Solved Malware saying I have a trojan

Jubis · 2012/11/02

[Resolved] Malware saying I have a trojan

Hello, I share my computer with a woman and her son and something is kinda funky. I don't know what is really going on with it, other than Malwarebytes Anti-Malware keeps detecting a malicious process from attempting to start, called "C:\Windows\svchost.exe Trojan.Agent"
I've ran a scan and "removed it" but it keeps coming up. My internet has been weird too, redirecting me. When I search something on google and click a link, it redirects me to a search thing.

I will post the logs in my next reply.

Thank you,
Nick

Jubis · 2012/11/02

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.02.11

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Nick :: PRODIGGITY-PC [administrator]

Protection: Enabled

11/2/2012 5:32:38 PM
mbam-log-2012-11-02 (17-32-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254704
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Michele\AppData\Local\Temp\0.28433128438296273 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Michele\AppData\Local\Temp\0.5250230860442989 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Michele\AppData\Local\Temp\0.8236657277855762 (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Jubis · 2012/11/02

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-02 18:00:23
Windows 6.1.7600
Running: ge7h42js.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3F 0x2E 0xD3 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAF 0x2F 0x5B 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x37 0xE3 0x46 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0xFC 0x1B 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3F 0x2E 0xD3 0x19 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAF 0x2F 0x5B 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x37 0xE3 0x46 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0xFC 0x1B 0xAD ...

---- EOF - GMER 1.0.15 ----

Jubis · 2012/11/02

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-02 18:06:05
-----------------------------
18:06:05.540 OS Version: Windows x64 6.1.7600
18:06:05.540 Number of processors: 2 586 0x170A
18:06:05.540 ComputerName: PRODIGGITY-PC UserName: Nick
18:06:09.113 Initialize success
18:06:21.823 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5
18:06:21.823 Disk 0 Vendor: ST3250318AS CC38 Size: 238475MB BusType: 3
18:06:21.823 Device \Driver\atapi -> MajorFunction fffffa8004d025e8
18:06:21.838 Disk 0 MBR read successfully
18:06:21.838 Disk 0 MBR scan
18:06:21.838 Disk 0 Windows 7 default MBR code
18:06:21.838 Disk 0 MBR hidden
18:06:21.854 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:06:21.854 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
18:06:21.870 Disk 0 scanning C:\Windows\system32\drivers
18:06:27.595 Service scanning
18:06:38.172 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:06:41.728 Modules scanning
18:06:41.728 Disk 0 trace - called modules:
18:06:42.212 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004d025e8]<<
18:06:42.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004934060]
18:06:42.228 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8004421520]
18:06:42.228 5 ACPI.sys[fffff8800103a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-5[0xfffffa800441e060]
18:06:42.228 \Driver\atapi[0xfffffa8004c73550] -> IRP_MJ_CREATE -> 0xfffffa8004d025e8
18:06:42.243 Scan finished successfully
18:06:50.995 Disk 0 MBR has been saved successfully to "C:\Users\Nick\Desktop\MBR.dat "
18:06:50.995 The log file has been saved successfully to "C:\Users\Nick\Desktop\aswMBR.txt "

Jubis · 2012/11/02

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Nick at 18:07:32 on 2012-11-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2503 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\SysWOW64\cchservice.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\Razer\Habu\razerhid.exe
C:\Program Files (x86)\UVC Video Camera\UVCSti.exe
C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Habu\razerofa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=15153&l=dis
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [CCWinTray] C:\Windows\tray\wintmr.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe "
mRun: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe "
mRun: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe "
mRun: [Habu] C:\Program Files (x86)\Razer\Habu\razerhid.exe
mRun: [UVCSti] "C:\Program Files (x86)\UVC Video Camera\UVCSti.exe "
mRun: [RunUVC] "C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCtray.exe "
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe "
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
mRun: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe
dRun: [CCWinTray] C:\Windows\tray\wintmr.exe
dRun: [HP] rundll32.exe "C:\Users\Michele\AppData\Local\Microsoft\HP\gfomgoj.dll ",VisioLibMainW
StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JACQUI~1.LNK - C:\Program Files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: RestrictRun = dword:0
uPolicies-System: DisableClock = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2D451168-4286-4A0A-8396-E84C24A2B869} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6F26192A-DD8A-4523-A273-BC17B6634610} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6F26192A-DD8A-4523-A273-BC17B6634610}\130393027516272756E6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6F26192A-DD8A-4523-A273-BC17B6634610}\46C696E6B6 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\extensions\{f8946e7d-99a3-4100-a357-62b283b3fb4e}\components\FFExternalAlert.dll
FF - component: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\extensions\{f8946e7d-99a3-4100-a357-62b283b3fb4e}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: !HIDDEN! 2010-05-02 17:17; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-7-17 319488]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-2 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-2 676936]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2012-8-12 126392]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-3-15 26624]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-19 3027840]
R3 Cam3820;Cam3820 PC Camera Driver;C:\Windows\System32\drivers\cam3820a.sys [2008-5-20 280064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-7 25928]
R3 rt61x64;Gigabyte RT61 Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr6164.sys [2010-3-24 476160]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-15 215040]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-3-15 1235968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-28 136176]
S2 ksupmgr;File-/Update Service;C:\Windows\SysWOW64\ksupmgr.exe [2012-7-21 765592]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 115168]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2012-7-24 38912]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-3-15 43008]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtVlan60.sys [2010-3-15 24064]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-3-15 43008]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
.
=============== Created Last 30 ================
.
2012-11-02 21:42:51 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB19792F-9D22-41BA-9808-E19A0ACA5095}\offreg.dll
2012-11-02 21:41:31 20480 ----a-w- C:\Windows\svchost.exe
2012-10-25 22:24:46 2596800 ----a-w- C:\Windows\SysWow64\ccsync.exe
2012-10-25 22:24:46 244680 ----a-w- C:\Windows\SysWow64\wdrvhook.dll
2012-10-24 21:57:19 -------- d-----w- C:\Windows\tray
2012-10-24 21:57:19 -------- d-----w- C:\Windows\SysWow64\cc32
2012-10-24 21:57:17 62088 ----a-w- C:\Windows\SysWow64\ccinj64.sys
2012-10-24 21:57:17 44968 ----a-w- C:\Windows\SysWow64\ccinj32.sys
2012-10-24 21:57:17 387320 ----a-w- C:\Windows\SysWow64\dllcin64.exe
2012-10-24 21:57:17 299288 ----a-w- C:\Windows\SysWow64\dllcin32.exe
2012-10-24 21:57:14 -------- d-----w- C:\Windows\SysWow64\scurl
2012-10-24 21:57:13 -------- d-----w- C:\Windows\SysWow64\wdrv
.
==================== Find3M ====================
.
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 18:07:54.63 ===============

