.0575 4944 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

10:27:44.0577 4944 TrkWks - ok

10:27:44.0619 4944 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

10:27:44.0622 4944 TrustedInstaller - ok

10:27:44.0647 4944 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

10:27:44.0649 4944 tssecsrv - ok

10:27:44.0689 4944 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

10:27:44.0697 4944 TsUsbFlt - ok

10:27:44.0729 4944 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

10:27:44.0732 4944 tunnel - ok

10:27:44.0757 4944 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

10:27:44.0760 4944 uagp35 - ok

10:27:44.0781 4944 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

10:27:44.0786 4944 udfs - ok

10:27:44.0801 4944 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

10:27:44.0804 4944 UI0Detect - ok

10:27:44.0814 4944 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

10:27:44.0816 4944 uliagpkx - ok

10:27:44.0840 4944 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

10:27:44.0842 4944 umbus - ok

10:27:44.0856 4944 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

10:27:44.0857 4944 UmPass - ok

10:27:44.0870 4944 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

10:27:44.0872 4944 upnphost - ok

10:27:44.0889 4944 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

10:27:44.0891 4944 usbaudio - ok

10:27:44.0898 4944 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

10:27:44.0900 4944 usbccgp - ok

10:27:44.0931 4944 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

10:27:44.0934 4944 usbcir - ok

10:27:44.0947 4944 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

10:27:44.0949 4944 usbehci - ok

10:27:44.0962 4944 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

10:27:44.0972 4944 usbhub - ok

10:27:44.0984 4944 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

10:27:44.0986 4944 usbohci - ok

10:27:44.0992 4944 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

10:27:44.0993 4944 usbprint - ok

10:27:45.0008 4944 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:27:45.0010 4944 USBSTOR - ok

10:27:45.0020 4944 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

10:27:45.0021 4944 usbuhci - ok

10:27:45.0032 4944 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

10:27:45.0034 4944 UxSms - ok

10:27:45.0043 4944 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

10:27:45.0044 4944 VaultSvc - ok

10:27:45.0051 4944 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

10:27:45.0052 4944 vdrvroot - ok

10:27:45.0088 4944 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

10:27:45.0095 4944 vds - ok

10:27:45.0106 4944 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

10:27:45.0111 4944 vga - ok

10:27:45.0124 4944 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

10:27:45.0126 4944 VgaSave - ok

10:27:45.0151 4944 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

10:27:45.0153 4944 vhdmp - ok

10:27:45.0169 4944 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

10:27:45.0171 4944 viaide - ok

10:27:45.0182 4944 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

10:27:45.0192 4944 volmgr - ok

10:27:45.0221 4944 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

10:27:45.0225 4944 volmgrx - ok

10:27:45.0237 4944 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

10:27:45.0240 4944 volsnap - ok

10:27:45.0266 4944 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

10:27:45.0269 4944 vsmraid - ok

10:27:45.0308 4944 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

10:27:45.0334 4944 VSS - ok

10:27:45.0396 4944 [ 222D84CBE6A428A66A513B339EC633C8 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

