Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

?router / dns / mitm / malware problem. Please help

malware dns

  • Please log in to reply

#1
Patrick_M

Patrick_M

    New Member

  • Member
  • Pip
  • 2 posts

Hey all, haign a terrible time in last 2days with laptops, hope someone can help, have my final exams starting i mornign and need peace of midn + laptop...

 

Ok, There are 2 laptop on home network.

 

Device 1: My laptop

Device 2: Brand new, a week old and only used for Word and Facebook. Parent owns it.

 

I was online 2days ago, and was on some sites probably led to this.. looking up about malware etc. Learning.

 

I was then on just on google and got a popup notification.

.i4MDpzl.png

 

 

I left this and it disappeared after 20seconds. it had adobe Flash icon on the button in taskbar,, i done full scans and deleted all programs did not use.. i done scans with a good few software and seemed to be some malware for httpserver and dns. Even though it said i was connected to the net, all my pages were not loading, saying dns wrong etc...

 

I also sent my friend a privnote message on facebook, which destructs after its read.. he came onto me 25minutes after and asked did i read it as someone had..my messages to people showed up on facebook then were gone.. then i was getting peoples comments in mail twice.. i done an update on windows, and when i restarted i was asked twice for certificates for websites, i've never been asked that before, and said remote desktop something.  So I worried it MITM attack..

 

That is Device one. That laptop is not as concern now as  I have formatted the HD as I want to use the disk for new laptp I am ettign next week.

 

 

So Device Two:

As device 1 was now fully formatted i was using device two the following day (yesterday) I rang my ISP to reset the router to factory settings which they did. And I was able to log on to the router. The only sites i was on were router /isp / facebook and sme news channels.

 

At roughly the same time as the night before I got the popup i showed above but this time n the parents laptop.. again it disappered after 20seconds...when i went back Facebook and clicked, i was taken to facebook log in screen, i was flickign back n forth through facebookall dy and was not logged out and it happen immediately after this popup..

 

I am wondering could there be a problem with the router?

Does this sound strange to you?

 

Here is wat I have since done... I just went off the net immediately...

 

Device two is a packard bell, i only had about 30documnts on it.. so I went to an option and completely reinstalled the OS. Took about 5hrs to complete. I pressed 'reset' on the router, and also flushed the DNS on device two once i booed it up.

 

My main concern is that i cnt change the password to log into the router via http until tomorrow when the ISP company is open.. i dont knw how this works really so not sure if person might still be able access router... even though i reset it, he will have password if seen it from last time it was entered...

Could someone give me advice on that, and also check my new logs of device 2? Rem i just done these logs 1hr after reinstall and puttin ruter back n after reset...Im paranoid now later on it will be same again.Any help is great. peace of mind as I have my final exams next week.

 

 

Also when my ISP reset router and passowrd i coudl broswe to defalt gateway reached login screen but didtn login, now it wont load, also when I try go to facebook via their IP it times out..

 

I done netstat- a and there are many listenng ports.. with browsers closed..find pic attched.

 

 

 

and soem strange stuff. Also on TCPView a lot of packets beign sent from laptop via netbios.

 

eBzehCn.png any help would be great...

 

 

Also just a few minutes ago i got messges for site certificates whcih i screenshotted... i have no idea what else to do or who to ask...

 

 

OTL:

OTL logfile created on: 01/03/2015 22:14:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\martha\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.89 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 34.12% Memory free
7.89 Gb Paging File | 5.35 Gb Available in Paging File | 67.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.06 Gb Total Space | 417.57 Gb Free Space | 92.99% Space Free | Partition Type: NTFS
 