Jubis · 2012/11/02

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/16/2010 5:27:00 AM
System Uptime: 11/2/2012 5:40:08 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5QL/EPU
Processor: Pentium(R) Dual-Core CPU E6500 @ 2.93GHz | LGA775 | 2932/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 140.513 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP137: 8/3/2012 11:38:52 AM - Scheduled Checkpoint
RP138: 10/24/2012 7:51:57 PM - Scheduled Checkpoint
RP139: 11/1/2012 9:00:44 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
18 Wheels of Steel: American Long Haul
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin 64-bit
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
AI Suite
AIM 6.0
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
Bonjour
BufferChm
Call of Duty: World at War
Child Control
Copy
Counter-Strike
Counter-Strike: Source
Data Lifeguard Diagnostic for Windows 1.24
Day of Defeat
Destinations
DeviceDiscovery
Diablo II
Diablo III
Diagnostic Utility
DJ_AIO_05_F4400_Software_Min
Download Updater (AOL LLC)
EVGA Precision 1.8.1
Express Gate
F4400
Finale 2011
Gigabyte Wireless LAN Card
Google Chrome
Google Update Helper
GPBaseService2
Grand Theft Auto: San Andreas
HP Customer Participation Program 13.0
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Insaniquarium Deluxe 1.0
iTunes
Java Auto Updater
Java(TM) 6 Update 29
LEGO Universe
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
MegaSceneryX Las Vegas
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 Parser and SDK
Norton PC Checkup
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
PC Probe II
Platform
PunkBuster Services
PVSonyDll
QuickTime
Razer Habu Config
Razer Lycosa
Realtek 8136 8168 8169 Ethernet Driver
ResumeMaker Professional
ROBLOX Player
ROBLOX Studio
Scan
Shop for HP Supplies
Skype™ 5.10
SmartWebPrinting
SolutionCenter
StarCraft II
Status
Steam
TeamViewer 7
Toolbox
Touchstone Installer
TrayApp
Turok
UVC Video Camera
Ventrilo Client for Windows x64
VIA Platform Device Manager
Viewpoint Media Player
Virtual Sailor 7
VLC media player 1.0.5
WebReg
WinRAR 4.00 beta 3 (64-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
11/2/2012 5:30:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f6e50a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110212-16770-01.
10/28/2012 7:58:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/28/2012 7:58:46 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

broni · 2012/11/02

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================

You abandoned this topic in the past: http://www.windowsbbs.com/malware-virus-removal/94935-inactive-wont-let-me-do-anything.html
If it happens again you won't be eligible to receive any more help in malware removal forum

On a top of it you're not running any AV pprogram.
This is not your first visit in malware removal forum and you should know that having some AV program is a must.
The very same thing is stated in forum preliminaries which means you didn't read it carefully.

Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

Next....

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Jubis · 2012/11/02

In response to your last message, I am currently downloading those and will be running them straight away, but I wanted to take a minute to apologize. I ended up being gifted a brand new laptop because school was just starting and I had told my parents about the problems I'd been having. I should have came on here to let you know and it was really rude and disrespectful that I didn't think to do that. I sincerely apologize and hope you can understand. I can say that it will not happen again.

Yours,
Nick

broni · 2012/11/02

Apology accepted

Jubis · 2012/11/02

So my results are.. I ran Avast! and it came up with two files. I chose the delete option. It said that it was successful. I will post the log from the second scan in my next reply.