10:27:45.0402 4944 vToolbarUpdater14.2.0 - ok

10:27:45.0412 4944 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

10:27:45.0414 4944 vwifibus - ok

10:27:45.0451 4944 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

10:27:45.0456 4944 W32Time - ok

10:27:45.0467 4944 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

10:27:45.0470 4944 WacomPen - ok

10:27:45.0501 4944 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

10:27:45.0503 4944 WANARP - ok

10:27:45.0517 4944 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

10:27:45.0518 4944 Wanarpv6 - ok

10:27:45.0562 4944 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

10:27:45.0588 4944 WatAdminSvc - ok

10:27:45.0627 4944 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

10:27:45.0653 4944 wbengine - ok

10:27:45.0668 4944 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

10:27:45.0672 4944 WbioSrvc - ok

10:27:45.0691 4944 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

10:27:45.0696 4944 wcncsvc - ok

10:27:45.0704 4944 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

10:27:45.0707 4944 WcsPlugInService - ok

10:27:45.0717 4944 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

10:27:45.0718 4944 Wd - ok

10:27:45.0747 4944 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

10:27:45.0755 4944 Wdf01000 - ok

10:27:45.0770 4944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

10:27:45.0772 4944 WdiServiceHost - ok

10:27:45.0776 4944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

10:27:45.0778 4944 WdiSystemHost - ok

10:27:45.0800 4944 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

10:27:45.0805 4944 WebClient - ok

10:27:45.0811 4944 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

10:27:45.0815 4944 Wecsvc - ok

10:27:45.0829 4944 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

10:27:45.0831 4944 wercplsupport - ok

10:27:45.0855 4944 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

10:27:45.0858 4944 WerSvc - ok

10:27:45.0870 4944 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

10:27:45.0872 4944 WfpLwf - ok

10:27:45.0883 4944 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

10:27:45.0884 4944 WIMMount - ok

10:27:45.0890 4944 WinDefend - ok

10:27:45.0895 4944 WinHttpAutoProxySvc - ok

10:27:45.0938 4944 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

10:27:45.0939 4944 Winmgmt - ok

10:27:46.0000 4944 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

10:27:46.0030 4944 WinRM - ok

10:27:46.0062 4944 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

10:27:46.0063 4944 WinUsb - ok

10:27:46.0109 4944 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

10:27:46.0115 4944 Wlansvc - ok

10:27:46.0135 4944 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

10:27:46.0137 4944 WmiAcpi - ok

10:27:46.0148 4944 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

10:27:46.0151 4944 wmiApSrv - ok

10:27:46.0173 4944 WMPNetworkSvc - ok

10:27:46.0197 4944 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

10:27:46.0201 4944 WPCSvc - ok

10:27:46.0229 4944 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

10:27:46.0231 4944 WPDBusEnum - ok

10:27:46.0247 4944 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

10:27:46.0249 4944 ws2ifsl - ok

10:27:46.0260 4944 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

10:27:46.0262 4944 wscsvc - ok

10:27:46.0266 4944 WSearch - ok

10:27:46.0321 4944 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

10:27:46.0346 4944 wuauserv - ok

10:27:46.0390 4944 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

10:27:46.0391 4944 WudfPf - ok

10:27:46.0420 4944 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

10:27:46.0423 4944 WUDFRd - ok

10:27:46.0449 4944 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

10:27:46.0452 4944 wudfsvc - ok

10:27:46.0459 4944 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

10:27:46.0464 4944 WwanSvc - ok

10:27:46.0480 4944 ================ Scan global ===============================

10:27:46.0496 4944 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

10:27:46.0523 4944 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

10:27:46.0529 4944 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

10:27:46.0546 4944 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

10:27:46.0560 4944 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

10:27:46.0562 4944 [Global] - ok

10:27:46.0563 4944 ================ Scan MBR ==================================

10:27:46.0567 4944 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

10:27:46.0568 4944 Suspicious mbr (Forged): \Device\Harddisk0\DR0

10:27:46.0599 4944 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

10:27:46.0599 4944 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

10:27:46.0632 4944 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:27:46.0632 4944 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:27:46.0638 4944 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

10:27:46.0783 4944 \Device\Harddisk1\DR1 - ok

10:27:46.0784 4944 ================ Scan VBR ==================================

10:27:46.0786 4944 [ 2C66415C5AAF4B5CDDA8DE6B2526AAC1 ] \Device\Harddisk0\DR0\Partition1

10:27:46.0788 4944 \Device\Harddisk0\DR0\Partition1 - ok

10:27:46.0827 4944 [ F0CDAB99E5818F63A89510A30EE5287B ] \Device\Harddisk0\DR0\Partition2

10:27:46.0829 4944 \Device\Harddisk0\DR0\Partition2 - ok

10:27:46.0845 4944 [ 865D571370178CE90E9C96FBF1A29D96 ] \Device\Harddisk0\DR0\Partition3

10:27:46.0846 4944 \Device\Harddisk0\DR0\Partition3 - ok

10:27:46.0850 4944 [ 027F1A4A8F200C48F9BDC2F3F2AB6A23 ] \Device\Harddisk1\DR1\Partition1