Computer Name: MAR | User Name: martha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2015/03/01 21:56:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\martha\Downloads\OTL.exe
PRC - [2015/02/23 10:49:51 | 000,376,944 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/12/19 21:59:52 | 000,090,880 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
PRC - [2014/12/19 21:59:52 | 000,089,344 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
PRC - [2014/12/19 21:16:44 | 000,062,208 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
PRC - [2014/12/19 13:16:59 | 009,191,168 | ---- | M] (Acer Cloud Technology) -- C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
PRC - [2014/12/19 13:15:49 | 002,713,856 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
PRC - [2014/08/21 22:25:12 | 000,441,344 | ---- | M] () -- C:\Program Files (x86)\Nmap\zenmap.exe
PRC - [2014/03/21 12:34:16 | 000,259,304 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerWinMonitor.exe
PRC - [2013/10/08 12:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
PRC - [2013/09/05 14:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/25 11:40:56 | 000,300,832 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\martha\AppData\Local\Temp\Rar$EXa0.097\Tcpview.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2015/03/01 08:19:34 | 000,015,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
MOD - [2015/01/07 18:10:00 | 000,630,528 | ---- | M] () -- C:\Program Files (x86)\Acer\abMedia\tag.dll
MOD - [2015/01/07 18:09:58 | 000,654,552 | ---- | M] () -- C:\Program Files (x86)\Acer\abMedia\sqlite3.dll
MOD - [2015/01/07 18:09:52 | 000,119,552 | ---- | M] () -- C:\Program Files (x86)\Acer\abMedia\openldap.dll
MOD - [2015/01/07 18:09:32 | 000,203,008 | ---- | M] () -- C:\Program Files (x86)\Acer\abMedia\curllib.dll
MOD - [2014/12/19 22:00:22 | 000,279,296 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\libcurl.dll
MOD - [2014/12/19 21:59:52 | 000,090,880 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
MOD - [2014/12/19 21:59:52 | 000,089,344 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
MOD - [2014/12/19 21:16:48 | 000,013,568 | ---- | M] () -- C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
MOD - [2014/12/19 21:10:32 | 000,277,096 | ---- | M] () -- C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
MOD - [2014/08/21 22:25:12 | 001,882,624 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\gtk._gtk.pyd
MOD - [2014/08/21 22:25:12 | 001,294,335 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\libcairo-2.dll
MOD - [2014/08/21 22:25:12 | 001,160,704 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\_ssl.pyd
MOD - [2014/08/21 22:25:12 | 000,715,264 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\_hashlib.pyd
MOD - [2014/08/21 22:25:12 | 000,538,324 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\freetype6.dll
MOD - [2014/08/21 22:25:12 | 000,441,344 | ---- | M] () -- C:\Program Files (x86)\Nmap\zenmap.exe
MOD - [2014/08/21 22:25:12 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\libfontconfig-1.dll
MOD - [2014/08/21 22:25:12 | 000,263,168 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\gio._gio.pyd
MOD - [2014/08/21 22:25:12 | 000,230,529 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\libpng14-14.dll
MOD - [2014/08/21 22:25:12 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\atk.pyd
MOD - [2014/08/21 22:25:12 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\libexpat-1.dll
MOD - [2014/08/21 22:25:12 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\pyexpat.pyd
MOD - [2014/08/21 22:25:12 | 000,113,152 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\gobject._gobject.pyd
MOD - [2014/08/21 22:25:12 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\pango.pyd
MOD - [2014/08/21 22:25:12 | 000,100,352 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\zlib1.dll
MOD - [2014/08/21 22:25:12 | 000,100,255 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2014/08/21 22:25:12 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\cairo._cairo.pyd
MOD - [2014/08/21 22:25:12 | 000,058,368 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\glib._glib.pyd
MOD - [2014/08/21 22:25:12 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\_socket.pyd
MOD - [2014/08/21 22:25:12 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Nmap\py2exe\pangocairo.pyd
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2014/06/25 16:34:22 | 000,348,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2014/06/25 16:34:22 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2014/03/21 15:07:36 | 000,449,768 | ---- | M] (Acer Incorporate) [On_Demand | Running] -- C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe -- (RMSvc)
SRV:[b]64bit:[/b] - [2014/03/21 15:07:30 | 000,457,960 | ---- | M] (Acer Incorporate) [On_Demand | Running] -- C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe -- (QASvc)
SRV:[b]64bit:[/b] - [2014/03/21 12:34:12 | 002,573,544 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:[b]64bit:[/b] - [2014/03/18 09:49:24 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/03/18 09:49:21 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2014/03/18 09:49:13 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2014/03/18 09:49:12 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2014/03/18 09:49:08 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/03/18 09:49:06 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/03/18 09:49:06 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/03/18 09:49:04 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2014/03/18 09:49:04 | 000,399,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/03/18 09:49:04 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/03/18 09:49:03 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2014/03/18 09:49:00 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2014/03/18 06:20:08 | 000,282,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:[b]64bit:[/b] - [2014/03/17 11:07:32 | 000,459,496 | ---- | M] (Acer Incorporate) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe -- (LMSvc)