Jubis · 2012/11/02

22:15:48.0243 6044 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:15:48.0541 6044 ============================================================
22:15:48.0541 6044 Current date / time: 2012/11/02 22:15:48.0541
22:15:48.0541 6044 SystemInfo:
22:15:48.0541 6044
22:15:48.0542 6044 OS Version: 6.1.7600 ServicePack: 0.0
22:15:48.0542 6044 Product type: Workstation
22:15:48.0542 6044 ComputerName: PRODIGGITY-PC
22:15:48.0542 6044 UserName: Nick
22:15:48.0542 6044 Windows directory: C:\Windows
22:15:48.0542 6044 System windows directory: C:\Windows
22:15:48.0542 6044 Running under WOW64
22:15:48.0542 6044 Processor architecture: Intel x64
22:15:48.0542 6044 Number of processors: 2
22:15:48.0542 6044 Page size: 0x1000
22:15:48.0542 6044 Boot type: Normal boot
22:15:48.0542 6044 ============================================================
22:15:49.0919 6044 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x1C042, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
22:15:49.0926 6044 ============================================================
22:15:49.0926 6044 \Device\Harddisk0\DR0:
22:15:49.0926 6044 MBR partitions:
22:15:49.0926 6044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:15:49.0926 6044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
22:15:49.0926 6044 ============================================================
22:15:49.0945 6044 C: <-> \Device\Harddisk0\DR0\Partition2
22:15:49.0945 6044 ============================================================
22:15:49.0945 6044 Initialize success
22:15:49.0945 6044 ============================================================
22:15:53.0869 5240 ============================================================
22:15:53.0869 5240 Scan started
22:15:53.0869 5240 Mode: Manual;
22:15:53.0869 5240 ============================================================
22:15:54.0955 5240 ================ Scan system memory ========================
22:15:54.0955 5240 System memory - ok
22:15:54.0956 5240 ================ Scan services =============================
22:15:55.0104 5240 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:15:55.0106 5240 1394ohci - ok
22:15:55.0133 5240 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:15:55.0135 5240 ACPI - ok
22:15:55.0157 5240 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:15:55.0159 5240 AcpiPmi - ok
22:15:55.0248 5240 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:15:55.0249 5240 AdobeARMservice - ok
22:15:55.0294 5240 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:15:55.0299 5240 adp94xx - ok
22:15:55.0315 5240 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:15:55.0317 5240 adpahci - ok
22:15:55.0335 5240 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:15:55.0338 5240 adpu320 - ok
22:15:55.0366 5240 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:15:55.0368 5240 AeLookupSvc - ok
22:15:55.0401 5240 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
22:15:55.0405 5240 AFD - ok
22:15:55.0433 5240 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:15:55.0435 5240 agp440 - ok
22:15:55.0455 5240 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:15:55.0457 5240 ALG - ok
22:15:55.0476 5240 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:15:55.0477 5240 aliide - ok
22:15:55.0493 5240 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:15:55.0495 5240 amdide - ok
22:15:55.0530 5240 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:15:55.0532 5240 AmdK8 - ok
22:15:55.0551 5240 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:15:55.0553 5240 AmdPPM - ok
22:15:55.0570 5240 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
22:15:55.0573 5240 amdsata - ok
22:15:55.0591 5240 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:15:55.0594 5240 amdsbs - ok
22:15:55.0609 5240 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
22:15:55.0611 5240 amdxata - ok
22:15:55.0635 5240 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:15:55.0636 5240 AppID - ok
22:15:55.0661 5240 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:15:55.0662 5240 AppIDSvc - ok
22:15:55.0671 5240 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:15:55.0673 5240 Appinfo - ok
22:15:55.0755 5240 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:15:55.0756 5240 Apple Mobile Device - ok
22:15:55.0789 5240 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:15:55.0791 5240 AppMgmt - ok
22:15:55.0815 5240 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:15:55.0817 5240 arc - ok
22:15:55.0833 5240 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:15:55.0835 5240 arcsas - ok
22:15:55.0905 5240 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
22:15:55.0907 5240 AsIO - ok
22:15:56.0009 5240 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:15:56.0011 5240 aspnet_state - ok
22:15:56.0035 5240 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
22:15:56.0036 5240 AsUpIO - ok
22:15:56.0072 5240 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:15:56.0074 5240 aswFsBlk - ok
22:15:56.0123 5240 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:15:56.0126 5240 aswMonFlt - ok
22:15:56.0145 5240 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
22:15:56.0147 5240 aswRdr - ok
22:15:56.0200 5240 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:15:56.0208 5240 aswSnx - ok
22:15:56.0324 5240 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:15:56.0327 5240 aswSP - ok
22:15:56.0366 5240 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:15:56.0367 5240 aswTdi - ok
22:15:56.0403 5240 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:15:56.0404 5240 AsyncMac - ok
22:15:56.0419 5240 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:15:56.0420 5240 atapi - ok
22:15:56.0463 5240 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:15:56.0467 5240 AudioEndpointBuilder - ok
22:15:56.0487 5240 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:15:56.0493 5240 AudioSrv - ok
22:15:56.0604 5240 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:15:56.0605 5240 avast! Antivirus - ok
22:15:56.0629 5240 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:15:56.0632 5240 AxInstSV - ok
22:15:56.0673 5240 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:15:56.0677 5240 b06bdrv - ok
22:15:56.0712 5240 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:15:56.0715 5240 b57nd60a - ok
22:15:56.0745 5240 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:15:56.0747 5240 BDESVC - ok
22:15:56.0765 5240 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:15:56.0766 5240 Beep - ok
22:15:56.0797 5240 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:15:56.0802 5240 BFE - ok
22:15:56.0831 5240 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
22:15:56.0839 5240 BITS - ok
22:15:56.0856 5240 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:15:56.0858 5240 blbdrive - ok
22:15:56.0920 5240 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:15:56.0924 5240 Bonjour Service - ok
22:15:56.0954 5240 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:15:56.0956 5240 bowser - ok
22:15:56.0980 5240 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:15:56.0982 5240 BrFiltLo - ok
22:15:57.0000 5240 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:15:57.0001 5240 BrFiltUp - ok
22:15:57.0020 5240 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
22:15:57.0022 5240 Browser - ok
22:15:57.0038 5240 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:15:57.0041 5240 Brserid - ok
22:15:57.0047 5240 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:15:57.0049 5240 BrSerWdm - ok
22:15:57.0055 5240 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:15:57.0056 5240 BrUsbMdm - ok
22:15:57.0068 5240 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:15:57.0070 5240 BrUsbSer - ok
22:15:57.0094 5240 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:15:57.0096 5240 BTHMODEM - ok
22:15:57.0129 5240 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:15:57.0132 5240 bthserv - ok
22:15:57.0161 5240 [ F52E8D7DB1A546A75175D485795838BF ] Cam3820 C:\Windows\system32\Drivers\cam3820a.sys
22:15:57.0163 5240 Cam3820 - ok
22:15:57.0191 5240 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:15:57.0193 5240 cdfs - ok
22:15:57.0209 5240 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:15:57.0211 5240 cdrom - ok
22:15:57.0229 5240 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:15:57.0231 5240 CertPropSvc - ok
22:15:57.0242 5240 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:15:57.0244 5240 circlass - ok
22:15:57.0259 5240 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:15:57.0262 5240 CLFS - ok
22:15:57.0303 5240 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:15:57.0307 5240 clr_optimization_v2.0.50727_32 - ok
22:15:57.0335 5240 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:15:57.0336 5240 clr_optimization_v2.0.50727_64 - ok
22:15:57.0411 5240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:15:57.0413 5240 clr_optimization_v4.0.30319_32 - ok
22:15:57.0427 5240 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:15:57.0430 5240 clr_optimization_v4.0.30319_64 - ok
22:15:57.0451 5240 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:15:57.0452 5240 CmBatt - ok
22:15:57.0479 5240 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:15:57.0480 5240 cmdide - ok
22:15:57.0501 5240 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
22:15:57.0505 5240 CNG - ok
22:15:57.0524 5240 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:15:57.0525 5240 Compbatt - ok
22:15:57.0537 5240 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:15:57.0538 5240 CompositeBus - ok
22:15:57.0545 5240 COMSysApp - ok
22:15:57.0561 5240 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:15:57.0562 5240 crcdisk - ok
22:15:57.0595 5240 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:15:57.0598 5240 CryptSvc - ok
22:15:57.0616 5240 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
22:15:57.0620 5240 CSC - ok
22:15:57.0643 5240 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
22:15:57.0648 5240 CscService - ok
22:15:57.0686 5240 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:15:57.0692 5240 DcomLaunch - ok
22:15:57.0728 5240 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:15:57.0731 5240 defragsvc - ok
22:15:57.0746 5240 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:15:57.0748 5240 DfsC - ok
22:15:57.0760 5240 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:15:57.0763 5240 Dhcp - ok
22:15:57.0788 5240 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:15:57.0789 5240 discache - ok
22:15:57.0807 5240 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:15:57.0810 5240 Disk - ok
22:15:57.0829 5240 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:15:57.0833 5240 Dnscache - ok
22:15:57.0853 5240 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:15:57.0857 5240 dot3svc - ok
22:15:57.0927 5240 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:15:57.0950 5240 Dot4 - ok