10:27:46.0851 4944 \Device\Harddisk1\DR1\Partition1 - ok

10:27:46.0851 4944 ============================================================

10:27:46.0851 4944 Scan finished

10:27:46.0851 4944 ============================================================

10:27:46.0857 6860 Detected object count: 2

10:27:46.0857 6860 Actual detected object count: 2

10:28:19.0424 6860 \Device\Harddisk0\DR0\# - copied to quarantine

10:28:19.0426 6860 \Device\Harddisk0\DR0 - copied to quarantine

10:28:19.0475 6860 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

10:28:19.0478 6860 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

10:28:19.0490 6860 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

10:28:19.0498 6860 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

10:28:19.0501 6860 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

10:28:19.0503 6860 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

10:28:19.0505 6860 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

10:28:19.0509 6860 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

10:28:19.0512 6860 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

10:28:19.0515 6860 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

10:28:19.0517 6860 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

10:28:19.0519 6860 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

10:28:19.0541 6860 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

10:28:19.0564 6860 \Device\Harddisk0\DR0 - ok

10:28:19.0567 6860 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

10:28:19.0568 6860 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:28:19.0568 6860 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

10:28:27.0395 5300 Deinitialize success

10:30:05.0312 2828 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

10:30:05.0515 2828 ============================================================

10:30:05.0515 2828 Current date / time: 2013/03/01 10:30:05.0515

10:30:05.0515 2828 SystemInfo:

10:30:05.0515 2828

10:30:05.0515 2828 OS Version: 6.1.7601 ServicePack: 1.0

10:30:05.0515 2828 Product type: Workstation

10:30:05.0515 2828 ComputerName: HAVEN

10:30:05.0515 2828 UserName: Hellfire

10:30:05.0515 2828 Windows directory: C:\Windows

10:30:05.0515 2828 System windows directory: C:\Windows

10:30:05.0515 2828 Running under WOW64

10:30:05.0515 2828 Processor architecture: Intel x64

10:30:05.0515 2828 Number of processors: 8

10:30:05.0515 2828 Page size: 0x1000

10:30:05.0515 2828 Boot type: Normal boot

10:30:05.0515 2828 ============================================================

10:30:07.0465 2828 BG loaded

10:30:07.0730 2828 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

10:30:07.0730 2828 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:30:07.0746 2828 ============================================================

10:30:07.0746 2828 \Device\Harddisk0\DR0:

10:30:07.0746 2828 MBR partitions:

10:30:07.0746 2828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:30:07.0746 2828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6175800

10:30:07.0746 2828 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x61A8000, BlocksNum 0x186A0000

10:30:07.0746 2828 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1E848000, BlocksNum 0x38CFD800

10:30:07.0746 2828 \Device\Harddisk1\DR1:

10:30:07.0746 2828 MBR partitions:

10:30:07.0746 2828 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0

10:30:07.0746 2828 ============================================================

10:30:07.0792 2828 C: <-> \Device\Harddisk0\DR0\Partition2

10:30:07.0824 2828 D: <-> \Device\Harddisk0\DR0\Partition3

10:30:07.0870 2828 E: <-> \Device\Harddisk0\DR0\Partition4

10:30:07.0870 2828 ============================================================

10:30:07.0870 2828 Initialize success

10:30:07.0870 2828 ============================================================

10:30:33.0088 2248 Deinitialize success

Link to post
Share on other sites

  • Staff

Please run the following

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 13-03-01.01 - Hellfire 03/01/2013 12:31:51.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.4385 [GMT -8:00]

Running from: c:\users\Hellfire\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\3C06.tmp

c:\programdata\Microsoft\Windows\DRM\3C07.tmp

c:\users\Hellfire\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll

c:\users\Hellfire\AppData\Local\Temp\jna7010444426362411613.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-02-01 to 2013-03-01 )))))))))))))))))))))))))))))))

.

.

2013-03-01 20:35 . 2013-03-01 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-01 18:28 . 2013-03-01 18:28 -------- d-----w- C:\TDSSKiller_Quarantine

2013-03-01 06:23 . 2013-03-01 06:23 -------- d-----w- C:\FRST

2013-02-28 22:14 . 2013-02-28 22:14 -------- d-----w- c:\program files (x86)\Seagate

2013-02-28 22:13 . 2013-02-28 22:13 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2013-02-28 00:46 . 2013-02-28 00:46 -------- d-----w- c:\users\Hellfire\AppData\Local\Avg2013

2013-02-28 00:46 . 2013-02-28 01:24 -------- d-----w- c:\programdata\MFAData

2013-02-28 00:46 . 2013-02-28 00:46 -------- d-----w- c:\users\Hellfire\AppData\Local\MFAData

2013-02-27 19:56 . 2013-02-27 19:56 -------- d-----w- c:\users\Hellfire\AppData\Roaming\Malwarebytes