SRV:[b]64bit:[/b] - [2014/03/06 05:42:58 | 001,305,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2013/08/22 12:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2013/08/22 11:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2013/08/22 11:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2013/08/22 11:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2013/08/22 11:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2013/08/22 11:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2013/08/22 10:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2013/08/22 10:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2013/08/22 09:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2013/08/22 09:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2013/08/22 09:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2013/08/22 09:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2013/08/22 09:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2013/08/22 09:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2013/08/22 09:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2013/08/22 09:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2013/08/22 09:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2013/07/01 19:08:48 | 000,822,232 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2013/07/01 19:08:32 | 000,733,696 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe -- (Intel(R)
SRV - [2015/02/23 10:50:03 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 13:15:49 | 002,713,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe -- (CCDMonitorService)
SRV - [2014/09/21 10:32:26 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe -- (NIS)
SRV - [2014/03/18 09:48:55 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/03/18 06:20:12 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/02/25 21:17:38 | 000,319,104 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/09/05 14:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/22 12:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 03:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 02:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2015/03/01 09:42:07 | 000,037,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:[b]64bit:[/b] - [2014/08/26 02:26:57 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symefa64.sys -- (SymEFA)
DRV:[b]64bit:[/b] - [2014/08/26 02:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:[b]64bit:[/b] - [2014/08/06 19:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ironx64.sys -- (SymIRON)
DRV:[b]64bit:[/b] - [2014/06/25 16:34:22 | 000,237,400 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2014/06/25 16:34:22 | 000,124,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2014/06/25 16:34:22 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2014/06/25 16:34:04 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/05/06 03:46:37 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2014/03/18 09:49:29 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/03/18 09:49:08 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/03/18 09:49:07 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/03/18 09:49:04 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2014/03/18 09:49:04 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/03/18 09:48:54 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2014/03/18 09:48:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:[b]64bit:[/b] - [2014/03/18 09:48:54 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2014/03/18 09:48:54 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/03/18 09:48:54 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/03/18 09:48:53 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2014/03/18 09:48:53 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/03/18 09:48:53 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2014/03/18 09:48:53 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/03/18 09:48:53 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2014/03/18 09:48:53 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/03/18 09:48:53 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/03/18 09:33:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/03/18 09:33:03 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2014/03/07 16:26:44 | 000,450,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2014/03/07 16:18:24 | 003,729,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2014/03/01 20:32:31 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:[b]64bit:[/b] - [2014/03/01 20:32:31 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:[b]64bit:[/b] - [2014/02/25 20:53:02 | 000,598,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2014/02/25 20:53:02 | 000,355,528 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2014/02/25 20:53:02 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2014/02/25 20:53:02 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2014/02/25 20:53:02 | 000,118,984 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:[b]64bit:[/b] - [2014/02/25 20:53:02 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2014/02/25 20:53:02 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2014/02/25 20:53:02 | 000,035,016 | ---- | M] (Qualcomm Atheros) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2014/02/19 11:20:30 | 000,042,224 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynRMIHID.sys -- (SynRMIHID)
DRV:[b]64bit:[/b] - [2014/02/14 01:35:20 | 003,888,640 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:[b]64bit:[/b] - [2014/01/15 13:21:46 | 000,088,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TXEIx64.sys -- (TXEIx64)