22:15:58.0164 5240 [ 85135AD27E79B689335C08167D917CDE ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:15:58.0223 5240 Dot4Print - ok
22:15:58.0259 5240 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:15:58.0261 5240 dot4usb - ok
22:15:58.0290 5240 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:15:58.0293 5240 DPS - ok
22:15:58.0323 5240 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:15:58.0324 5240 drmkaud - ok
22:15:58.0386 5240 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
22:15:58.0388 5240 DvmMDES - ok
22:15:58.0433 5240 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:15:58.0439 5240 DXGKrnl - ok
22:15:58.0472 5240 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
22:15:58.0475 5240 E1G60 - ok
22:15:58.0512 5240 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:15:58.0514 5240 EapHost - ok
22:15:58.0595 5240 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:15:58.0617 5240 ebdrv - ok
22:15:58.0635 5240 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
22:15:58.0638 5240 EFS - ok
22:15:58.0684 5240 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:15:58.0689 5240 ehRecvr - ok
22:15:58.0703 5240 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:15:58.0706 5240 ehSched - ok
22:15:58.0742 5240 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:15:58.0745 5240 elxstor - ok
22:15:58.0761 5240 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:15:58.0762 5240 ErrDev - ok
22:15:58.0800 5240 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:15:58.0803 5240 EventSystem - ok
22:15:58.0822 5240 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:15:58.0825 5240 exfat - ok
22:15:58.0843 5240 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:15:58.0847 5240 fastfat - ok
22:15:58.0868 5240 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:15:58.0874 5240 Fax - ok
22:15:58.0902 5240 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:15:58.0904 5240 fdc - ok
22:15:58.0915 5240 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:15:58.0917 5240 fdPHost - ok
22:15:58.0926 5240 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:15:58.0928 5240 FDResPub - ok
22:15:58.0942 5240 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:15:58.0944 5240 FileInfo - ok
22:15:58.0956 5240 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:15:58.0957 5240 Filetrace - ok
22:15:58.0968 5240 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:15:58.0969 5240 flpydisk - ok
22:15:58.0994 5240 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:15:58.0996 5240 FltMgr - ok
22:15:59.0033 5240 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
22:15:59.0042 5240 FontCache - ok
22:15:59.0077 5240 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:15:59.0079 5240 FontCache3.0.0.0 - ok
22:15:59.0095 5240 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:15:59.0096 5240 FsDepends - ok
22:15:59.0120 5240 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:15:59.0122 5240 Fs_Rec - ok
22:15:59.0148 5240 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:15:59.0151 5240 fvevol - ok
22:15:59.0172 5240 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:15:59.0174 5240 gagp30kx - ok
22:15:59.0232 5240 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:15:59.0233 5240 GEARAspiWDM - ok
22:15:59.0265 5240 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:15:59.0271 5240 gpsvc - ok
22:15:59.0369 5240 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:59.0372 5240 gupdate - ok
22:15:59.0395 5240 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:59.0396 5240 gupdatem - ok
22:15:59.0415 5240 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:15:59.0417 5240 hcw85cir - ok
22:15:59.0459 5240 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:15:59.0462 5240 HdAudAddService - ok
22:15:59.0480 5240 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:15:59.0482 5240 HDAudBus - ok
22:15:59.0494 5240 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:15:59.0495 5240 HidBatt - ok
22:15:59.0507 5240 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:15:59.0509 5240 HidBth - ok
22:15:59.0522 5240 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:15:59.0524 5240 HidIr - ok
22:15:59.0543 5240 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:15:59.0551 5240 hidserv - ok
22:15:59.0577 5240 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:15:59.0578 5240 HidUsb - ok
22:15:59.0593 5240 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:15:59.0597 5240 hkmsvc - ok
22:15:59.0613 5240 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:15:59.0617 5240 HomeGroupListener - ok
22:15:59.0640 5240 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:15:59.0644 5240 HomeGroupProvider - ok
22:15:59.0727 5240 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:15:59.0729 5240 hpqcxs08 - ok
22:15:59.0752 5240 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:15:59.0753 5240 hpqddsvc - ok
22:15:59.0771 5240 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:15:59.0773 5240 HpSAMD - ok
22:15:59.0812 5240 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:15:59.0817 5240 HTTP - ok
22:15:59.0832 5240 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:15:59.0833 5240 hwpolicy - ok
22:15:59.0855 5240 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:15:59.0858 5240 i8042prt - ok
22:15:59.0884 5240 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
22:15:59.0887 5240 iaStorV - ok
22:15:59.0946 5240 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:15:59.0948 5240 IDriverT - ok
22:15:59.0985 5240 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:15:59.0992 5240 idsvc - ok
22:16:00.0024 5240 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:16:00.0026 5240 iirsp - ok
22:16:00.0061 5240 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:16:00.0067 5240 IKEEXT - ok
22:16:00.0089 5240 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:16:00.0091 5240 intelide - ok
22:16:00.0112 5240 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:16:00.0114 5240 intelppm - ok
22:16:00.0125 5240 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:16:00.0127 5240 IPBusEnum - ok
22:16:00.0144 5240 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:16:00.0147 5240 IpFilterDriver - ok
22:16:00.0172 5240 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:16:00.0177 5240 iphlpsvc - ok
22:16:00.0194 5240 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:16:00.0196 5240 IPMIDRV - ok
22:16:00.0218 5240 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:16:00.0220 5240 IPNAT - ok
22:16:00.0261 5240 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:16:00.0267 5240 iPod Service - ok
22:16:00.0287 5240 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:16:00.0290 5240 IRENUM - ok
22:16:00.0303 5240 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:16:00.0304 5240 isapnp - ok
22:16:00.0322 5240 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:16:00.0324 5240 iScsiPrt - ok
22:16:00.0346 5240 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:16:00.0348 5240 kbdclass - ok
22:16:00.0365 5240 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:16:00.0367 5240 kbdhid - ok
22:16:00.0375 5240 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
22:16:00.0377 5240 KeyIso - ok
22:16:00.0388 5240 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:16:00.0391 5240 KSecDD - ok
22:16:00.0400 5240 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:16:00.0403 5240 KSecPkg - ok
22:16:00.0421 5240 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:16:00.0423 5240 ksthunk - ok
22:16:00.0495 5240 [ 3CA4073A107B42828732088957960643 ] ksupmgr C:\Windows\SysWOW64\ksupmgr.exe
22:16:00.0503 5240 ksupmgr - ok
22:16:00.0523 5240 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:16:00.0527 5240 KtmRm - ok
22:16:00.0568 5240 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:16:00.0572 5240 LanmanServer - ok
22:16:00.0582 5240 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:16:00.0587 5240 LanmanWorkstation - ok
22:16:00.0621 5240 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:16:00.0623 5240 lltdio - ok
22:16:00.0648 5240 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:16:00.0651 5240 lltdsvc - ok
22:16:00.0666 5240 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:16:00.0668 5240 lmhosts - ok
22:16:00.0684 5240 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:16:00.0686 5240 LSI_FC - ok
22:16:00.0710 5240 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:16:00.0712 5240 LSI_SAS - ok
22:16:00.0731 5240 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:16:00.0733 5240 LSI_SAS2 - ok
22:16:00.0748 5240 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:16:00.0750 5240 LSI_SCSI - ok
22:16:00.0763 5240 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:16:00.0765 5240 luafv - ok
22:16:00.0810 5240 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:16:00.0812 5240 MBAMProtector - ok
22:16:00.0864 5240 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:16:00.0867 5240 MBAMScheduler - ok
22:16:00.0888 5240 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:16:00.0893 5240 MBAMService - ok
22:16:00.0915 5240 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:16:00.0919 5240 Mcx2Svc - ok
22:16:00.0941 5240 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:16:00.0943 5240 megasas - ok
22:16:00.0967 5240 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:16:00.0970 5240 MegaSR - ok
22:16:01.0041 5240 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:16:01.0043 5240 Microsoft Office Groove Audit Service - ok
22:16:01.0079 5240 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:16:01.0083 5240 MMCSS - ok
22:16:01.0100 5240 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:16:01.0102 5240 Modem - ok
22:16:01.0134 5240 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:16:01.0136 5240 monitor - ok
22:16:01.0150 5240 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:16:01.0152 5240 mouclass - ok
22:16:01.0173 5240 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:16:01.0175 5240 mouhid - ok
22:16:01.0192 5240 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:16:01.0194 5240 mountmgr - ok
22:16:01.0263 5240 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:16:01.0265 5240 MozillaMaintenance - ok
22:16:01.0295 5240 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:16:01.0298 5240 mpio - ok
22:16:01.0309 5240 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:16:01.0312 5240 mpsdrv - ok
22:16:01.0346 5240 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:16:01.0353 5240 MpsSvc - ok
22:16:01.0367 5240 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:16:01.0370 5240 MRxDAV - ok
22:16:01.0396 5240 [ AB5892797C4114640BA333949568DE8C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:16:01.0398 5240 mrxsmb - ok
22:16:01.0413 5240 [ 81A38F7AEEB265634B05AE5F3F29FBC4 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:16:01.0415 5240 mrxsmb10 - ok
22:16:01.0443 5240 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:16:01.0446 5240 mrxsmb20 - ok

