Windows 7 Crazy Activity

Ferdinkle · Jan 23, 2012

Everything was working fine until a couple days ago my computer kept popping up errors like "winrcsmd has stopped working". It kind of snow balled from there and now when I shutdown my computer it has to restore itself to an earlier time, and other times I get blue screens saying "dumping physical memory" during the boot up process, while other times my computer fails to boot up at all and shuts itself back down. Another thing that happened was that about 75% of my desktop shortcuts just disappeared at the same time. Other times while I'm using the computer I get these little popups on my desktop in the form of command prompt windows that appear for a split second and then go away. I have Norton and Anti-Malware scanners, but when they scan they pick up a file named svchost.exe and "fix" the file and this seems to cause an almost definite system restore on a reboot. I appreciate any and all help given to me with this matter. Below are the results from my DDS scan and I have attached the other files. I also do not have access to a windows install disc or boot disc.
=====================================
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Owner at 17:35:57 on 2012-01-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6071.4176 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\wuauclt.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p0395v1j5k4901r25n
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p0395v1j5k4901r25n
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p0395v1j5k4901r25n
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QimMTimICgL.exe] C:\ProgramData\QimMTimICgL.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{082BE348-52AC-445A-B695-26B527688921} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{80F30CD1-D611-42CA-A227-E08F6C6ED461} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RewardsArcade: {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll
BHO-X64: RewardsArcade - No File
BHO-X64: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll
BHO-X64: XfireXO - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Comcast Toolbar: {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
BHO-X64: Comcast Toolbar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB-X64: Comcast Toolbar: {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
TB-X64: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QimMTimICgL.exe] C:\ProgramData\QimMTimICgL.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mtokxmke.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - Welcome to Facebook - Log In, Sign Up or Learn More
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111224&q=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120118.003\IDSviA64.sys [2012-1-19 488568]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-28 2314240]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-16 240160]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-21 138360]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\SYMNDISV.SYS --> C:\Windows\system32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-27 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-27 135664]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCWinSoft;ScreenCamera HR;C:\Windows\system32\DRIVERS\scrcamhrdrv_x64.sys --> C:\Windows\system32\DRIVERS\scrcamhrdrv_x64.sys [?]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2012-01-22 23:26:12 388096 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-22 23:26:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-22 07:26:07 -------- d-----w- C:\Users\Owner\AppData\Local\{332B5619-794A-4419-B417-33FFCB502BE7}
2012-01-22 07:25:55 -------- d-----w- C:\Users\Owner\AppData\Local\{B992586C-F4BB-49B0-89E9-AD4A801B7CCB}
2012-01-17 19:42:25 -------- d-----w- C:\Users\Owner\riotsGamesLogs
2012-01-17 19:42:09 -------- d-----w- C:\Users\Owner\AppData\Roaming\LolClient
2012-01-17 19:31:27 -------- d-----w- C:\Users\Owner\AppData\Local\{70FC3614-D960-46AD-BE09-CB456581464D}
2012-01-17 19:31:11 -------- d-----w- C:\Users\Owner\AppData\Local\{804B46C8-A8B2-4653-A34C-9064468EDF32}
2012-01-17 19:18:07 -------- d-----w- C:\Riot Games
2012-01-17 19:03:03 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-01-17 19:03:03 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-01-17 19:03:01 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-01-14 23:03:09 20480 ----a-w- C:\Windows\svchost.exe
2012-01-14 20:50:55 -------- d-----w- C:\Users\Owner\AppData\Local\{7D06BC77-73DD-4540-92D2-120EF2FD50DF}
2012-01-12 02:12:23 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-12 02:12:23 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-12 02:12:22 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-12 02:12:20 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-12 02:12:14 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-12 02:12:14 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-12 02:12:05 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-12 02:12:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-12 02:03:20 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-01-12 02:03:15 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-01-12 02:03:03 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-01-12 02:00:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-01-12 01:59:11 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-01-12 01:57:51 3141632 ----a-w- C:\Windows\System32\win32k.sys
2012-01-12 01:53:48 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-01-10 17:00:01 -------- d-----w- C:\Users\Owner\AppData\Local\Symantec
2012-01-07 17:44:41 -------- d-----w- C:\Users\Owner\AppData\Local\Ubisoft Game Launcher
2012-01-07 17:43:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\Ubisoft
2012-01-07 17:42:02 517960 ----a-w- C:\Windows\System32\XAudio2_5.dll
2012-01-07 17:42:02 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2012-01-07 17:42:02 238936 ----a-w- C:\Windows\SysWow64\xactengine3_5.dll
2012-01-07 17:42:02 176968 ----a-w- C:\Windows\System32\xactengine3_5.dll
2012-01-07 17:42:00 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll
2012-01-07 17:42:00 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-01-05 21:58:50 -------- d--h--w- C:\Program Files\iPod
2012-01-05 21:58:49 -------- d--h--w- C:\Program Files\iTunes
2012-01-05 21:58:49 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-05 21:56:59 -------- d--h--w- C:\Program Files\Bonjour
2012-01-05 21:56:59 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-12-30 22:48:49 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-30 22:48:49 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-30 22:48:49 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-30 22:48:49 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-12-29 17:16:33 -------- d-----w- C:\Users\Owner\AppData\Local\Conduit
2011-12-29 17:07:54 -------- d-----w- C:\Users\Owner\AppData\Local\PackageAware
2011-12-28 19:44:26 -------- d-----w- C:\Users\Owner\AppData\Local\{E85FF8AE-6811-4FF3-8524-CD8752670A1B}
2011-12-24 22:14:52 -------- d-----w- C:\Users\Owner\AppData\Local\RewardsArcade
2011-12-24 22:14:52 -------- d-----w- C:\Program Files (x86)\RewardsArcade
2011-12-24 22:14:37 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar
.
==================== Find3M ====================
.
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 17:38:35.04 ===============

Ferdinkle · Jan 24, 2012

Can anyone help me on this issue?

Ferdinkle · Jan 28, 2012

To the top.

Ried · Jan 28, 2012

Hello Ferdinkle,

In addition to roque on this machine, it sounds like you also have Pihar bootkit. Before we begin any fixes, I'd like to gather more info. Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Ferdinkle · Jan 28, 2012

I ran the scan and it did detect a bootkit, I selected skip and attached is the log.

Ried · Jan 29, 2012

Thanks.

It's important that you carry out the steps in the order listed below.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

Don't run it just yet.

===================================

Run TDSSKiller again, and this time let it Cure the bootkit.

Reboot when instructed to, then upon reboot ---

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt and the log from TDSSKiller in your next reply for further review.

Ferdinkle · Jan 29, 2012

Okay, I ran both programs and during the ComboFix my Norton popped up because it detected something called "Backdoor.cycbot". I thought I had turned Norton off because I followed the procedures in your sticky topic link, but obviously I hadn't. Attached are the log from both scans and as far as the Backdoor.Cycbot that Norton picked up, Norton claims to have removed it.