2013-02-27 19:56 . 2013-02-27 19:56 -------- d-----w- c:\programdata\Malwarebytes

2013-02-27 19:56 . 2013-02-27 19:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-02-27 19:56 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-27 11:21 . 2013-02-27 11:21 -------- d-----w- c:\users\Hellfire\AppData\Local\AVG Secure Search

2013-02-27 03:02 . 2013-02-27 03:02 -------- d-----w- c:\users\Hellfire\AppData\Local\AVG SafeGuard toolbar

2013-02-27 03:01 . 2013-02-27 03:01 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-02-27 03:01 . 2013-02-27 03:01 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2013-02-27 03:01 . 2013-02-27 03:01 -------- d--h--w- c:\programdata\Common Files

2013-02-27 03:01 . 2013-02-27 03:02 -------- d-----w- c:\program files (x86)\PowerISO

2013-02-27 03:01 . 2013-01-27 13:35 127384 ----a-w- c:\windows\system32\drivers\scdemu.sys

2013-02-27 01:33 . 2013-02-27 02:04 -------- d-----w- c:\windows\system32\drivers\NISx64\1403000.024

2013-02-15 06:14 . 2013-02-15 06:14 -------- d-----w- c:\program files (x86)\The Promised Land

2013-02-15 05:20 . 2013-02-15 05:20 -------- d-----w- c:\users\Hellfire\AppData\Roaming\EPubMetadataEditor

2013-02-15 05:13 . 2013-02-15 05:13 -------- d-----w- c:\users\Hellfire\AppData\Local\Programs

2013-02-14 21:41 . 2013-02-14 21:45 -------- d-----w- c:\programdata\Big Fish Games

2013-02-14 21:18 . 2013-02-14 21:18 -------- d-----w- c:\users\Hellfire\AppData\Roaming\Boolat Games

2013-02-14 20:54 . 2013-02-14 20:54 -------- d-----w- c:\windows\The Promised Land

2013-02-13 11:01 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 11:01 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 09:28 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 09:28 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 09:28 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 09:28 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 09:28 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 09:28 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 09:28 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 09:28 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 09:28 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 09:28 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 09:28 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 09:28 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-11 04:53 . 2013-02-11 04:53 -------- d-----w- c:\programdata\Belkin

2013-02-10 06:49 . 2013-02-10 06:49 -------- d-----w- c:\users\Hellfire\AppData\Roaming\Lonely Troops

2013-02-10 06:44 . 2013-02-10 06:44 -------- d-----w- c:\users\Hellfire\AppData\Roaming\PlayFirst

2013-02-10 06:44 . 2013-02-10 06:44 -------- d-----w- c:\programdata\PlayFirst

2013-02-10 06:41 . 2013-02-10 06:41 -------- d-----w- c:\program files (x86)\ReflexiveArcade

2013-02-05 08:13 . 2013-02-05 08:14 -------- d-----w- c:\users\Hellfire\AppData\Local\TERA

2013-02-03 23:28 . 2012-09-07 02:05 43680 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2013-02-02 11:18 . 2013-02-02 11:18 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-02-02 11:18 . 2013-02-02 11:18 -------- d-----r- c:\program files (x86)\Skype

2013-02-01 06:28 . 2013-02-01 06:40 -------- d-----w- c:\users\Hellfire\dwhelper

2013-02-01 01:53 . 2012-11-09 08:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-02-01 01:22 . 2013-02-01 01:22 -------- d-----w- c:\users\Hellfire\AppData\Local\Macromedia

2013-02-01 01:17 . 2013-02-01 01:17 -------- d-----w- c:\users\Hellfire\AppData\Local\Mozilla

2013-02-01 01:17 . 2013-02-10 06:33 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-02-01 00:41 . 2013-02-01 00:41 -------- d-----w- c:\windows\SysWow64\Adobe

2013-02-01 00:25 . 2013-02-27 00:24 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-01 00:25 . 2013-02-27 00:24 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-13 11:04 . 2012-11-06 07:27 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-01-04 04:43 . 2013-02-13 09:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-21 22:18 . 2012-12-04 02:55 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-21 22:18 . 2012-11-07 19:46 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-12-21 21:30 . 2012-11-07 19:46 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-19 23:45 . 2012-12-19 23:45 222720 ----a-w- c:\windows\system32\clinfo.exe