Jubis · 2012/11/02

22:16:01.0463 5240 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:16:01.0465 5240 msahci - ok
22:16:01.0484 5240 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:16:01.0487 5240 msdsm - ok
22:16:01.0507 5240 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:16:01.0511 5240 MSDTC - ok
22:16:01.0544 5240 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:16:01.0545 5240 Msfs - ok
22:16:01.0562 5240 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:16:01.0564 5240 mshidkmdf - ok
22:16:01.0576 5240 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:16:01.0577 5240 msisadrv - ok
22:16:01.0606 5240 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:16:01.0610 5240 MSiSCSI - ok
22:16:01.0615 5240 msiserver - ok
22:16:01.0646 5240 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:16:01.0648 5240 MSKSSRV - ok
22:16:01.0663 5240 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:16:01.0665 5240 MSPCLOCK - ok
22:16:01.0681 5240 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:16:01.0683 5240 MSPQM - ok
22:16:01.0701 5240 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:16:01.0704 5240 MsRPC - ok
22:16:01.0724 5240 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:16:01.0726 5240 mssmbios - ok
22:16:01.0731 5240 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:16:01.0733 5240 MSTEE - ok
22:16:01.0744 5240 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:16:01.0745 5240 MTConfig - ok
22:16:01.0778 5240 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:16:01.0780 5240 MTsensor - ok
22:16:01.0803 5240 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:16:01.0805 5240 Mup - ok
22:16:01.0832 5240 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:16:01.0837 5240 napagent - ok
22:16:01.0866 5240 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:16:01.0869 5240 NativeWifiP - ok
22:16:01.0913 5240 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:16:01.0920 5240 NDIS - ok
22:16:01.0940 5240 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:16:01.0941 5240 NdisCap - ok
22:16:01.0958 5240 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:16:01.0960 5240 NdisTapi - ok
22:16:01.0980 5240 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:16:01.0982 5240 Ndisuio - ok
22:16:01.0995 5240 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:16:01.0998 5240 NdisWan - ok
22:16:02.0011 5240 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:16:02.0013 5240 NDProxy - ok
22:16:02.0056 5240 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:16:02.0059 5240 Net Driver HPZ12 - ok
22:16:02.0085 5240 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:16:02.0087 5240 NetBIOS - ok
22:16:02.0110 5240 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:16:02.0112 5240 NetBT - ok
22:16:02.0123 5240 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
22:16:02.0125 5240 Netlogon - ok
22:16:02.0160 5240 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:16:02.0164 5240 Netman - ok
22:16:02.0240 5240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:02.0243 5240 NetMsmqActivator - ok
22:16:02.0263 5240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:02.0265 5240 NetPipeActivator - ok
22:16:02.0297 5240 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:16:02.0301 5240 netprofm - ok
22:16:02.0307 5240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:02.0309 5240 NetTcpActivator - ok
22:16:02.0315 5240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:02.0317 5240 NetTcpPortSharing - ok
22:16:02.0352 5240 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:16:02.0354 5240 nfrd960 - ok
22:16:02.0389 5240 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:16:02.0393 5240 NlaSvc - ok
22:16:02.0402 5240 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:16:02.0404 5240 Npfs - ok
22:16:02.0414 5240 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:16:02.0417 5240 nsi - ok
22:16:02.0425 5240 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:16:02.0426 5240 nsiproxy - ok
22:16:02.0471 5240 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:16:02.0482 5240 Ntfs - ok
22:16:02.0501 5240 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:16:02.0502 5240 Null - ok
22:16:02.0783 5240 [ 6F9CBE52517660B68694ACCEE35EC4D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:16:02.0873 5240 nvlddmkm - ok
22:16:02.0892 5240 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
22:16:02.0894 5240 nvraid - ok
22:16:02.0912 5240 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
22:16:02.0915 5240 nvstor - ok
22:16:02.0962 5240 [ 97F1A24AC0255C6E0A075C9CC772784A ] nvsvc C:\Windows\system32\nvvsvc.exe
22:16:02.0965 5240 nvsvc - ok
22:16:02.0982 5240 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:16:02.0984 5240 nv_agp - ok
22:16:03.0079 5240 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:16:03.0083 5240 odserv - ok
22:16:03.0102 5240 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:16:03.0104 5240 ohci1394 - ok
22:16:03.0145 5240 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:16:03.0146 5240 ose - ok
22:16:03.0181 5240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:16:03.0184 5240 p2pimsvc - ok
22:16:03.0205 5240 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:16:03.0209 5240 p2psvc - ok
22:16:03.0232 5240 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:16:03.0234 5240 Parport - ok
22:16:03.0242 5240 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:16:03.0244 5240 partmgr - ok
22:16:03.0330 5240 [ 5EACB8A19CAD7057806FBBF9550165E1 ] PcaSp60 C:\Windows\system32\DRIVERS\PcaSp60.sys
22:16:03.0379 5240 PcaSp60 - ok
22:16:03.0423 5240 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:16:03.0460 5240 PcaSvc - ok
22:16:03.0560 5240 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
22:16:03.0563 5240 PCCUJobMgr - ok
22:16:03.0579 5240 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:16:03.0590 5240 pci - ok
22:16:03.0610 5240 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:16:03.0611 5240 pciide - ok
22:16:03.0634 5240 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:16:03.0636 5240 pcmcia - ok
22:16:03.0652 5240 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:16:03.0654 5240 pcw - ok
22:16:03.0675 5240 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:16:03.0680 5240 PEAUTH - ok
22:16:03.0716 5240 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:16:03.0733 5240 PeerDistSvc - ok
22:16:03.0756 5240 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:16:03.0757 5240 PerfHost - ok
22:16:03.0854 5240 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:16:03.0864 5240 pla - ok
22:16:03.0887 5240 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:16:03.0892 5240 PlugPlay - ok
22:16:03.0926 5240 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:16:03.0929 5240 Pml Driver HPZ12 - ok
22:16:03.0946 5240 PnkBstrA - ok
22:16:03.0964 5240 PnkBstrB - ok
22:16:03.0985 5240 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:16:03.0988 5240 PNRPAutoReg - ok
22:16:04.0005 5240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:16:04.0008 5240 PNRPsvc - ok
22:16:04.0041 5240 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:16:04.0046 5240 PolicyAgent - ok
22:16:04.0068 5240 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:16:04.0072 5240 Power - ok
22:16:04.0101 5240 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:16:04.0104 5240 PptpMiniport - ok
22:16:04.0128 5240 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:16:04.0130 5240 Processor - ok
22:16:04.0160 5240 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
22:16:04.0163 5240 ProfSvc - ok
22:16:04.0171 5240 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
22:16:04.0173 5240 ProtectedStorage - ok
22:16:04.0200 5240 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:16:04.0202 5240 Psched - ok
22:16:04.0239 5240 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:16:04.0250 5240 ql2300 - ok
22:16:04.0275 5240 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:16:04.0278 5240 ql40xx - ok
22:16:04.0304 5240 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:16:04.0309 5240 QWAVE - ok
22:16:04.0322 5240 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:16:04.0323 5240 QWAVEdrv - ok
22:16:04.0336 5240 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:16:04.0338 5240 RasAcd - ok
22:16:04.0368 5240 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:16:04.0370 5240 RasAgileVpn - ok
22:16:04.0391 5240 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:16:04.0396 5240 RasAuto - ok
22:16:04.0407 5240 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:16:04.0410 5240 Rasl2tp - ok
22:16:04.0424 5240 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:16:04.0429 5240 RasMan - ok
22:16:04.0443 5240 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:16:04.0445 5240 RasPppoe - ok
22:16:04.0456 5240 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:16:04.0458 5240 RasSstp - ok
22:16:04.0484 5240 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:16:04.0487 5240 rdbss - ok
22:16:04.0501 5240 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:16:04.0502 5240 rdpbus - ok
22:16:04.0512 5240 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:16:04.0514 5240 RDPCDD - ok
22:16:04.0539 5240 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:16:04.0540 5240 RDPDR - ok