12:44:09.0064 4308 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
12:44:09.0185 4308 ============================================================
12:44:09.0185 4308 Current date / time: 2012/01/29 12:44:09.0185
12:44:09.0185 4308 SystemInfo:
12:44:09.0185 4308
12:44:09.0185 4308 OS Version: 6.1.7600 ServicePack: 0.0
12:44:09.0185 4308 Product type: Workstation
12:44:09.0185 4308 ComputerName: OWNER-PC
12:44:09.0185 4308 UserName: Owner
12:44:09.0185 4308 Windows directory: C:\Windows
12:44:09.0185 4308 System windows directory: C:\Windows
12:44:09.0185 4308 Running under WOW64
12:44:09.0185 4308 Processor architecture: Intel x64
12:44:09.0185 4308 Number of processors: 4
12:44:09.0185 4308 Page size: 0x1000
12:44:09.0185 4308 Boot type: Normal boot
12:44:09.0185 4308 ============================================================
12:44:09.0631 4308 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:44:10.0287 4308 Initialize success
12:44:11.0398 7936 ============================================================
12:44:11.0399 7936 Scan started
12:44:11.0399 7936 Mode: Manual;
12:44:11.0399 7936 ============================================================
12:44:12.0852 7936 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:44:12.0854 7936 1394ohci - ok
12:44:12.0971 7936 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:44:12.0974 7936 ACPI - ok
12:44:13.0043 7936 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:44:13.0044 7936 AcpiPmi - ok
12:44:13.0135 7936 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:44:13.0139 7936 adp94xx - ok
12:44:13.0224 7936 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:44:13.0226 7936 adpahci - ok
12:44:13.0313 7936 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:44:13.0315 7936 adpu320 - ok
12:44:13.0403 7936 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
12:44:13.0408 7936 AFD - ok
12:44:13.0697 7936 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:44:13.0698 7936 agp440 - ok
12:44:13.0818 7936 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:44:13.0818 7936 aliide - ok
12:44:13.0832 7936 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:44:13.0832 7936 amdide - ok
12:44:13.0856 7936 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:44:13.0857 7936 AmdK8 - ok
12:44:14.0065 7936 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
12:44:14.0102 7936 amdkmdag - ok
12:44:14.0128 7936 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys
12:44:14.0129 7936 amdkmdap - ok
12:44:14.0157 7936 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:44:14.0157 7936 AmdPPM - ok
12:44:14.0193 7936 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:44:14.0194 7936 amdsata - ok
12:44:14.0240 7936 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:44:14.0241 7936 amdsbs - ok
12:44:14.0256 7936 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:44:14.0257 7936 amdxata - ok
12:44:14.0293 7936 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:44:14.0294 7936 AppID - ok
12:44:14.0331 7936 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:44:14.0332 7936 arc - ok
12:44:14.0349 7936 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:44:14.0349 7936 arcsas - ok
12:44:14.0404 7936 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:44:14.0404 7936 AsyncMac - ok
12:44:14.0420 7936 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:44:14.0421 7936 atapi - ok
12:44:14.0522 7936 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:44:14.0526 7936 b06bdrv - ok
12:44:14.0563 7936 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:44:14.0565 7936 b57nd60a - ok
12:44:14.0607 7936 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:44:14.0607 7936 Beep - ok
12:44:14.0707 7936 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys
12:44:14.0709 7936 BHDrvx64 - ok
12:44:14.0738 7936 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:44:14.0739 7936 blbdrive - ok
12:44:14.0784 7936 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:44:14.0784 7936 bowser - ok
12:44:14.0808 7936 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:44:14.0808 7936 BrFiltLo - ok
12:44:14.0822 7936 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:44:14.0822 7936 BrFiltUp - ok
12:44:14.0849 7936 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:44:14.0850 7936 Brserid - ok
12:44:14.0867 7936 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:44:14.0868 7936 BrSerWdm - ok
12:44:14.0884 7936 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:44:14.0885 7936 BrUsbMdm - ok
12:44:14.0897 7936 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:44:14.0897 7936 BrUsbSer - ok
12:44:14.0932 7936 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:44:14.0932 7936 BTHMODEM - ok
12:44:15.0036 7936 ccHP (a2e6ab452b9393ca8d11d28827e0e1a1) C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys
12:44:15.0039 7936 ccHP - ok
12:44:15.0058 7936 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:44:15.0059 7936 cdfs - ok
12:44:15.0084 7936 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:44:15.0085 7936 cdrom - ok
12:44:15.0114 7936 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:44:15.0114 7936 circlass - ok
12:44:15.0144 7936 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:44:15.0146 7936 CLFS - ok
12:44:15.0198 7936 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:44:15.0198 7936 CmBatt - ok
12:44:15.0218 7936 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:44:15.0218 7936 cmdide - ok
12:44:15.0245 7936 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
12:44:15.0247 7936 CNG - ok
12:44:15.0254 7936 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:44:15.0254 7936 Compbatt - ok
12:44:15.0278 7936 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:44:15.0278 7936 CompositeBus - ok
12:44:15.0297 7936 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:44:15.0298 7936 crcdisk - ok
12:44:15.0350 7936 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:44:15.0351 7936 DfsC - ok
12:44:15.0360 7936 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:44:15.0360 7936 discache - ok
12:44:15.0376 7936 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:44:15.0377 7936 Disk - ok
12:44:15.0404 7936 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:44:15.0404 7936 drmkaud - ok
12:44:15.0418 7936 dump_wmimmc - ok
12:44:15.0470 7936 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:44:15.0475 7936 DXGKrnl - ok
12:44:15.0516 7936 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys
12:44:15.0517 7936 e1kexpress - ok
12:44:15.0538 7936 EagleX64 - ok
12:44:15.0634 7936 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:44:15.0655 7936 ebdrv - ok
12:44:15.0761 7936 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:44:15.0766 7936 eeCtrl - ok
12:44:15.0872 7936 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:44:15.0875 7936 elxstor - ok
12:44:16.0008 7936 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:44:16.0010 7936 EraserUtilRebootDrv - ok
12:44:16.0037 7936 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:44:16.0038 7936 ErrDev - ok
12:44:16.0065 7936 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:44:16.0068 7936 exfat - ok
12:44:16.0086 7936 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:44:16.0088 7936 fastfat - ok
12:44:16.0107 7936 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:44:16.0108 7936 fdc - ok
12:44:16.0141 7936 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:44:16.0142 7936 FileInfo - ok
12:44:16.0161 7936 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:44:16.0162 7936 Filetrace - ok
12:44:16.0181 7936 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:44:16.0181 7936 flpydisk - ok
12:44:16.0207 7936 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:44:16.0210 7936 FltMgr - ok
12:44:16.0238 7936 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:44:16.0239 7936 FsDepends - ok
12:44:16.0254 7936 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:44:16.0255 7936 Fs_Rec - ok
12:44:16.0313 7936 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:44:16.0315 7936 fvevol - ok
12:44:16.0339 7936 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:44:16.0340 7936 gagp30kx - ok
12:44:16.0386 7936 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:44:16.0387 7936 GEARAspiWDM - ok
12:44:16.0456 7936 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:44:16.0457 7936 hcw85cir - ok
12:44:16.0481 7936 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:44:16.0485 7936 HdAudAddService - ok
12:44:16.0508 7936 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:44:16.0509 7936 HDAudBus - ok
12:44:16.0543 7936 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:44:16.0544 7936 HECIx64 - ok
12:44:16.0555 7936 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:44:16.0556 7936 HidBatt - ok
12:44:16.0570 7936 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:44:16.0572 7936 HidBth - ok
12:44:16.0589 7936 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:44:16.0589 7936 HidIr - ok
12:44:16.0631 7936 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:44:16.0632 7936 HidUsb - ok
12:44:16.0653 7936 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:44:16.0654 7936 HpSAMD - ok
12:44:16.0680 7936 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:44:16.0687 7936 HTTP - ok
12:44:16.0714 7936 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:44:16.0714 7936 hwpolicy - ok
12:44:16.0744 7936 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:44:16.0746 7936 i8042prt - ok
12:44:16.0797 7936 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
12:44:16.0799 7936 iaStor - ok
12:44:16.0849 7936 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:44:16.0852 7936 iaStorV - ok
12:44:16.0981 7936 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120118.003\IDSvia64.sys
12:44:16.0985 7936 IDSVia64 - ok
12:44:17.0473 7936 igfx (404548917acaaa314165c2882b045c94) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:44:17.0632 7936 igfx - ok
12:44:17.0716 7936 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:44:17.0718 7936 iirsp - ok
12:44:17.0829 7936 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
12:44:17.0845 7936 IntcAzAudAddService - ok
12:44:17.0887 7936 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:44:17.0889 7936 IntcDAud - ok
12:44:17.0902 7936 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:44:17.0903 7936 intelide - ok
12:44:17.0914 7936 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:44:17.0915 7936 intelppm - ok
12:44:17.0938 7936 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:44:17.0939 7936 IpFilterDriver - ok
12:44:17.0961 7936 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:44:17.0962 7936 IPMIDRV - ok
12:44:17.0995 7936 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:44:17.0996 7936 IPNAT - ok
12:44:18.0064 7936 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:44:18.0065 7936 IRENUM - ok
12:44:18.0077 7936 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:44:18.0078 7936 isapnp - ok
12:44:18.0100 7936 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:44:18.0103 7936 iScsiPrt - ok
12:44:18.0138 7936 JRAID (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys
12:44:18.0139 7936 JRAID - ok
12:44:18.0158 7936 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:44:18.0159 7936 kbdclass - ok
12:44:18.0173 7936 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:44:18.0174 7936 kbdhid - ok
12:44:18.0193 7936 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
12:44:18.0194 7936 KSecDD - ok
12:44:18.0231 7936 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
12:44:18.0233 7936 KSecPkg - ok
12:44:18.0250 7936 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:44:18.0251 7936 ksthunk - ok
12:44:18.0285 7936 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:44:18.0286 7936 lltdio - ok
12:44:18.0340 7936 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:44:18.0341 7936 LSI_FC - ok
12:44:18.0355 7936 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:44:18.0356 7936 LSI_SAS - ok
12:44:18.0376 7936 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:44:18.0376 7936 LSI_SAS2 - ok
12:44:18.0398 7936 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:44:18.0399 7936 LSI_SCSI - ok
12:44:18.0418 7936 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:44:18.0420 7936 luafv - ok
12:44:18.0460 7936 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:44:18.0461 7936 megasas - ok
12:44:18.0485 7936 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:44:18.0488 7936 MegaSR - ok
12:44:18.0509 7936 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:44:18.0510 7936 Modem - ok
12:44:18.0553 7936 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:44:18.0554 7936 monitor - ok
12:44:18.0578 7936 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:44:18.0579 7936 mouclass - ok
12:44:18.0602 7936 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:44:18.0603 7936 mouhid - ok
12:44:18.0622 7936 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:44:18.0623 7936 mountmgr - ok
12:44:18.0643 7936 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:44:18.0645 7936 mpio - ok
12:44:18.0662 7936 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:44:18.0663 7936 mpsdrv - ok
12:44:18.0683 7936 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:44:18.0685 7936 MRxDAV - ok
12:44:18.0714 7936 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:44:18.0716 7936 mrxsmb - ok
12:44:18.0754 7936 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:44:18.0757 7936 mrxsmb10 - ok
12:44:18.0775 7936 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:44:18.0776 7936 mrxsmb20 - ok
12:44:18.0796 7936 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:44:18.0796 7936 msahci - ok
12:44:18.0817 7936 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:44:18.0819 7936 msdsm - ok
12:44:18.0836 7936 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:44:18.0836 7936 Msfs - ok
12:44:18.0849 7936 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:44:18.0850 7936 mshidkmdf - ok
12:44:18.0865 7936 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:44:18.0866 7936 msisadrv - ok
12:44:18.0893 7936 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:44:18.0894 7936 MSKSSRV - ok
12:44:18.0912 7936 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:44:18.0912 7936 MSPCLOCK - ok
12:44:18.0928 7936 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:44:18.0929 7936 MSPQM - ok
12:44:18.0948 7936 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:44:18.0951 7936 MsRPC - ok
12:44:18.0960 7936 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:44:18.0960 7936 mssmbios - ok
12:44:18.0992 7936 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:44:18.0992 7936 MSTEE - ok
12:44:19.0109 7936 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:44:19.0110 7936 MTConfig - ok
12:44:19.0126 7936 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:44:19.0128 7936 Mup - ok
12:44:19.0160 7936 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:44:19.0163 7936 NativeWifiP - ok
12:44:19.0268 7936 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120122.004\ENG64.SYS
12:44:19.0270 7936 NAVENG - ok
12:44:19.0352 7936 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120122.004\EX64.SYS
12:44:19.0380 7936 NAVEX15 - ok
12:44:19.0433 7936 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:44:19.0442 7936 NDIS - ok
12:44:19.0457 7936 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:44:19.0458 7936 NdisCap - ok
12:44:19.0489 7936 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:44:19.0489 7936 NdisTapi - ok
12:44:19.0511 7936 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:44:19.0512 7936 Ndisuio - ok
12:44:19.0539 7936 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:44:19.0541 7936 NdisWan - ok
12:44:19.0563 7936 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:44:19.0564 7936 NDProxy - ok
12:44:19.0581 7936 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:44:19.0581 7936 NetBIOS - ok
12:44:19.0678 7936 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:44:19.0680 7936 NetBT - ok
12:44:19.0754 7936 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:44:19.0755 7936 nfrd960 - ok
12:44:19.0786 7936 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:44:19.0786 7936 Npfs - ok
12:44:19.0804 7936 NPPTNT2 - ok
12:44:19.0990 7936 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:44:19.0991 7936 nsiproxy - ok
12:44:20.0123 7936 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:44:20.0159 7936 Ntfs - ok
12:44:20.0178 7936 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:44:20.0179 7936 Null - ok
12:44:20.0220 7936 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
12:44:20.0221 7936 nvraid - ok
12:44:20.0244 7936 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
12:44:20.0246 7936 nvstor - ok
12:44:20.0266 7936 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:44:20.0268 7936 nv_agp - ok
12:44:20.0290 7936 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:44:20.0291 7936 ohci1394 - ok
12:44:20.0345 7936 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:44:20.0346 7936 Parport - ok
12:44:20.0364 7936 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:44:20.0365 7936 partmgr - ok
12:44:20.0388 7936 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:44:20.0390 7936 pci - ok
12:44:20.0409 7936 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:44:20.0410 7936 pciide - ok
12:44:20.0433 7936 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:44:20.0435 7936 pcmcia - ok
12:44:20.0458 7936 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:44:20.0459 7936 pcw - ok
12:44:20.0506 7936 PCWinSoft (65129b3eac0b0f630dc5eb4e9e28aeca) C:\Windows\system32\DRIVERS\scrcamhrdrv_x64.sys
12:44:20.0508 7936 PCWinSoft - ok
12:44:20.0543 7936 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:44:20.0548 7936 PEAUTH - ok
12:44:20.0592 7936 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:44:20.0593 7936 PptpMiniport - ok
12:44:20.0611 7936 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:44:20.0612 7936 Processor - ok
12:44:20.0724 7936 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:44:20.0726 7936 Psched - ok
12:44:20.0809 7936 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:44:20.0811 7936 PxHlpa64 - ok
12:44:20.0867 7936 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:44:20.0903 7936 ql2300 - ok
12:44:20.0928 7936 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:44:20.0930 7936 ql40xx - ok
12:44:20.0953 7936 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:44:20.0954 7936 QWAVEdrv - ok
12:44:20.0974 7936 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:44:20.0975 7936 RasAcd - ok
12:44:20.0998 7936 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:44:20.0999 7936 RasAgileVpn - ok
12:44:21.0018 7936 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:44:21.0020 7936 Rasl2tp - ok
12:44:21.0037 7936 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:44:21.0038 7936 RasPppoe - ok
12:44:21.0053 7936 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:44:21.0054 7936 RasSstp - ok
12:44:21.0069 7936 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:44:21.0071 7936 rdbss - ok
12:44:21.0078 7936 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:44:21.0079 7936 rdpbus - ok
12:44:21.0106 7936 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:44:21.0107 7936 RDPCDD - ok
12:44:21.0126 7936 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:44:21.0127 7936 RDPENCDD - ok
12:44:21.0142 7936 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:44:21.0143 7936 RDPREFMP - ok
12:44:21.0173 7936 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:44:21.0175 7936 RDPWD - ok
12:44:21.0193 7936 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:44:21.0195 7936 rdyboost - ok
12:44:21.0222 7936 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:44:21.0223 7936 rspndr - ok
12:44:21.0276 7936 RTL8192su (4ce333ac701c4bd2e3eff721c0db2526) C:\Windows\system32\DRIVERS\RTL8192su.sys
12:44:21.0279 7936 RTL8192su - ok
12:44:21.0295 7936 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:44:21.0296 7936 sbp2port - ok
12:44:21.0313 7936 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:44:21.0313 7936 scfilter - ok
12:44:21.0366 7936 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:44:21.0367 7936 secdrv - ok
12:44:21.0386 7936 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:44:21.0387 7936 Serenum - ok
12:44:21.0410 7936 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:44:21.0412 7936 Serial - ok
12:44:21.0432 7936 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:44:21.0433 7936 sermouse - ok
12:44:21.0453 7936 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:44:21.0453 7936 sffdisk - ok
12:44:21.0462 7936 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:44:21.0463 7936 sffp_mmc - ok
12:44:21.0482 7936 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:44:21.0483 7936 sffp_sd - ok
12:44:21.0498 7936 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:44:21.0499 7936 sfloppy - ok
12:44:21.0536 7936 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:44:21.0537 7936 SiSRaid2 - ok
12:44:21.0552 7936 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:44:21.0554 7936 SiSRaid4 - ok
12:44:21.0584 7936 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:44:21.0586 7936 Smb - ok
12:44:21.0614 7936 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:44:21.0615 7936 spldr - ok
12:44:21.0710 7936 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS
12:44:21.0715 7936 SRTSP - ok
12:44:21.0729 7936 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS
12:44:21.0729 7936 SRTSPX - ok
12:44:21.0770 7936 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:44:21.0775 7936 srv - ok
12:44:21.0798 7936 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:44:21.0803 7936 srv2 - ok
12:44:21.0847 7936 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:44:21.0849 7936 srvnet - ok
12:44:21.0899 7936 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:44:21.0900 7936 stexstor - ok
12:44:21.0936 7936 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:44:21.0936 7936 swenum - ok
12:44:21.0966 7936 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS
12:44:21.0969 7936 SymEFA - ok
12:44:22.0004 7936 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:44:22.0006 7936 SymEvent - ok
12:44:22.0026 7936 SYMFW (b4af6633ecd674b74bd4e80788299d2a) C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS
12:44:22.0027 7936 SYMFW - ok
12:44:22.0077 7936 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
12:44:22.0079 7936 SymIM - ok
12:44:22.0093 7936 SYMNDISV (d451a05f7e7b9d1f9f8fb76b2a16d786) C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS
12:44:22.0094 7936 SYMNDISV - ok
12:44:22.0129 7936 SYMTDI (33b37cb0a74f1f4b78a665ece9184095) C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS
12:44:22.0132 7936 SYMTDI - ok
12:44:22.0222 7936 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
12:44:22.0251 7936 Tcpip - ok
12:44:22.0278 7936 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
12:44:22.0286 7936 TCPIP6 - ok
12:44:22.0324 7936 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:44:22.0325 7936 tcpipreg - ok
12:44:22.0345 7936 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:44:22.0345 7936 TDPIPE - ok
12:44:22.0365 7936 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:44:22.0365 7936 TDTCP - ok
12:44:22.0380 7936 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:44:22.0381 7936 tdx - ok
12:44:22.0401 7936 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:44:22.0403 7936 TermDD - ok
12:44:22.0439 7936 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:44:22.0440 7936 tssecsrv - ok
12:44:22.0464 7936 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:44:22.0466 7936 tunnel - ok
12:44:22.0489 7936 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:44:22.0490 7936 uagp35 - ok
12:44:22.0511 7936 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
12:44:22.0514 7936 udfs - ok
12:44:22.0551 7936 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:44:22.0552 7936 uliagpkx - ok
12:44:22.0570 7936 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:44:22.0571 7936 umbus - ok
12:44:22.0594 7936 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:44:22.0594 7936 UmPass - ok
12:44:22.0654 7936 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:44:22.0656 7936 USBAAPL64 - ok
12:44:22.0685 7936 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
12:44:22.0687 7936 usbaudio - ok
12:44:22.0724 7936 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
12:44:22.0725 7936 usbccgp - ok
12:44:22.0741 7936 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:44:22.0742 7936 usbcir - ok
12:44:22.0795 7936 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
12:44:22.0796 7936 usbehci - ok
12:44:22.0895 7936 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
12:44:22.0900 7936 usbhub - ok
12:44:22.0932 7936 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
12:44:22.0933 7936 usbohci - ok
12:44:22.0955 7936 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:44:22.0956 7936 usbprint - ok
12:44:22.0998 7936 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:44:22.0999 7936 usbscan - ok
12:44:23.0027 7936 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:44:23.0028 7936 USBSTOR - ok
12:44:23.0064 7936 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
12:44:23.0065 7936 usbuhci - ok
12:44:23.0134 7936 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
12:44:23.0137 7936 usbvideo - ok
12:44:23.0172 7936 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:44:23.0172 7936 vdrvroot - ok
12:44:23.0198 7936 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:44:23.0199 7936 vga - ok
12:44:23.0219 7936 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:44:23.0220 7936 VgaSave - ok
12:44:23.0239 7936 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:44:23.0241 7936 vhdmp - ok
12:44:23.0249 7936 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:44:23.0250 7936 viaide - ok
12:44:23.0266 7936 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:44:23.0267 7936 volmgr - ok
12:44:23.0281 7936 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:44:23.0284 7936 volmgrx - ok
12:44:23.0301 7936 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:44:23.0303 7936 volsnap - ok
12:44:23.0324 7936 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:44:23.0326 7936 vsmraid - ok
12:44:23.0341 7936 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:44:23.0341 7936 vwifibus - ok
12:44:23.0369 7936 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:44:23.0371 7936 vwififlt - ok
12:44:23.0395 7936 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:44:23.0395 7936 WacomPen - ok
12:44:23.0427 7936 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:44:23.0428 7936 WANARP - ok
12:44:23.0441 7936 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:44:23.0442 7936 Wanarpv6 - ok
12:44:23.0470 7936 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:44:23.0470 7936 Wd - ok
12:44:23.0500 7936 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:44:23.0503 7936 Wdf01000 - ok
12:44:23.0524 7936 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:44:23.0525 7936 WfpLwf - ok
12:44:23.0541 7936 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:44:23.0541 7936 WIMMount - ok
12:44:23.0614 7936 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
12:44:23.0614 7936 WinUsb - ok
12:44:23.0627 7936 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:44:23.0628 7936 WmiAcpi - ok
12:44:23.0696 7936 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:44:23.0696 7936 ws2ifsl - ok
12:44:23.0716 7936 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:44:23.0717 7936 WudfPf - ok
12:44:23.0731 7936 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:44:23.0732 7936 WUDFRd - ok
12:44:23.0760 7936 MBR (0x1B8) (98c463cba70ed23d2549b17f914eb467) \Device\Harddisk0\DR0
12:44:23.0779 7936 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:44:23.0779 7936 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:44:23.0807 7936 Boot (0x1200) (4e7fb5fd9ff8afdeb6c96d7f2d6e1a56) \Device\Harddisk0\DR0\Partition0
12:44:23.0808 7936 \Device\Harddisk0\DR0\Partition0 - ok
12:44:23.0817 7936 Boot (0x1200) (55074309a8d867798b57f5c1c8313d65) \Device\Harddisk0\DR0\Partition1
12:44:23.0818 7936 \Device\Harddisk0\DR0\Partition1 - ok
12:44:23.0818 7936 ============================================================
12:44:23.0818 7936 Scan finished
12:44:23.0818 7936 ============================================================
12:44:23.0826 6616 Detected object count: 1
12:44:23.0826 6616 Actual detected object count: 1
12:44:27.0052 6616 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:44:27.0052 6616 \Device\Harddisk0\DR0 - ok
12:44:27.0053 6616 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:44:28.0971 6944 Deinitialize success