2012-12-19 23:44 . 2012-12-19 23:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-12-19 23:44 . 2012-12-19 23:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-12-19 23:44 . 2012-12-19 23:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll

2012-12-19 23:44 . 2012-12-19 23:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-12-19 23:44 . 2012-12-19 23:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll

2012-12-19 23:38 . 2012-12-19 23:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-12-19 23:34 . 2012-12-19 23:34 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-12-19 23:34 . 2012-12-19 23:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-12-19 20:50 . 2012-09-28 02:23 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll

2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll

2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll

2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-12-19 20:09 . 2012-09-28 01:43 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-12-19 20:08 . 2012-09-28 01:41 1151488 ----a-w- c:\windows\system32\aticfx64.dll

2012-12-19 20:06 . 2012-12-19 20:06 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-12-19 19:59 . 2012-09-28 01:31 5087744 ----a-w- c:\windows\system32\atiumd6a.dll

2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll

2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe

2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe

2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-12-19 19:49 . 2012-09-28 01:22 7370752 ----a-w- c:\windows\system32\atidxx64.dll

2012-12-19 19:44 . 2012-09-28 01:22 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-12-19 19:44 . 2012-09-28 01:25 6786560 ----a-w- c:\windows\system32\atiumd64.dll

2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-12-19 19:31 . 2012-09-28 01:11 130048 ----a-w- c:\windows\system32\atiuxp64.dll

2012-12-19 19:31 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-12-19 19:31 . 2012-09-28 01:11 104448 ----a-w- c:\windows\system32\atiu9p64.dll

2012-12-19 19:30 . 2012-09-28 01:10 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-12-16 17:11 . 2012-12-22 11:00 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-22 11:00 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-22 11:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-22 11:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-07 13:20 . 2013-01-09 03:59 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 03:59 2746368 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 03:59 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 03:59 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 03:59 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 03:59 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 03:59 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 03:59 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 03:59 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 03:59 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 03:59 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 03:59 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 03:59 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 03:59 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 03:59 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 03:59 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 03:59 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 03:59 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 03:59 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 03:59 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 03:59 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 03:59 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 03:59 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 03:59 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 03:59 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 03:59 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 03:59 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 03:59 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 03:59 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 03:59 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 03:59 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 03:59 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2012-12-04 02:52 . 2012-11-07 19:46 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hellfire\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hellfire\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hellfire\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\steam\Steam.exe" [2013-02-25 1602984]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2012-02-23 1885088]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-01-27 337432]

.

c:\users\Hellfire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2012-11-6 0]

Dropbox.lnk - c:\users\Hellfire\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]

Minecraft Server.lnk - c:\users\Hellfire\AppData\Roaming\.minecraft\Multiplayer\Server.bat [2012-11-5 52]

PS3 Media Server.lnk - c:\program files (x86)\PS3 Media Server\PMS.exe [2012-11-6 432785]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-06 1255736]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS [2013-01-22 493656]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS [2013-01-31 1139800]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-27 39768]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys [2012-11-16 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130228.001\IDSvia64.sys [2012-11-03 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS [2012-11-16 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403000.024\SYMNETS.SYS [2013-01-31 432800]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe [2012-12-24 144520]

S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-27 968880]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-09-25 73728]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-09-25 178688]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-01 00:24]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hellfire\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hellfire\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hellfire\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hellfire\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://us.blizzard.com/en-us/

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

FF - ProfilePath - c:\users\Hellfire\AppData\Roaming\Mozilla\Firefox\Profiles\g1ijgwmp.default\

FF - prefs.js: browser.startup.homepage - hxxp://us.blizzard.com/en-us/

FF - ExtSQL: 2013-01-31 09:43; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn

FF - ExtSQL: 2013-01-31 17:08; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn

FF - ExtSQL: 2013-01-31 22:19; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Hellfire\AppData\Roaming\Mozilla\Firefox\Profiles\g1ijgwmp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-10394975.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2013-03-01 12:41:20 - machine was rebooted

ComboFix-quarantined-files.txt 2013-03-01 20:41

.

Pre-Run: 11,912,286,208 bytes free

Post-Run: 11,841,437,696 bytes free

.