22:16:04.0570 5240 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:16:04.0571 5240 RDPENCDD - ok
22:16:04.0588 5240 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:16:04.0595 5240 RDPREFMP - ok
22:16:04.0618 5240 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:16:04.0620 5240 RDPWD - ok
22:16:04.0641 5240 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:16:04.0644 5240 rdyboost - ok
22:16:04.0669 5240 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:16:04.0672 5240 RemoteAccess - ok
22:16:04.0689 5240 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:16:04.0693 5240 RemoteRegistry - ok
22:16:04.0713 5240 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:16:04.0716 5240 RpcEptMapper - ok
22:16:04.0726 5240 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:16:04.0728 5240 RpcLocator - ok
22:16:04.0746 5240 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:16:04.0751 5240 RpcSs - ok
22:16:04.0780 5240 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:16:04.0782 5240 rspndr - ok
22:16:04.0817 5240 [ 9ADD6D3E331BA57F0DB4D67C92CB6E5D ] rt61x64 C:\Windows\system32\DRIVERS\netr6164.sys
22:16:04.0821 5240 rt61x64 - ok
22:16:04.0849 5240 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:16:04.0851 5240 RTL8167 - ok
22:16:04.0874 5240 [ 5532C4BF15173270757A75B46BAEB960 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
22:16:04.0876 5240 RtNdPt60 - ok
22:16:04.0889 5240 [ BC85BDC1C30066C78B8C67AF1241D0B7 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
22:16:04.0891 5240 RTTEAMPT - ok
22:16:04.0904 5240 [ 8B6B42D782202363A562F82B0E13B1C0 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
22:16:04.0905 5240 RTVLANPT - ok
22:16:04.0928 5240 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
22:16:04.0929 5240 s3cap - ok
22:16:04.0945 5240 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
22:16:04.0947 5240 SamSs - ok
22:16:04.0965 5240 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:16:04.0968 5240 sbp2port - ok
22:16:04.0994 5240 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:16:04.0999 5240 SCardSvr - ok
22:16:05.0014 5240 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:16:05.0015 5240 scfilter - ok
22:16:05.0040 5240 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
22:16:05.0049 5240 Schedule - ok
22:16:05.0070 5240 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:16:05.0072 5240 SCPolicySvc - ok
22:16:05.0085 5240 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:16:05.0089 5240 SDRSVC - ok
22:16:05.0115 5240 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:16:05.0116 5240 secdrv - ok
22:16:05.0129 5240 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:16:05.0132 5240 seclogon - ok
22:16:05.0148 5240 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:16:05.0151 5240 SENS - ok
22:16:05.0166 5240 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:16:05.0169 5240 SensrSvc - ok
22:16:05.0189 5240 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:16:05.0190 5240 Serenum - ok
22:16:05.0202 5240 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:16:05.0205 5240 Serial - ok
22:16:05.0219 5240 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:16:05.0221 5240 sermouse - ok
22:16:05.0257 5240 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:16:05.0261 5240 SessionEnv - ok
22:16:05.0271 5240 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:16:05.0272 5240 sffdisk - ok
22:16:05.0284 5240 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:16:05.0286 5240 sffp_mmc - ok
22:16:05.0291 5240 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:16:05.0293 5240 sffp_sd - ok
22:16:05.0310 5240 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:16:05.0311 5240 sfloppy - ok
22:16:05.0331 5240 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:16:05.0335 5240 SharedAccess - ok
22:16:05.0349 5240 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:16:05.0353 5240 ShellHWDetection - ok
22:16:05.0378 5240 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:16:05.0380 5240 SiSRaid2 - ok
22:16:05.0402 5240 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:16:05.0404 5240 SiSRaid4 - ok
22:16:05.0444 5240 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:16:05.0445 5240 SkypeUpdate - ok
22:16:05.0475 5240 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:16:05.0477 5240 Smb - ok
22:16:05.0511 5240 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:16:05.0514 5240 SNMPTRAP - ok
22:16:05.0539 5240 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:16:05.0541 5240 spldr - ok
22:16:05.0565 5240 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
22:16:05.0571 5240 Spooler - ok
22:16:05.0650 5240 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:16:05.0675 5240 sppsvc - ok
22:16:05.0688 5240 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:16:05.0692 5240 sppuinotify - ok
22:16:05.0732 5240 [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd C:\Windows\system32\Drivers\sptd.sys
22:16:05.0732 5240 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34F974F8B3C86DE03A30DCBE79091C97
22:16:05.0733 5240 sptd ( LockedFile.Multi.Generic ) - warning
22:16:05.0733 5240 sptd - detected LockedFile.Multi.Generic (1)
22:16:05.0768 5240 [ 37C3ABC2338010E110D2A6A3930F3149 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:16:05.0772 5240 srv - ok
22:16:05.0796 5240 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:16:05.0799 5240 srv2 - ok
22:16:05.0813 5240 [ CCE32BB223E9FF55D241099A858FA889 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:16:05.0815 5240 srvnet - ok
22:16:05.0844 5240 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:16:05.0848 5240 SSDPSRV - ok
22:16:05.0863 5240 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:16:05.0867 5240 SstpSvc - ok
22:16:05.0945 5240 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
22:16:05.0948 5240 StarWindServiceAE - ok
22:16:05.0967 5240 Steam Client Service - ok
22:16:05.0994 5240 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:16:05.0996 5240 stexstor - ok
22:16:06.0031 5240 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:16:06.0037 5240 stisvc - ok
22:16:06.0060 5240 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:16:06.0062 5240 storflt - ok
22:16:06.0080 5240 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
22:16:06.0081 5240 storvsc - ok
22:16:06.0094 5240 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:16:06.0095 5240 swenum - ok
22:16:06.0122 5240 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:16:06.0127 5240 swprv - ok
22:16:06.0163 5240 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:16:06.0176 5240 SysMain - ok
22:16:06.0203 5240 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:16:06.0207 5240 TabletInputService - ok
22:16:06.0227 5240 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:16:06.0231 5240 TapiSrv - ok
22:16:06.0241 5240 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:16:06.0245 5240 TBS - ok
22:16:06.0279 5240 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:16:06.0292 5240 Tcpip - ok
22:16:06.0338 5240 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:16:06.0350 5240 TCPIP6 - ok
22:16:06.0372 5240 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:16:06.0374 5240 tcpipreg - ok
22:16:06.0391 5240 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:16:06.0393 5240 TDPIPE - ok
22:16:06.0408 5240 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:16:06.0410 5240 TDTCP - ok
22:16:06.0437 5240 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:16:06.0440 5240 tdx - ok
22:16:06.0462 5240 [ BC85BDC1C30066C78B8C67AF1241D0B7 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
22:16:06.0463 5240 TEAM - ok
22:16:06.0663 5240 [ 3E85BDD019E3DB66D9471DAD7FD6A887 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:16:06.0683 5240 TeamViewer7 - ok
22:16:06.0719 5240 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:16:06.0721 5240 TermDD - ok
22:16:06.0749 5240 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:16:06.0756 5240 TermService - ok
22:16:06.0767 5240 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:16:06.0770 5240 Themes - ok
22:16:06.0781 5240 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:16:06.0784 5240 THREADORDER - ok
22:16:06.0804 5240 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:16:06.0808 5240 TrkWks - ok
22:16:06.0857 5240 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:16:06.0860 5240 TrustedInstaller - ok
22:16:06.0871 5240 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:16:06.0873 5240 tssecsrv - ok
22:16:06.0906 5240 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:16:06.0909 5240 tunnel - ok
22:16:06.0921 5240 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:16:06.0923 5240 uagp35 - ok
22:16:06.0940 5240 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:16:06.0942 5240 udfs - ok
22:16:06.0976 5240 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:16:06.0980 5240 UI0Detect - ok
22:16:06.0994 5240 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:16:06.0996 5240 uliagpkx - ok
22:16:07.0026 5240 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:16:07.0027 5240 umbus - ok
22:16:07.0045 5240 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:16:07.0046 5240 UmPass - ok
22:16:07.0059 5240 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
22:16:07.0064 5240 UmRdpService - ok