ComboFix 12-01-29.02 - Owner 01/29/2012 13:02:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6071.4274 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\9F05\1A1F.tmp
c:\program files (x86)\RewardsArcade
c:\program files (x86)\RewardsArcade\appAPIinternalWrapper.js
c:\program files (x86)\RewardsArcade\fb.js
c:\program files (x86)\RewardsArcade\jquery.js
c:\program files (x86)\RewardsArcade\json.js
c:\program files (x86)\RewardsArcade\RewardsArcade.dll
c:\program files (x86)\RewardsArcade\RewardsArcade.exe
c:\program files (x86)\RewardsArcade\Uninstall.exe
c:\program files (x86)\RewardsArcade\UserConfirmation.exe
c:\programdata\clq0s5m8gtwu
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mtokxmke.default\searchplugins\bing-zugo.xml
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 19:18 . 2012-01-29 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-29 18:52 . 2012-01-29 18:52 127 ----a-w- c:\users\Owner\AppData\Roaming\Microsoft\9F05\bl408348_64.bat
2012-01-29 18:49 . 2012-01-29 18:49 99840 ----a-w- c:\users\Owner\AppData\Roaming\Microsoft\9F05\4A86.tmp
2012-01-29 18:48 . 2012-01-29 18:48 -------- d-----w- c:\users\Owner\AppData\Roaming\FCCBE
2012-01-29 18:48 . 2012-01-29 18:48 -------- d-----w- c:\users\Owner\AppData\Roaming\5ACFC
2012-01-29 18:48 . 2012-01-29 18:52 282112 ----a-w- c:\users\Owner\AppData\Roaming\Microsoft\9F05\BA6.exe
2012-01-24 22:13 . 2012-01-24 22:13 -------- d-----w- c:\programdata\Premium
2012-01-24 22:12 . 2012-01-24 22:14 -------- d-----w- c:\programdata\InstallMate
2012-01-23 05:22 . 2012-01-23 05:22 -------- d-----w- c:\program files (x86)\FCCBE
2012-01-22 23:26 . 2012-01-22 23:26 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-22 23:26 . 2012-01-22 23:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-17 19:42 . 2012-01-29 00:32 -------- d-----w- c:\users\Owner\riotsGamesLogs
2012-01-17 19:42 . 2012-01-17 19:42 -------- d-----w- c:\users\Owner\AppData\Roaming\LolClient
2012-01-17 19:18 . 2012-01-17 19:18 -------- d-----w- C:\Riot Games
2012-01-17 19:03 . 2008-07-12 14:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-01-17 19:03 . 2008-07-12 14:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-01-17 19:03 . 2008-07-12 14:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-01-12 02:12 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 02:12 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 02:12 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 02:12 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 02:12 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 02:12 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 02:12 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 02:12 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-12 02:03 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-01-12 02:03 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-01-12 02:03 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-12 02:00 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-01-12 01:59 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-12 01:57 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2012-01-12 01:53 . 2012-01-12 01:53 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-10 17:00 . 2012-01-10 17:00 -------- d-----w- c:\users\Owner\AppData\Local\Symantec
2012-01-07 17:44 . 2012-01-07 18:02 -------- d-----w- c:\users\Owner\AppData\Local\Ubisoft Game Launcher
2012-01-07 17:43 . 2012-01-07 17:43 -------- d-----w- c:\users\Owner\AppData\Roaming\Ubisoft
2012-01-07 17:43 . 2012-01-07 17:43 -------- d-----w- c:\programdata\Ubisoft
2012-01-07 17:42 . 2012-01-07 17:42 -------- d-----w- c:\program files (x86)\Ubisoft
2012-01-07 17:42 . 2009-09-04 23:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-01-07 17:42 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2012-01-07 17:42 . 2009-09-04 23:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2012-01-07 17:42 . 2009-09-04 23:44 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-01-07 17:42 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-01-07 17:42 . 2009-09-04 23:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-01-05 21:58 . 2012-01-05 21:58 -------- d--h--w- c:\program files\iPod
2012-01-05 21:58 . 2012-01-21 16:41 -------- d-----w- c:\program files (x86)\iTunes
2012-01-05 21:58 . 2012-01-05 21:59 -------- d--h--w- c:\program files\iTunes
2012-01-05 21:56 . 2012-01-21 16:41 -------- d--h--w- c:\program files\Bonjour
2012-01-05 21:56 . 2012-01-05 21:57 -------- d-----w- c:\program files (x86)\Bonjour
2011-12-30 22:48 . 2011-12-30 22:48 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-30 22:48 . 2011-12-30 22:48 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-30 22:48 . 2011-12-30 22:48 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-30 22:48 . 2011-12-30 22:48 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 19:24 . 2012-01-29 19:24 744448 ----a-w- c:\users\Owner\AppData\Roaming\Microsoft\9F05\9E91.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\XfireXO\prxtbXfi0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfi0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
"BA6.exe"="c:\users\Owner\AppData\Roaming\Microsoft\9F05\BA6.exe" [2012-01-29 282112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-08-03 498160]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200]
"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCWinSoft;ScreenCamera HR;c:\windows\system32\DRIVERS\scrcamhrdrv_x64.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120126.003\IDSvia64.sys [2011-11-30 488568]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-21 138360]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 01:51]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 01:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-08 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-08 408600]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p0395v1j5k4901r25n
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uInternet Settings,ProxyServer = http=127.0.0.1:60222
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mtokxmke.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - Welcome to Facebook - Log In, Sign Up or Learn More
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111224&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60222
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-QimMTimICgL.exe - c:\programdata\QimMTimICgL.exe
Wow6432Node-HKLM-Run-BA6.exe - c:\program files (x86)\LP\9F05\BA6.exe
Toolbar-Locked - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{E85781E1-08F4-413E-86A1-CCEF4E1B12CB}\Best Buy Software Installer Setup.exe
AddRemove-RewardsArcade - c:\program files (x86)\RewardsArcade\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3278768672-221522244-4216984395-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3278768672-221522244-4216984395-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-01-29 13:33:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-29 19:33
.
Pre-Run: 827,995,308,032 bytes free
Post-Run: 829,659,537,408 bytes free
.
- - End Of File - - 7605F138C48E773DA3F130EDA0F1E769