- - End Of File - - 017F9E6613EAB70CFA2549C16022E301

Link to post
Share on other sites

  • Staff

Please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.6 (02.27.2013:1)

OS: Windows 7 Home Premium x64

Ran by Hellfire on Fri 03/01/2013 at 16:54:45.18

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon

Failed to delete: [Registry Key] hkey_local_machine\software\datamngr

Successfully deleted: [Registry Key] hkey_current_user\software\ilivid

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetup.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs

Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr

Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\ilividsetup_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\ilividsetup_rasmancs

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\Users\Hellfire\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\Hellfire\AppData\Roaming\strongvault"

Successfully deleted: [Folder] "C:\Users\Hellfire\appdata\local\stronghold_llc"

Successfully deleted: [Folder] "C:\Users\Hellfire\appdata\local\strongvault online backup"

Successfully deleted: [Folder] "C:\Users\Hellfire\appdata\local\swvupdater"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Successfully deleted: [File] C:\Users\Hellfire\AppData\Roaming\mozilla\firefox\profiles\g1ijgwmp.default\extensions\tvvevltncl@tvvevltncl.org.xpi [Tracur]

Successfully deleted: [Folder] C:\Users\Hellfire\AppData\Roaming\mozilla\firefox\profiles\g1ijgwmp.default\extensions\staged

Emptied folder: C:\Users\Hellfire\AppData\Roaming\mozilla\firefox\profiles\g1ijgwmp.default\minidumps [1 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 03/01/2013 at 17:02:02.59

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.113 - Logfile created 03/01/2013 at 17:05:40

# Updated 23/02/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Hellfire - HAVEN

# Boot Mode : Normal

# Running from : C:\Users\Hellfire\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Users\Hellfire\AppData\Local\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\fededee73fb940

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Hellfire\AppData\Roaming\Mozilla\Firefox\Profiles\g1ijgwmp.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [3535 octets] - [01/03/2013 17:05:40]

########## EOF - C:\AdwCleaner[s1].txt - [3595 octets] ##########

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.01.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Hellfire :: HAVEN [administrator]

Protection: Enabled

3/1/2013 5:11:41 PM

mbam-log-2013-03-01 (17-11-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210185

Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\3C06.tmp.vir Win64/Olmarik.AR trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\3C07.tmp.vir Win64/Olmarik.AR trojan

C:\TDSSKiller_Quarantine\01.03.2013_10.27.11\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan

C:\TDSSKiller_Quarantine\01.03.2013_10.27.11\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.SV trojan

Link to post
Share on other sites

  • Staff

the items found by ESET are already in quarantine. You can delete the TDSSKiller quarantine if you wish then the Qoobox folder will be removed once ComboFix is uninstalled when we do the cleanup of the tools at the end.

Your Java is out of date:

javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

  • Go to this site and click on "Do I have Java"
  • It will check your current version and then offer to update to the latest version
  • Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

Note: Check in Programs and Features to make certain there are no old versions of Java still installed, if there are - remove them.

Please let me know if there are any outstanding issues

Link to post
Share on other sites

Java us updated, thanks for the info

comp is working better other than having issues starting up, it will sometimes hang and not finish loading the desktop, looks like whatever was on my comp is gone but it may have done too much damage. was trying to avoid having to do a reinstall of windows, but at least I can limp along till I have the free time to do it

Thank you much for the assistance

Link to post
Share on other sites

  • Staff

Try this:

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC

Capture.gif

On the the Start Repairs tab => Click the Start

7fthj.png

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know if that helps

Link to post
Share on other sites

wow that apears to have done it, multiple reboots and it's working fine. thank you so much, this is way above and beyond what I would expect from free support

so why dosn't norton catch this sort of thing? and how well does malwarebytes cover what norton dosn't?

Link to post
Share on other sites

  • Staff

These types of infections are specifically designed to thwart antivirus products. There isn't an antivirus out there that can catch everything unfortunately. Malwarebytes is an entirely different product, it is designed as an antimalware product, to work hand in hand with your antivirus (the Pro version is well worth it)

we just have some housekeeping to do now:

You can delete the DDS, JRT, FRST and TDSSKiller logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

------------------------------------------------------

Important

Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.

Java

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

We recommend disabling Java in your browsers, and enabling it only when needed by certain websites.

Please disable Java in your browser(s) by following these instructions:

How do I disable Java in my web browser?

------------------------------------------------------

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

    [*]Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.