DRV:[b]64bit:[/b] - [2013/12/18 03:35:22 | 000,839,896 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2013/11/11 01:54:30 | 000,067,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iaioi2ce.sys -- (iaioi2c)
DRV:[b]64bit:[/b] - [2013/11/11 01:54:30 | 000,031,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaiogpioe.sys -- (GPIO)
DRV:[b]64bit:[/b] - [2013/11/01 07:40:22 | 000,330,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:[b]64bit:[/b] - [2013/09/27 02:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:[b]64bit:[/b] - [2013/09/26 03:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symnets.sys -- (SymNetS)
DRV:[b]64bit:[/b] - [2013/09/26 02:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ccsetx64.sys -- (ccSet_NIS)
DRV:[b]64bit:[/b] - [2013/09/10 02:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symelam.sys -- (SymELAM)
DRV:[b]64bit:[/b] - [2013/09/10 02:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symds64.sys -- (SymDS)
DRV:[b]64bit:[/b] - [2013/08/22 13:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 13:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 12:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 12:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 12:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 12:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 12:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2013/08/22 12:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 12:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2013/08/22 12:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 11:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2013/08/22 11:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 11:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 11:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 11:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 11:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 11:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 11:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 11:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 11:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 11:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 11:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 11:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2013/08/22 11:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2013/08/22 11:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 11:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 11:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 11:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2013/08/22 11:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 11:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2013/08/22 11:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2013/08/22 11:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2013/08/22 08:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/12 23:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/10 00:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/30 18:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/25 19:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/07/17 02:59:00 | 000,021,360 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMDriver.sys -- (LMDriver)
DRV:[b]64bit:[/b] - [2013/07/17 02:59:00 | 000,014,680 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioShim.sys -- (RadioShim)
DRV:[b]64bit:[/b] - [2013/07/01 16:50:06 | 008,536,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2013/03/01 01:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV - [2015/02/28 10:10:56 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150228.001\ex64.sys -- (NAVEX15)
DRV - [2015/02/28 10:10:56 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2015/02/28 10:10:56 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2015/02/28 10:10:56 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150228.001\eng64.sys -- (NAVENG)
DRV - [2015/02/27 17:44:24 | 000,669,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150227.003\IDSviA64.sys -- (IDSVia64)
DRV - [2015/02/24 02:21:18 | 001,622,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys -- (BHDrvx64)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {91902B8D-01EE-4214-86B6-F94D67F3CAA4}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{91902B8D-01EE-4214-86B6-F94D67F3CAA4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=APJB
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {91902B8D-01EE-4214-86B6-F94D67F3CAA4}
IE - HKLM\..\SearchScopes\{91902B8D-01EE-4214-86B6-F94D67F3CAA4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=APJB
IE - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=APJB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com/?pc=APJB
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
IE - HKCU\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.countryCode: "IE"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.region: "IE"
FF - prefs.js..extensions.enabledAddons: CertPatrol%40PSYC.EU:2.0.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\Adobe Reader: c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2015/03/01 08:54:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2015/03/01 07:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martha\AppData\Roaming\Mozilla\Extensions
[2015/03/01 21:51:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martha\AppData\Roaming\Mozilla\Firefox\Profiles\7oiibfvb.default\extensions
[2015/03/01 21:51:15 | 000,074,643 | ---- | M] () (No name found) -- C:\Users\martha\AppData\Roaming\Mozilla\Firefox\Profiles\7oiibfvb.default\extensions\[email protected]
[2015/03/01 07:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/03/01 07:16:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/08/22 13:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [abDocsDllLoader] C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe ()