Ried · Jan 30, 2012

Norton did not effectively remove it, but we'll get it in this round.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Open notepad and copy/paste the text in the code box below into it:

http://www.techsupportforum.com/forums/f50/windows-7-crazy-activity-626094.html#post3605714

Collect::
c:\users\Owner\AppData\Roaming\Microsoft\9F05\9E91.exe
c:\users\Owner\AppData\Roaming\Microsoft\9F05\BA6.exe
c:\users\Owner\AppData\Roaming\Microsoft\9F05\bl408348_64.bat
c:\users\Owner\AppData\Roaming\Microsoft\9F05\4A86.tmp

Folder::
c:\users\Owner\AppData\Roaming\Microsoft\9F05
c:\users\Owner\AppData\Roaming\FCCBE
c:\users\Owner\AppData\Roaming\5ACFC
c:\program files (x86)\FCCBE

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:60222

Firefox::
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60222
FF - prefs.js: network.proxy.type - 1

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you. Post the C:\ComboFix.txt in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

How is the machine behaving now?

Ferdinkle · Jan 31, 2012

Okay, I ran Combo Fix and the only real problem after I ran the fix was that my browser had set itself to use a proxy and it wouldn't display any webpages, so I set my proxy settings to No proxy. Other than that the machine is running much more smoothly, not to mention the boot up time has been virtually cut to nothing compared to what it was taking to boot up.