22:16:07.0084 5240 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:16:07.0088 5240 upnphost - ok
22:16:07.0125 5240 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:16:07.0127 5240 USBAAPL64 - ok
22:16:07.0159 5240 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:16:07.0162 5240 usbaudio - ok
22:16:07.0184 5240 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:16:07.0187 5240 usbccgp - ok
22:16:07.0208 5240 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:16:07.0210 5240 usbcir - ok
22:16:07.0230 5240 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:16:07.0232 5240 usbehci - ok
22:16:07.0253 5240 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:16:07.0256 5240 usbhub - ok
22:16:07.0277 5240 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:16:07.0279 5240 usbohci - ok
22:16:07.0303 5240 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:16:07.0305 5240 usbprint - ok
22:16:07.0330 5240 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:16:07.0332 5240 usbscan - ok
22:16:07.0347 5240 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:16:07.0350 5240 USBSTOR - ok
22:16:07.0370 5240 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:16:07.0371 5240 usbuhci - ok
22:16:07.0400 5240 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:16:07.0403 5240 usbvideo - ok
22:16:07.0429 5240 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:16:07.0433 5240 UxSms - ok
22:16:07.0442 5240 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
22:16:07.0444 5240 VaultSvc - ok
22:16:07.0463 5240 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:16:07.0465 5240 vdrvroot - ok
22:16:07.0485 5240 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:16:07.0491 5240 vds - ok
22:16:07.0506 5240 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:16:07.0507 5240 vga - ok
22:16:07.0525 5240 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:16:07.0526 5240 VgaSave - ok
22:16:07.0548 5240 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:16:07.0551 5240 vhdmp - ok
22:16:07.0603 5240 [ 574B29F436C4C63D37020C6E570A7528 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
22:16:07.0612 5240 VIAHdAudAddService - ok
22:16:07.0624 5240 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:16:07.0634 5240 viaide - ok
22:16:07.0641 5240 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
22:16:07.0645 5240 vmbus - ok
22:16:07.0658 5240 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
22:16:07.0660 5240 VMBusHID - ok
22:16:07.0671 5240 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:16:07.0673 5240 volmgr - ok
22:16:07.0689 5240 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:16:07.0692 5240 volmgrx - ok
22:16:07.0712 5240 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:16:07.0714 5240 volsnap - ok
22:16:07.0737 5240 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:16:07.0739 5240 vsmraid - ok
22:16:07.0785 5240 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:16:07.0801 5240 VSS - ok
22:16:07.0813 5240 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:16:07.0815 5240 vwifibus - ok
22:16:07.0847 5240 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:16:07.0851 5240 W32Time - ok
22:16:07.0874 5240 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:16:07.0876 5240 WacomPen - ok
22:16:07.0898 5240 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:16:07.0900 5240 WANARP - ok
22:16:07.0906 5240 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:16:07.0907 5240 Wanarpv6 - ok
22:16:07.0951 5240 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:16:07.0963 5240 wbengine - ok
22:16:07.0994 5240 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:16:07.0999 5240 WbioSrvc - ok
22:16:08.0018 5240 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:16:08.0023 5240 wcncsvc - ok
22:16:08.0036 5240 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:16:08.0040 5240 WcsPlugInService - ok
22:16:08.0058 5240 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:16:08.0060 5240 Wd - ok
22:16:08.0085 5240 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:16:08.0090 5240 Wdf01000 - ok
22:16:08.0104 5240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:16:08.0108 5240 WdiServiceHost - ok
22:16:08.0114 5240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:16:08.0118 5240 WdiSystemHost - ok
22:16:08.0158 5240 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
22:16:08.0162 5240 WebClient - ok
22:16:08.0177 5240 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:16:08.0182 5240 Wecsvc - ok
22:16:08.0199 5240 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:16:08.0202 5240 wercplsupport - ok
22:16:08.0225 5240 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:16:08.0229 5240 WerSvc - ok
22:16:08.0249 5240 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:16:08.0251 5240 WfpLwf - ok
22:16:08.0274 5240 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:16:08.0275 5240 WIMMount - ok
22:16:08.0290 5240 WinDefend - ok
22:16:08.0300 5240 WinHttpAutoProxySvc - ok
22:16:08.0344 5240 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:16:08.0346 5240 Winmgmt - ok
22:16:08.0392 5240 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:16:08.0407 5240 WinRM - ok
22:16:08.0453 5240 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:16:08.0454 5240 WinUsb - ok
22:16:08.0483 5240 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:16:08.0491 5240 Wlansvc - ok
22:16:08.0541 5240 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:16:08.0543 5240 WmiAcpi - ok
22:16:08.0565 5240 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:16:08.0567 5240 wmiApSrv - ok
22:16:08.0595 5240 WMPNetworkSvc - ok
22:16:08.0615 5240 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:16:08.0618 5240 WPCSvc - ok
22:16:08.0630 5240 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:16:08.0642 5240 WPDBusEnum - ok
22:16:08.0669 5240 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:16:08.0670 5240 ws2ifsl - ok
22:16:08.0688 5240 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:16:08.0692 5240 wscsvc - ok
22:16:08.0698 5240 WSearch - ok
22:16:08.0757 5240 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
22:16:08.0775 5240 wuauserv - ok
22:16:08.0793 5240 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:16:08.0796 5240 WudfPf - ok
22:16:08.0825 5240 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:16:08.0828 5240 WUDFRd - ok
22:16:08.0847 5240 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:16:08.0851 5240 wudfsvc - ok
22:16:08.0865 5240 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:16:08.0871 5240 WwanSvc - ok
22:16:08.0887 5240 ================ Scan global ===============================
22:16:08.0908 5240 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:16:08.0921 5240 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
22:16:08.0931 5240 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
22:16:08.0948 5240 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:16:08.0976 5240 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:16:08.0980 5240 [Global] - ok
22:16:08.0981 5240 ================ Scan MBR ==================================
22:16:08.0990 5240 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:16:08.0991 5240 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:16:09.0039 5240 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:16:09.0039 5240 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:16:09.0040 5240 ================ Scan VBR ==================================
22:16:09.0047 5240 [ 748834EE6C8B42B875466E06FBC5995B ] \Device\Harddisk0\DR0\Partition1
22:16:09.0049 5240 \Device\Harddisk0\DR0\Partition1 - ok
22:16:09.0057 5240 [ F383D443EFC6CD87573A2179E39FF56F ] \Device\Harddisk0\DR0\Partition2
22:16:09.0059 5240 \Device\Harddisk0\DR0\Partition2 - ok
22:16:09.0059 5240 ============================================================
22:16:09.0059 5240 Scan finished
22:16:09.0059 5240 ============================================================
22:16:09.0073 3620 Detected object count: 2
22:16:09.0073 3620 Actual detected object count: 2
22:16:18.0986 3620 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:16:18.0986 3620 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:16:19.0366 3620 \Device\Harddisk0\DR0\# - copied to quarantine
22:16:19.0369 3620 \Device\Harddisk0\DR0 - copied to quarantine
22:16:19.0433 3620 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:16:19.0460 3620 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:16:19.0485 3620 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:16:22.0546 3620 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:16:22.0622 3620 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:16:22.0624 3620 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:16:22.0626 3620 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:16:22.0629 3620 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:16:22.0659 3620 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:16:22.0694 3620 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:16:22.0697 3620 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:16:22.0699 3620 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:16:22.0778 3620 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:16:22.0780 3620 \Device\Harddisk0\DR0 - ok
22:16:28.0348 3620 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:17:13.0883 2688 Deinitialize success