ComboFix 12-01-30.02 - Owner 01/30/2012 14:49:38.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6071.4172 [GMT -6:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FCCBE
c:\program files (x86)\LP
c:\program files (x86)\LP\9F05\BA6.exe
c:\users\Owner\AppData\Roaming\5ACFC
c:\users\Owner\AppData\Roaming\5ACFC\CCBE.ACF
c:\users\Owner\AppData\Roaming\FCCBE
c:\users\Owner\AppData\Roaming\firefox.exe
c:\users\Owner\AppData\Roaming\Microsoft\9F05
c:\users\Owner\AppData\Roaming\Microsoft\9F05\642E.tmp
c:\users\Owner\AppData\Roaming\Microsoft\9F05\6F18.tmp
c:\users\Owner\AppData\Roaming\Microsoft\9F05\711.tmp
c:\users\Owner\AppData\Roaming\Microsoft\9F05\80.tmp
c:\users\Owner\AppData\Roaming\Microsoft\9F05\9E91.tmp
c:\users\Owner\AppData\Roaming\Microsoft\9F05\BA6.exe
c:\users\Owner\AppData\Roaming\Microsoft\9F05\bl408348_64.bat
c:\users\Owner\AppData\Roaming\Microsoft\9F05\FD54.tmp
c:\windows\Tasks\At1.job
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 21:00 . 2012-01-30 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-24 22:13 . 2012-01-24 22:13 -------- d-----w- c:\programdata\Premium
2012-01-24 22:12 . 2012-01-24 22:14 -------- d-----w- c:\programdata\InstallMate
2012-01-22 23:26 . 2012-01-22 23:26 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-22 23:26 . 2012-01-22 23:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-17 19:42 . 2012-01-30 01:28 -------- d-----w- c:\users\Owner\riotsGamesLogs
2012-01-17 19:42 . 2012-01-17 19:42 -------- d-----w- c:\users\Owner\AppData\Roaming\LolClient
2012-01-17 19:18 . 2012-01-17 19:18 -------- d-----w- C:\Riot Games
2012-01-17 19:03 . 2008-07-12 14:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-01-17 19:03 . 2008-07-12 14:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-01-17 19:03 . 2008-07-12 14:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-01-12 02:12 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 02:12 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 02:12 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 02:12 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 02:12 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 02:12 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 02:12 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 02:12 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-12 02:03 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-01-12 02:03 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-01-12 02:03 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-12 02:00 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-01-12 01:59 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-12 01:57 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2012-01-12 01:53 . 2012-01-12 01:53 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-10 17:00 . 2012-01-10 17:00 -------- d-----w- c:\users\Owner\AppData\Local\Symantec
2012-01-07 17:44 . 2012-01-07 18:02 -------- d-----w- c:\users\Owner\AppData\Local\Ubisoft Game Launcher
2012-01-07 17:43 . 2012-01-07 17:43 -------- d-----w- c:\users\Owner\AppData\Roaming\Ubisoft
2012-01-07 17:43 . 2012-01-07 17:43 -------- d-----w- c:\programdata\Ubisoft
2012-01-07 17:42 . 2012-01-07 17:42 -------- d-----w- c:\program files (x86)\Ubisoft
2012-01-07 17:42 . 2009-09-04 23:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-01-07 17:42 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2012-01-07 17:42 . 2009-09-04 23:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2012-01-07 17:42 . 2009-09-04 23:44 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-01-07 17:42 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-01-07 17:42 . 2009-09-04 23:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-01-05 21:58 . 2012-01-05 21:58 -------- d--h--w- c:\program files\iPod
2012-01-05 21:58 . 2012-01-21 16:41 -------- d-----w- c:\program files (x86)\iTunes
2012-01-05 21:58 . 2012-01-05 21:59 -------- d--h--w- c:\program files\iTunes
2012-01-05 21:56 . 2012-01-21 16:41 -------- d--h--w- c:\program files\Bonjour
2012-01-05 21:56 . 2012-01-05 21:57 -------- d-----w- c:\program files (x86)\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( [email protected]_19.20.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-16 10:00 . 2012-01-30 21:04 68762 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-30 21:04 36214 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-28 02:15 . 2012-01-30 21:04 24692 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3278768672-221522244-4216984395-1000_UserData.bin
+ 2009-12-29 02:41 . 2012-01-30 01:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-29 02:41 . 2012-01-24 17:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-29 02:41 . 2012-01-24 17:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-29 02:41 . 2012-01-30 01:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-24 17:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-30 01:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-29 21:35 . 2012-01-29 21:35 25600 c:\windows\Installer\7d4ba8.msi
- 2012-01-29 19:19 . 2012-01-29 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-30 21:01 . 2012-01-30 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-30 21:01 . 2012-01-30 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-29 19:19 . 2012-01-29 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-01-30 21:01 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-29 19:19 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-01-30 21:00 359608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-29 19:18 359608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-01-29 19:19 5013504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-30 21:01 5013504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-29 19:19 13451264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-30 21:01 13451264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-01-29 19:05 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-01-30 10:32 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-03-16 04:15 . 2012-01-30 21:00 26475108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3278768672-221522244-4216984395-1000-8192.dat
- 2010-03-16 04:15 . 2012-01-29 19:18 26475108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3278768672-221522244-4216984395-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\XfireXO\prxtbXfi0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfi0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-08-03 498160]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200]
"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"BA6.exe"="c:\program files (x86)\LP\9F05\BA6.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCWinSoft;ScreenCamera HR;c:\windows\system32\DRIVERS\scrcamhrdrv_x64.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120126.003\IDSvia64.sys [2011-11-30 488568]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-21 138360]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 01:51]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 01:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-08 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-08 408600]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p0395v1j5k4901r25n
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mtokxmke.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - Welcome to Facebook - Log In, Sign Up or Learn More
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111224&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60222
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-BA6.exe - c:\users\Owner\AppData\Roaming\Microsoft\9F05\BA6.exe
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3278768672-221522244-4216984395-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3278768672-221522244-4216984395-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-01-30 15:12:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 21:12
ComboFix2.txt 2012-01-29 19:33
.
Pre-Run: 828,446,773,248 bytes free
Post-Run: 828,012,498,944 bytes free
.
- - End Of File - - 3B5F90B4995F91872A308239D3F072AD
Upload was successful

Ried · Feb 1, 2012

One more time.

Open notepad and copy/paste the text in the code box below into it:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BA6.exe"=-

Firefox::
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mtokxmke.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60222
FF - prefs.js: network.proxy.type - 1

Save this as CFScript.txt, and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************

Refering to the picture above, drag CFScript into ComboFix.exe

Please post the C:\ComboFix.txt in your next reply.

===========================

After you've run the CFScript, it's important to run an online scan to search for any remnants that may be lurking. Please go to here to run the online scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish
If any threats were found, click the 'List of found threats' , then click Export to text file....
Save it to your desktop, then please copy and paste that log as a reply to this topic.

Ferdinkle · Feb 7, 2012

Okay, I finally got to run both of those and here are the results.

Ried · Feb 9, 2012

Hi,

It is recommended that you uninstall FrostWire 4.21.8. P2P downloads in particular, are a problem. Even if you are using a "safe" P2P program, it is only the program itself that is safe. You will be sharing files from uncertified sources, and these are often files that have been put up by the bad guys as a major conduit to spread their wares.

After you've uninstalled Frostwire, be sure the folder and the .exe have been deleted as well. You'll find them located in the following folders:

C:\Users\Owner\AppData\Roaming\FrostWire
C:\Users\Owner\Downloads\frostwire-4.21.3.windows.exe

=============================

Where did you download installer_exe_icon_changer_ from?

Ferdinkle · Feb 9, 2012

Okay, I have deleted Frostwire and everything that is frostwire related. Is there a way I can redownload frostwire and turn off certain things or is it just the whole nature of the program that can pose a risk to my pc? Also, The Icon changer was just a gadget I downloaded a long time ago on impulse and never got rid of it, I'm not even sure where I downloaded it probably some random google search result, but I have now deleted it.

Ried · Feb 10, 2012

It's the whole nature of the program. Plain and simply, you have no idea who you are getting your file from, nor are you able to verify exactly what is in the file.

If there aren't any more problems, we have some final housekeeping to tend to now. Please do not skip this step as it will implement important cleanup procedures, as well as reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.

On your keyboard, press the Windows Logo key and the letter R to open the Run command box. Copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
WOT, Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for both Firefox and IE.
Scan here Secunia - The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions for out of date & vulnerable common applications on your computer
BACKING UP YOUR REGISTRY
ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders System Restore unavailable by simple means. With ERUNT, you're able to restore the damaged Registry.

Vista/Windows 7 users - see this link for proper setup of Erunt Automatically Backup your Windows Vista Registry daily using ERUNT - The Winhelponline Blog

**Kindly respond one more time and let me know if we may consider this thread resolved.

Ferdinkle · Feb 11, 2012

Okay, So I tried to run the command to uninstall combo fix but the program is no longer even on my pc. Meanwhile I try to bring up my browser and do a google search on just about anything and it redirects me to stupid websites like "giftmaniac.com" and "foodpuma.com" after I search for thing like facebook.com and google.com. I ran Malwarebyte-Antimalware again and it picked up the Svchost.exe and deleted it and after the reboot I am still being redirected.

Ried · Feb 11, 2012

Then we need to start over. Run a new scan with TDSSKiller and allow it to update.

After the scan has completed, do NOT allow it to cure anything yet. Change the action to Skip and post the log for me please.

Ferdinkle · Feb 11, 2012

Looks like our little friend has snuck his way back onto my computer.

Ried · Feb 12, 2012

It sure has.

Download the latest ComboFix.exe from here and save it to the desktop. Don't run it yet.

Run TDSSKiller again and allow it to cure this time. After you reboot, disable your onboard AV and run ComboFix.exe.

Post both logs when done.

Ferdinkle · Feb 12, 2012

Okay, I ran both of them and here are the logs.

13:28:41.0537 1228 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
13:28:42.0702 1228 ============================================================
13:28:42.0702 1228 Current date / time: 2012/02/12 13:28:42.0702
13:28:42.0702 1228 SystemInfo:
13:28:42.0702 1228
13:28:42.0702 1228 OS Version: 6.1.7600 ServicePack: 0.0
13:28:42.0702 1228 Product type: Workstation
13:28:42.0702 1228 ComputerName: OWNER-PC
13:28:42.0702 1228 UserName: Owner
13:28:42.0702 1228 Windows directory: C:\Windows
13:28:42.0702 1228 System windows directory: C:\Windows
13:28:42.0702 1228 Running under WOW64
13:28:42.0702 1228 Processor architecture: Intel x64
13:28:42.0702 1228 Number of processors: 4
13:28:42.0702 1228 Page size: 0x1000
13:28:42.0703 1228 Boot type: Normal boot
13:28:42.0703 1228 ============================================================
13:28:43.0195 1228 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:28:43.0234 1228 \Device\Harddisk0\DR0:
13:28:43.0234 1228 MBR used
13:28:43.0234 1228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
13:28:43.0234 1228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x72ED3800
13:28:43.0313 1228 Initialize success
13:28:43.0313 1228 ============================================================
13:28:52.0798 4776 ============================================================
13:28:52.0799 4776 Scan started
13:28:52.0799 4776 Mode: Manual;
13:28:52.0799 4776 ============================================================
13:28:53.0288 4776 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:28:53.0292 4776 1394ohci - ok
13:28:53.0318 4776 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:28:53.0323 4776 ACPI - ok
13:28:53.0337 4776 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:28:53.0371 4776 AcpiPmi - ok
13:28:53.0425 4776 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:28:53.0433 4776 adp94xx - ok
13:28:53.0462 4776 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:28:53.0466 4776 adpahci - ok
13:28:53.0486 4776 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:28:53.0489 4776 adpu320 - ok
13:28:53.0540 4776 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
13:28:53.0547 4776 AFD - ok
13:28:53.0576 4776 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:28:53.0578 4776 agp440 - ok
13:28:53.0633 4776 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:28:53.0635 4776 aliide - ok
13:28:53.0650 4776 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:28:53.0652 4776 amdide - ok
13:28:53.0666 4776 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:28:53.0670 4776 AmdK8 - ok
13:28:53.0843 4776 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
13:28:53.0988 4776 amdkmdag - ok
13:28:54.0009 4776 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys
13:28:54.0010 4776 amdkmdap - ok
13:28:54.0045 4776 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:28:54.0048 4776 AmdPPM - ok
13:28:54.0091 4776 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:28:54.0118 4776 amdsata - ok
13:28:54.0147 4776 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:28:54.0151 4776 amdsbs - ok
13:28:54.0171 4776 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:28:54.0172 4776 amdxata - ok
13:28:54.0281 4776 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:28:54.0284 4776 AppID - ok
13:28:54.0332 4776 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:28:54.0335 4776 arc - ok
13:28:54.0352 4776 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:28:54.0355 4776 arcsas - ok
13:28:54.0390 4776 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:28:54.0393 4776 AsyncMac - ok
13:28:54.0413 4776 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:28:54.0413 4776 atapi - ok
13:28:54.0522 4776 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:28:54.0540 4776 b06bdrv - ok
13:28:54.0624 4776 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:28:54.0645 4776 b57nd60a - ok
13:28:54.0732 4776 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:28:54.0734 4776 Beep - ok
13:28:54.0856 4776 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys
13:28:54.0859 4776 BHDrvx64 - ok
13:28:54.0886 4776 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:28:54.0887 4776 blbdrive - ok
13:28:54.0932 4776 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:28:54.0934 4776 bowser - ok
13:28:54.0953 4776 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:28:54.0955 4776 BrFiltLo - ok
13:28:54.0962 4776 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:28:54.0964 4776 BrFiltUp - ok
13:28:54.0978 4776 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:28:54.0981 4776 BridgeMP - ok
13:28:55.0005 4776 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:28:55.0011 4776 Brserid - ok
13:28:55.0027 4776 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:28:55.0029 4776 BrSerWdm - ok
13:28:55.0037 4776 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:28:55.0039 4776 BrUsbMdm - ok
13:28:55.0053 4776 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:28:55.0054 4776 BrUsbSer - ok
13:28:55.0076 4776 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:28:55.0079 4776 BTHMODEM - ok
13:28:55.0188 4776 catchme - ok
13:28:55.0352 4776 ccHP (a2e6ab452b9393ca8d11d28827e0e1a1) C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys
13:28:55.0358 4776 ccHP - ok
13:28:55.0386 4776 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:28:55.0389 4776 cdfs - ok
13:28:55.0432 4776 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:28:55.0434 4776 cdrom - ok
13:28:55.0462 4776 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:28:55.0464 4776 circlass - ok
13:28:55.0493 4776 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:28:55.0498 4776 CLFS - ok
13:28:55.0539 4776 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:28:55.0540 4776 CmBatt - ok
13:28:55.0549 4776 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:28:55.0551 4776 cmdide - ok
13:28:55.0585 4776 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
13:28:55.0589 4776 CNG - ok
13:28:55.0599 4776 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:28:55.0600 4776 Compbatt - ok
13:28:55.0614 4776 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:28:55.0615 4776 CompositeBus - ok
13:28:55.0624 4776 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:28:55.0644 4776 crcdisk - ok
13:28:55.0687 4776 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:28:55.0689 4776 DfsC - ok
13:28:55.0701 4776 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:28:55.0702 4776 discache - ok
13:28:55.0725 4776 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:28:55.0726 4776 Disk - ok
13:28:55.0768 4776 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:28:55.0770 4776 drmkaud - ok
13:28:55.0789 4776 dump_wmimmc - ok
13:28:55.0844 4776 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:28:55.0853 4776 DXGKrnl - ok
13:28:55.0898 4776 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys
13:28:55.0901 4776 e1kexpress - ok
13:28:55.0919 4776 EagleX64 - ok
13:28:56.0008 4776 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:28:56.0100 4776 ebdrv - ok
13:28:56.0195 4776 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:28:56.0200 4776 eeCtrl - ok
13:28:56.0245 4776 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:28:56.0252 4776 elxstor - ok
13:28:56.0315 4776 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:28:56.0317 4776 EraserUtilRebootDrv - ok
13:28:56.0337 4776 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:28:56.0339 4776 ErrDev - ok
13:28:56.0364 4776 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:28:56.0368 4776 exfat - ok
13:28:56.0389 4776 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:28:56.0401 4776 fastfat - ok
13:28:56.0437 4776 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:28:56.0439 4776 fdc - ok
13:28:56.0467 4776 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:28:56.0468 4776 FileInfo - ok
13:28:56.0480 4776 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:28:56.0481 4776 Filetrace - ok
13:28:56.0498 4776 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:28:56.0499 4776 flpydisk - ok
13:28:56.0522 4776 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:28:56.0525 4776 FltMgr - ok
13:28:56.0546 4776 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:28:56.0547 4776 FsDepends - ok
13:28:56.0557 4776 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:28:56.0557 4776 Fs_Rec - ok
13:28:56.0594 4776 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:28:56.0597 4776 fvevol - ok
13:28:56.0608 4776 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:28:56.0610 4776 gagp30kx - ok
13:28:56.0656 4776 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:28:56.0657 4776 GEARAspiWDM - ok
13:28:56.0708 4776 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:28:56.0710 4776 hcw85cir - ok
13:28:56.0730 4776 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:28:56.0735 4776 HdAudAddService - ok
13:28:56.0756 4776 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:28:56.0758 4776 HDAudBus - ok
13:28:56.0803 4776 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
13:28:56.0804 4776 HECIx64 - ok
13:28:56.0814 4776 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:28:56.0815 4776 HidBatt - ok
13:28:56.0833 4776 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:28:56.0845 4776 HidBth - ok
13:28:56.0870 4776 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:28:56.0872 4776 HidIr - ok
13:28:56.0912 4776 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:28:56.0913 4776 HidUsb - ok
13:28:56.0939 4776 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:28:56.0942 4776 HpSAMD - ok
13:28:56.0972 4776 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:28:56.0980 4776 HTTP - ok
13:28:57.0006 4776 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:28:57.0006 4776 hwpolicy - ok
13:28:57.0035 4776 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:28:57.0037 4776 i8042prt - ok
13:28:57.0090 4776 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
13:28:57.0093 4776 iaStor - ok
13:28:57.0134 4776 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:28:57.0139 4776 iaStorV - ok
13:28:57.0258 4776 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120210.002\IDSvia64.sys
13:28:57.0262 4776 IDSVia64 - ok
13:28:57.0434 4776 igfx (404548917acaaa314165c2882b045c94) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:28:57.0614 4776 igfx - ok
13:28:57.0650 4776 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:28:57.0651 4776 iirsp - ok
13:28:57.0732 4776 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
13:28:57.0750 4776 IntcAzAudAddService - ok
13:28:57.0812 4776 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:28:57.0846 4776 IntcDAud - ok
13:28:57.0870 4776 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:28:57.0872 4776 intelide - ok
13:28:57.0885 4776 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:28:57.0886 4776 intelppm - ok
13:28:57.0901 4776 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:28:57.0912 4776 IpFilterDriver - ok
13:28:57.0931 4776 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:28:57.0934 4776 IPMIDRV - ok
13:28:57.0943 4776 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:28:57.0947 4776 IPNAT - ok
13:28:57.0994 4776 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:28:57.0996 4776 IRENUM - ok
13:28:58.0014 4776 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:28:58.0017 4776 isapnp - ok
13:28:58.0041 4776 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:28:58.0045 4776 iScsiPrt - ok
13:28:58.0087 4776 JRAID (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys
13:28:58.0088 4776 JRAID - ok
13:28:58.0106 4776 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:28:58.0107 4776 kbdclass - ok
13:28:58.0132 4776 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:28:58.0133 4776 kbdhid - ok
13:28:58.0166 4776 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
13:28:58.0167 4776 KSecDD - ok
13:28:58.0181 4776 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
13:28:58.0184 4776 KSecPkg - ok
13:28:58.0198 4776 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:28:58.0199 4776 ksthunk - ok
13:28:58.0234 4776 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:28:58.0235 4776 lltdio - ok
13:28:58.0286 4776 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:28:58.0289 4776 LSI_FC - ok
13:28:58.0308 4776 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:28:58.0311 4776 LSI_SAS - ok
13:28:58.0325 4776 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:28:58.0327 4776 LSI_SAS2 - ok
13:28:58.0341 4776 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:28:58.0344 4776 LSI_SCSI - ok
13:28:58.0355 4776 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:28:58.0357 4776 luafv - ok
13:28:58.0372 4776 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:28:58.0382 4776 megasas - ok
13:28:58.0401 4776 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:28:58.0405 4776 MegaSR - ok
13:28:58.0425 4776 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:28:58.0426 4776 Modem - ok
13:28:58.0468 4776 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:28:58.0468 4776 monitor - ok
13:28:58.0493 4776 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:28:58.0494 4776 mouclass - ok
13:28:58.0506 4776 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:28:58.0507 4776 mouhid - ok
13:28:58.0526 4776 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:28:58.0527 4776 mountmgr - ok
13:28:58.0546 4776 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:28:58.0549 4776 mpio - ok
13:28:58.0565 4776 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:28:58.0567 4776 mpsdrv - ok
13:28:58.0582 4776 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:28:58.0585 4776 MRxDAV - ok
13:28:58.0617 4776 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:28:58.0619 4776 mrxsmb - ok
13:28:58.0647 4776 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:28:58.0650 4776 mrxsmb10 - ok
13:28:58.0668 4776 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:28:58.0669 4776 mrxsmb20 - ok
13:28:58.0688 4776 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:28:58.0688 4776 msahci - ok
13:28:58.0707 4776 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:28:58.0710 4776 msdsm - ok
13:28:58.0728 4776 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:28:58.0729 4776 Msfs - ok
13:28:58.0736 4776 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:28:58.0737 4776 mshidkmdf - ok
13:28:58.0758 4776 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:28:58.0758 4776 msisadrv - ok
13:28:58.0785 4776 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:28:58.0787 4776 MSKSSRV - ok
13:28:58.0794 4776 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:28:58.0795 4776 MSPCLOCK - ok
13:28:58.0813 4776 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:28:58.0815 4776 MSPQM - ok
13:28:58.0830 4776 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:28:58.0833 4776 MsRPC - ok
13:28:58.0842 4776 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:28:58.0843 4776 mssmbios - ok
13:28:58.0858 4776 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:28:58.0860 4776 MSTEE - ok