broni · 2012/11/02

Good

Re-run MBAM one more time and post new log.

Next....

Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Jubis · 2012/11/02

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.02.11

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Nick :: PRODIGGITY-PC [administrator]

Protection: Enabled

11/2/2012 11:02:56 PM
mbam-log-2012-11-02 (23-02-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255009
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Jubis · 2012/11/02

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Nick [Admin rights]
Mode : Remove -- Date : 11/02/2012 23:09:18

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250318AS ATA Device +++++
--- User ---
[MBR] aa45e2cd3f379cf5a71c0513ca356f3f
[BSP] a9c57c13c416c43baba27ae2fe1f23c9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

broni · 2012/11/02

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Jubis · 2012/11/02

ComboFix 12-11-02.02 - Nick 11/02/2012 23:20:22.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2385 [GMT -4:00]
Running from: c:\users\Nick\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-03 03:28 . 2012-11-03 03:28 -------- d-----w- c:\users\Michele\AppData\Local\temp
2012-11-03 03:28 . 2012-11-03 03:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-03 03:28 . 2012-11-03 03:28 -------- d-----w- c:\users\Jackson\AppData\Local\temp
2012-11-03 02:23 . 2012-11-03 02:23 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB19792F-9D22-41BA-9808-E19A0ACA5095}\offreg.dll
2012-11-03 02:16 . 2012-11-03 02:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-03 01:16 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-03 01:16 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-03 01:16 . 2012-10-15 15:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-03 01:16 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-03 01:16 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-03 01:16 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-03 01:16 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-03 01:15 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-03 01:15 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-11-03 01:15 . 2012-11-03 01:15 -------- d-----w- c:\programdata\AVAST Software
2012-11-03 01:15 . 2012-11-03 01:15 -------- d-----w- c:\program files\AVAST Software
2012-11-02 20:35 . 2012-11-02 20:35 -------- d-----w- c:\users\Michele\AppData\Roaming\Malwarebytes
2012-10-30 23:23 . 2012-10-30 23:24 -------- d-----w- c:\users\Michele\AppData\Roaming\.minecraft
2012-10-28 23:59 . 2012-10-28 23:59 -------- d-----w- c:\users\Jackson\AppData\Local\Activision
2012-10-25 22:24 . 2009-07-13 23:15 2596800 ----a-w- c:\windows\SysWow64\ccsync.exe
2012-10-24 21:57 . 2012-10-24 21:57 -------- d-----w- c:\windows\tray
2012-10-24 21:57 . 2012-10-24 21:57 -------- d-----w- c:\windows\SysWow64\cc32
2012-10-24 21:57 . 2009-07-13 23:15 62088 ----a-w- c:\windows\SysWow64\ccinj64.sys
2012-10-24 21:57 . 2009-07-13 23:15 44968 ----a-w- c:\windows\SysWow64\ccinj32.sys
2012-10-24 21:57 . 2009-07-13 23:15 387320 ----a-w- c:\windows\SysWow64\dllcin64.exe
2012-10-24 21:57 . 2009-07-13 23:15 299288 ----a-w- c:\windows\SysWow64\dllcin32.exe
2012-10-24 21:57 . 2012-10-24 21:58 -------- d-----w- c:\windows\SysWow64\scurl
2012-10-24 21:57 . 2012-10-24 21:57 -------- d-----w- c:\windows\SysWow64\wdrv
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 23:54 . 2011-12-07 23:16 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam "= "c:\program files (x86)\steam\steam.exe" [2012-08-06 1353080]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"AlcoholAutomount "= "c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"CCWinTray "= "c:\windows\tray\wintmr.exe" [2009-07-13 6125256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck "= "c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"Ai Nap "= "c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2009-08-21 1427968]
"QFan Help "= "c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2009-08-19 603136]
"Cpu Level Up help "= "c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2009-08-21 887936]
"Habu "= "c:\program files (x86)\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"UVCSti "= "c:\program files (x86)\UVC Video Camera\UVCSti.exe" [2008-05-20 245760]
"RunUVC "= "c:\program files (x86)\UVC Video Camera\EffectDir\UVCtray.exe" [2008-05-20 7520256]
"GrooveMonitor "= "c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update "= "c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Lycosa "= "c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon "= "c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"ChicoSys "= "c:\windows\SysWOW64\cc32\webtmr.exe" [2009-07-13 5920968]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup) "= "c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-29 1089608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray "= "c:\windows\tray\wintmr.exe" [2009-07-13 6125256]
.
c:\users\Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Jacquie Lawson London Advent Calendar.lnk - c:\program files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe [N/A]
Jacquie Lawson Village Advent Calendar.lnk - c:\program files (x86)\Jacquie Lawson Village Advent Calendar\Jacquie Lawson Village Advent Calendar.exe [N/A]
.
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Jacquie Lawson London Advent Calendar.lnk - c:\program files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-22 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
"HideFastUserSwitching "= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs "=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@= "Service "
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ksupmgr;File-/Update Service;c:\windows\SysWOW64\ksupmgr.exe [2010-08-25 765592]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys [2010-09-07 38912]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-12-07 503352]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2011-11-07 126392]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 26624]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\Drivers\cam3820a.sys [2008-05-21 280064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 rt61x64;Gigabyte RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr6164.sys [2007-07-27 476160]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1235968]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 97969342
*NewlyCreated* - ASWSNX
*Deregistered* - 97969342
*Deregistered* - Chico
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 13:13]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 13:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=15153&l=dis
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2012-11-02 21:15; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2010-05-02 17:17; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-97969342.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AIM_6.0 - c:\program files (x86)\AIM6\uninst.exe
AddRemove-AIM_7 - c:\program files (x86)\AIM\uninst.exe
AddRemove-Child Control_is1 - c:\program files (x86)\Salfeld\Chico\unins001.exe
AddRemove-Finale 2011 - c:\program files (x86)\Finale 2011\uninstallFinale.exe
AddRemove-MegaSceneryX Las Vegas_is1 - c:\megasceneryx\LasVegas\unins000.exe
AddRemove-NetDevil_LEGO_Universe_is1 - c:\program files (x86)\LEGO Software\LEGO Universe\uninstall.exe
AddRemove-NortonPCCheckup - c:\program files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.17.20\InstStub.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1 - c:\program files (x86)\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath "= "\ "c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \ "PCCUJobMgr\" /m \ "c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker2 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-02 23:32:23
ComboFix-quarantined-files.txt 2012-11-03 03:32
.
Pre-Run: 150,457,331,712 bytes free
Post-Run: 159,343,403,008 bytes free
.
- - End Of File - - B4F7F33D35CE532285CF1FADEC785BC3

Jubis · 2012/11/02

I'm going to head to bed, as I have work in the morning. Thank you for all your help thus far! I will try to get any scans done that I can before I leave in the morning.

broni · 2012/11/02

Combofix log looks good.

Any current issues?

===============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Jubis · 2012/11/03

Good Morning! So far, no current issues that I'm noticing. Running scan now. Thank you again.

Log in or Sign up

Solved Malware saying I have a trojan

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

broni Moderator Malware Analyst

Jubis Inactive Thread Starter

broni Moderator Malware Analyst

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

broni Moderator Malware Analyst

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

broni Moderator Malware Analyst

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

broni Moderator Malware Analyst

Jubis Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Malware saying I have a trojan

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

broni Moderator Malware Analyst

Jubis Inactive Thread Starter

broni Moderator Malware Analyst

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

broni Moderator Malware Analyst

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

broni Moderator Malware Analyst

Jubis Inactive Thread Starter

Jubis Inactive Thread Starter

broni Moderator Malware Analyst

Jubis Inactive Thread Starter

Share This Page

Useful Searches