13:28:58.0894 4776 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:28:58.0895 4776 MTConfig - ok
13:28:58.0907 4776 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:28:58.0908 4776 Mup - ok
13:28:58.0930 4776 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:28:58.0933 4776 NativeWifiP - ok
13:28:59.0033 4776 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120211.006\ENG64.SYS
13:28:59.0034 4776 NAVENG - ok
13:28:59.0092 4776 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120211.006\EX64.SYS
13:28:59.0110 4776 NAVEX15 - ok
13:28:59.0161 4776 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:28:59.0174 4776 NDIS - ok
13:28:59.0196 4776 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:28:59.0199 4776 NdisCap - ok
13:28:59.0226 4776 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:28:59.0227 4776 NdisTapi - ok
13:28:59.0248 4776 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:28:59.0249 4776 Ndisuio - ok
13:28:59.0266 4776 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:28:59.0268 4776 NdisWan - ok
13:28:59.0289 4776 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:28:59.0291 4776 NDProxy - ok
13:28:59.0307 4776 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:28:59.0308 4776 NetBIOS - ok
13:28:59.0327 4776 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:28:59.0330 4776 NetBT - ok
13:28:59.0401 4776 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:28:59.0418 4776 nfrd960 - ok
13:28:59.0467 4776 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:28:59.0468 4776 Npfs - ok
13:28:59.0485 4776 NPPTNT2 - ok
13:28:59.0504 4776 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:28:59.0505 4776 nsiproxy - ok
13:28:59.0571 4776 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:28:59.0616 4776 Ntfs - ok
13:28:59.0637 4776 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:28:59.0638 4776 Null - ok
13:28:59.0674 4776 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:28:59.0677 4776 nvraid - ok
13:28:59.0697 4776 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:28:59.0701 4776 nvstor - ok
13:28:59.0718 4776 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:28:59.0720 4776 nv_agp - ok
13:28:59.0736 4776 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:28:59.0738 4776 ohci1394 - ok
13:28:59.0779 4776 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:28:59.0796 4776 Parport - ok
13:28:59.0823 4776 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:28:59.0824 4776 partmgr - ok
13:28:59.0848 4776 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:28:59.0850 4776 pci - ok
13:28:59.0869 4776 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:28:59.0870 4776 pciide - ok
13:28:59.0892 4776 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:28:59.0895 4776 pcmcia - ok
13:28:59.0918 4776 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:28:59.0918 4776 pcw - ok
13:28:59.0948 4776 PCWinSoft (65129b3eac0b0f630dc5eb4e9e28aeca) C:\Windows\system32\DRIVERS\scrcamhrdrv_x64.sys
13:28:59.0975 4776 PCWinSoft - ok
13:28:59.0994 4776 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:29:00.0000 4776 PEAUTH - ok
13:29:00.0040 4776 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:29:00.0041 4776 PptpMiniport - ok
13:29:00.0059 4776 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:29:00.0061 4776 Processor - ok
13:29:00.0082 4776 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:29:00.0084 4776 Psched - ok
13:29:00.0124 4776 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:29:00.0125 4776 PxHlpa64 - ok
13:29:00.0172 4776 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:29:00.0215 4776 ql2300 - ok
13:29:00.0243 4776 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:29:00.0247 4776 ql40xx - ok
13:29:00.0267 4776 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:29:00.0269 4776 QWAVEdrv - ok
13:29:00.0287 4776 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:29:00.0306 4776 RasAcd - ok
13:29:00.0335 4776 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:29:00.0337 4776 RasAgileVpn - ok
13:29:00.0356 4776 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:29:00.0358 4776 Rasl2tp - ok
13:29:00.0385 4776 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:29:00.0387 4776 RasPppoe - ok
13:29:00.0401 4776 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:29:00.0403 4776 RasSstp - ok
13:29:00.0429 4776 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:29:00.0434 4776 rdbss - ok
13:29:00.0455 4776 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:29:00.0473 4776 rdpbus - ok
13:29:00.0498 4776 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:29:00.0499 4776 RDPCDD - ok
13:29:00.0518 4776 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:29:00.0519 4776 RDPENCDD - ok
13:29:00.0534 4776 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:29:00.0535 4776 RDPREFMP - ok
13:29:00.0555 4776 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:29:00.0560 4776 RDPWD - ok
13:29:00.0586 4776 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:29:00.0588 4776 rdyboost - ok
13:29:00.0625 4776 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:29:00.0627 4776 rspndr - ok
13:29:00.0684 4776 RTL8192su (4ce333ac701c4bd2e3eff721c0db2526) C:\Windows\system32\DRIVERS\RTL8192su.sys
13:29:00.0718 4776 RTL8192su - ok
13:29:00.0754 4776 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:29:00.0757 4776 sbp2port - ok
13:29:00.0771 4776 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:29:00.0772 4776 scfilter - ok
13:29:00.0828 4776 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:29:00.0828 4776 secdrv - ok
13:29:00.0864 4776 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:29:00.0865 4776 Serenum - ok
13:29:00.0881 4776 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:29:00.0883 4776 Serial - ok
13:29:00.0895 4776 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:29:00.0908 4776 sermouse - ok
13:29:00.0934 4776 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:29:00.0935 4776 sffdisk - ok
13:29:00.0950 4776 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:29:00.0952 4776 sffp_mmc - ok
13:29:00.0963 4776 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:29:00.0965 4776 sffp_sd - ok
13:29:00.0979 4776 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:29:00.0981 4776 sfloppy - ok
13:29:01.0029 4776 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:29:01.0030 4776 SiSRaid2 - ok
13:29:01.0045 4776 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:29:01.0047 4776 SiSRaid4 - ok
13:29:01.0077 4776 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:29:01.0079 4776 Smb - ok
13:29:01.0107 4776 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:29:01.0107 4776 spldr - ok
13:29:01.0182 4776 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS
13:29:01.0187 4776 SRTSP - ok
13:29:01.0199 4776 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS
13:29:01.0200 4776 SRTSPX - ok
13:29:01.0242 4776 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:29:01.0248 4776 srv - ok
13:29:01.0280 4776 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:29:01.0284 4776 srv2 - ok
13:29:01.0329 4776 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:29:01.0331 4776 srvnet - ok
13:29:01.0358 4776 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:29:01.0360 4776 stexstor - ok
13:29:01.0384 4776 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:29:01.0384 4776 swenum - ok
13:29:01.0416 4776 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS
13:29:01.0421 4776 SymEFA - ok
13:29:01.0463 4776 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:29:01.0465 4776 SymEvent - ok
13:29:01.0485 4776 SYMFW (b4af6633ecd674b74bd4e80788299d2a) C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS
13:29:01.0486 4776 SYMFW - ok
13:29:01.0514 4776 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
13:29:01.0515 4776 SymIM - ok
13:29:01.0530 4776 SYMNDISV (d451a05f7e7b9d1f9f8fb76b2a16d786) C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS
13:29:01.0531 4776 SYMNDISV - ok
13:29:01.0555 4776 SYMTDI (33b37cb0a74f1f4b78a665ece9184095) C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS
13:29:01.0557 4776 SYMTDI - ok
13:29:01.0628 4776 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
13:29:01.0668 4776 Tcpip - ok
13:29:01.0719 4776 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
13:29:01.0730 4776 TCPIP6 - ok
13:29:01.0771 4776 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:29:01.0772 4776 tcpipreg - ok
13:29:01.0792 4776 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:29:01.0811 4776 TDPIPE - ok
13:29:01.0835 4776 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:29:01.0836 4776 TDTCP - ok
13:29:01.0861 4776 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:29:01.0863 4776 tdx - ok
13:29:01.0882 4776 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:29:01.0883 4776 TermDD - ok
13:29:01.0903 4776 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:29:01.0904 4776 tssecsrv - ok
13:29:01.0923 4776 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:29:01.0925 4776 tunnel - ok
13:29:01.0937 4776 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:29:01.0939 4776 uagp35 - ok
13:29:01.0959 4776 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:29:01.0963 4776 udfs - ok
13:29:01.0999 4776 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:29:02.0001 4776 uliagpkx - ok
13:29:02.0018 4776 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:29:02.0019 4776 umbus - ok
13:29:02.0042 4776 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:29:02.0043 4776 UmPass - ok
13:29:02.0113 4776 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:29:02.0115 4776 USBAAPL64 - ok
13:29:02.0156 4776 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
13:29:02.0158 4776 usbaudio - ok
13:29:02.0179 4776 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:29:02.0182 4776 usbccgp - ok
13:29:02.0212 4776 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:29:02.0231 4776 usbcir - ok
13:29:02.0255 4776 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
13:29:02.0256 4776 usbehci - ok
13:29:02.0287 4776 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:29:02.0292 4776 usbhub - ok
13:29:02.0336 4776 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
13:29:02.0364 4776 usbohci - ok
13:29:02.0380 4776 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:29:02.0383 4776 usbprint - ok
13:29:02.0412 4776 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:29:02.0427 4776 usbscan - ok
13:29:02.0464 4776 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:29:02.0466 4776 USBSTOR - ok
13:29:02.0501 4776 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
13:29:02.0524 4776 usbuhci - ok
13:29:02.0579 4776 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
13:29:02.0611 4776 usbvideo - ok
13:29:02.0642 4776 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:29:02.0643 4776 vdrvroot - ok
13:29:02.0664 4776 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:29:02.0666 4776 vga - ok
13:29:02.0690 4776 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:29:02.0691 4776 VgaSave - ok
13:29:02.0717 4776 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:29:02.0722 4776 vhdmp - ok
13:29:02.0730 4776 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:29:02.0732 4776 viaide - ok
13:29:02.0747 4776 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:29:02.0749 4776 volmgr - ok
13:29:02.0775 4776 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:29:02.0780 4776 volmgrx - ok
13:29:02.0793 4776 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:29:02.0797 4776 volsnap - ok
13:29:02.0838 4776 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:29:02.0859 4776 vsmraid - ok
13:29:02.0904 4776 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:29:02.0906 4776 vwifibus - ok
13:29:02.0929 4776 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:29:02.0930 4776 vwififlt - ok
13:29:02.0965 4776 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:29:02.0967 4776 WacomPen - ok
13:29:03.0009 4776 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:29:03.0010 4776 WANARP - ok
13:29:03.0015 4776 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:29:03.0017 4776 Wanarpv6 - ok
13:29:03.0118 4776 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:29:03.0120 4776 Wd - ok
13:29:03.0148 4776 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:29:03.0155 4776 Wdf01000 - ok
13:29:03.0195 4776 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:29:03.0195 4776 WfpLwf - ok
13:29:03.0211 4776 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:29:03.0239 4776 WIMMount - ok
13:29:03.0328 4776 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:29:03.0330 4776 WinUsb - ok
13:29:03.0346 4776 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:29:03.0347 4776 WmiAcpi - ok
13:29:03.0379 4776 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:29:03.0380 4776 ws2ifsl - ok
13:29:03.0420 4776 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:29:03.0421 4776 WudfPf - ok
13:29:03.0435 4776 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:29:03.0437 4776 WUDFRd - ok
13:29:03.0452 4776 MBR (0x1B8) (98c463cba70ed23d2549b17f914eb467) \Device\Harddisk0\DR0
13:29:03.0471 4776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:29:03.0471 4776 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:29:03.0499 4776 Boot (0x1200) (4e7fb5fd9ff8afdeb6c96d7f2d6e1a56) \Device\Harddisk0\DR0\Partition0
13:29:03.0500 4776 \Device\Harddisk0\DR0\Partition0 - ok
13:29:03.0509 4776 Boot (0x1200) (55074309a8d867798b57f5c1c8313d65) \Device\Harddisk0\DR0\Partition1
13:29:03.0510 4776 \Device\Harddisk0\DR0\Partition1 - ok
13:29:03.0510 4776 ============================================================
13:29:03.0510 4776 Scan finished
13:29:03.0510 4776 ============================================================
13:29:03.0518 5828 Detected object count: 1
13:29:03.0518 5828 Actual detected object count: 1
13:29:07.0740 5828 \Device\Harddisk0\DR0\# - copied to quarantine
13:29:07.0742 5828 \Device\Harddisk0\DR0 - copied to quarantine
13:29:07.0774 5828 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:29:08.0084 5828 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
13:29:08.0137 5828 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
13:29:08.0205 5828 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
13:29:08.0251 5828 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
13:29:08.0278 5828 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
13:29:08.0281 5828 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
13:29:08.0283 5828 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
13:29:08.0287 5828 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
13:29:08.0301 5828 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
13:29:08.0318 5828 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
13:29:08.0324 5828 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:29:08.0325 5828 \Device\Harddisk0\DR0 - ok
13:29:08.0547 5828 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
13:29:12.0208 5116 Deinitialize success

ComboFix 12-02-12.01 - Owner 02/12/2012 13:42:17.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6071.4489 [GMT -6:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 19:53 . 2012-02-12 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-12 19:29 . 2012-02-12 19:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-07 18:10 . 2012-02-07 18:10 -------- d-----w- c:\program files (x86)\ESET
2012-01-24 22:13 . 2012-01-24 22:13 -------- d-----w- c:\programdata\Premium
2012-01-24 22:12 . 2012-01-24 22:14 -------- d-----w- c:\programdata\InstallMate
2012-01-22 23:26 . 2012-01-22 23:26 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-22 23:26 . 2012-01-22 23:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-17 19:42 . 2012-02-11 20:50 -------- d-----w- c:\users\Owner\riotsGamesLogs
2012-01-17 19:42 . 2012-01-17 19:42 -------- d-----w- c:\users\Owner\AppData\Roaming\LolClient
2012-01-17 19:18 . 2012-01-17 19:18 -------- d-----w- C:\Riot Games
2012-01-17 19:03 . 2008-07-12 14:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-01-17 19:03 . 2008-07-12 14:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-01-17 19:03 . 2008-07-12 14:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 18:00 . 2012-02-10 18:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C297.tmp
2012-02-10 18:00 . 2012-02-10 18:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C296.tmp
2011-11-24 05:00 . 2012-01-12 01:57 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 15:07 . 2012-01-12 02:12 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-12 02:12 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 07:14 . 2012-01-12 02:12 1739160 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:41 . 2012-01-12 02:12 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-06_20.58.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-16 10:00 . 2012-02-12 19:58 70326 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-12 19:58 36366 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-28 02:15 . 2012-02-12 19:58 25176 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3278768672-221522244-4216984395-1000_UserData.bin
- 2009-12-29 02:41 . 2012-01-30 01:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-29 02:41 . 2012-02-09 17:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-29 02:41 . 2012-02-09 17:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-29 02:41 . 2012-01-30 01:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-09 17:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-30 01:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-12 19:55 . 2012-02-12 19:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-06 20:57 . 2012-02-06 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-12 19:55 . 2012-02-12 19:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-06 20:57 . 2012-02-06 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-12 22:06 . 2012-01-23 03:37 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-12 22:06 . 2012-02-12 19:26 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-02-12 19:55 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-06 20:57 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-02-12 19:53 359608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-06 20:56 359608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-02-12 19:55 5013504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-06 20:57 5013504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-19 03:20 . 2012-01-29 18:44 3822520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3278768672-221522244-4216984395-1000-12288.dat
+ 2011-03-19 03:20 . 2012-02-12 19:29 3822520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3278768672-221522244-4216984395-1000-12288.dat
- 2009-07-14 04:54 . 2012-02-06 20:57 13451264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-12 19:55 13451264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-02-06 14:56 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-02-12 17:56 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-03-16 04:15 . 2012-02-12 19:53 27095348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3278768672-221522244-4216984395-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\XfireXO\prxtbXfi0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfi0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-08-03 498160]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200]
"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCWinSoft;ScreenCamera HR;c:\windows\system32\DRIVERS\scrcamhrdrv_x64.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120210.002\IDSvia64.sys [2011-11-30 488568]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 01:51]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 01:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-08 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-08 408600]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p0395v1j5k4901r25n
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mtokxmke.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - Welcome to Facebook - Log In, Sign Up or Learn More
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111224&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3278768672-221522244-4216984395-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3278768672-221522244-4216984395-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-02-12 14:08:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 20:08
ComboFix2.txt 2012-02-07 17:12
ComboFix3.txt 2012-01-30 21:13
ComboFix4.txt 2012-01-29 19:33
.
Pre-Run: 830,623,412,224 bytes free
Post-Run: 830,375,432,192 bytes free
.
- - End Of File - - E32109379D71163C880703F6E8B249F7

Ried · Feb 13, 2012

Is this proxy deliberately set by you for one of your programs?

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

Windows 7 Crazy Activity

Ferdinkle

Attachments

Ferdinkle

Ferdinkle

Ried

Ferdinkle

Attachments

Ried

Ferdinkle

Attachments

Ried

Ferdinkle

Attachments

Ried

Ferdinkle

Attachments

Ried

Ferdinkle

Ried

Ferdinkle

Ried

Ferdinkle

Attachments

Ried

Ferdinkle

Attachments

Ried

Top Contributors this Month