O4 - HKLM..\Run: [BacKGround Agent] C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer Incorporated)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.94.190.194 213.94.190.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D75ED370-CCCE-422F-A33F-E2C8E685AC58}: DhcpNameServer = 213.94.190.194 213.94.190.236
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2015/03/01 17:40:38 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Roaming\Wireshark
[2015/03/01 17:18:34 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\Diagnostics
[2015/03/01 16:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2015/03/01 16:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2015/03/01 16:20:00 | 000,300,832 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\martha\Desktop\Tcpview.exe
[2015/03/01 15:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/03/01 15:18:19 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/03/01 15:18:19 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/03/01 15:18:19 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/03/01 15:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/03/01 15:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/03/01 15:18:02 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\Programs
[2015/03/01 14:11:57 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Roaming\WildTangent
[2015/03/01 14:11:30 | 000,656,048 | ---- | C] (WildTangent, Inc.) -- C:\ProgramData\uninstall690176.exe
[2015/03/01 14:08:49 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\SecTaskMan
[2015/03/01 14:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2015/03/01 14:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2015/03/01 11:48:26 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\Acer
[2015/03/01 10:57:25 | 000,000,000 | ---D | C] -- C:\Users\martha\.zenmap
[2015/03/01 10:31:40 | 000,000,000 | ---D | C] -- C:\Users\martha\Desktop\SysAdminNotes
[2015/03/01 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Roaming\OpenOffice
[2015/03/01 10:19:40 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
[2015/03/01 10:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2015/03/01 10:17:14 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Roaming\WinRAR
[2015/03/01 10:16:06 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/03/01 10:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/03/01 10:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2015/03/01 10:15:14 | 000,000,000 | ---D | C] -- C:\Users\martha\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
[2015/03/01 09:02:43 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\Acer Aspire R7 Tutorial
[2015/03/01 08:55:34 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\CrashDumps
[2015/03/01 08:51:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2015/03/01 08:29:31 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\iGware
[2015/03/01 08:23:23 | 000,000,000 | ---D | C] -- C:\FRST
[2015/03/01 08:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2015/03/01 08:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nmap
[2015/03/01 08:19:30 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\AOP SDK
[2015/03/01 08:17:49 | 000,000,000 | ---D | C] -- C:\Users\martha\Documents\clear.fi
[2015/03/01 08:15:45 | 000,000,000 | ---D | C] -- C:\Users\martha\Documents\nmap-6.47-win32
[2015/03/01 08:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/03/01 08:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/03/01 07:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2015/03/01 07:23:03 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Roaming\Macromedia
[2015/03/01 07:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2015/03/01 07:16:54 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Roaming\Mozilla
[2015/03/01 07:16:54 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\Mozilla
[2015/03/01 07:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2015/03/01 07:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015/03/01 07:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/03/01 06:14:50 | 000,000,000 | -HSD | C] -- C:\Users\martha\AppData\Local\EmieUserList
[2015/03/01 06:14:50 | 000,000,000 | -HSD | C] -- C:\Users\martha\AppData\Local\EmieSiteList
[2015/03/01 04:56:24 | 000,000,000 | ---D | C] -- C:\Users\martha\PicStream
[2015/03/01 04:56:24 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\clear.fi
[2015/03/01 04:55:44 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Roaming\Atheros
[2015/03/01 04:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2015/03/01 04:55:11 | 000,000,000 | R--D | C] -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2015/03/01 04:55:11 | 000,000,000 | R--D | C] -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2015/03/01 04:55:10 | 000,000,000 | R--D | C] -- C:\Users\martha\Searches
[2015/03/01 04:55:10 | 000,000,000 | R--D | C] -- C:\Users\martha\Contacts
[2015/03/01 04:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_YAHOO
[2015/03/01 04:55:00 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Roaming\Adobe
[2015/03/01 04:54:53 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\VirtualStore
[2015/03/01 04:54:31 | 000,000,000 | -HSD | C] -- C:\Users\martha\IntelGraphicsProfiles
[2015/03/01 04:54:14 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\Packages
[2015/03/01 04:53:26 | 000,000,000 | --SD | C] -- C:\Users\martha\AppData\Roaming\Microsoft
[2015/03/01 04:53:26 | 000,000,000 | R--D | C] -- C:\Users\martha\Videos
[2015/03/01 04:53:26 | 000,000,000 | R--D | C] -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2015/03/01 04:53:26 | 000,000,000 | R--D | C] -- C:\Users\martha\Saved Games
[2015/03/01 04:53:26 | 000,000,000 | R--D | C] -- C:\Users\martha\Pictures
[2015/03/01 04:53:26 | 000,000,000 | R--D | C] -- C:\Users\martha\Music
[2015/03/01 04:53:26 | 000,000,000 | R--D | C] -- C:\Users\martha\Links
[2015/03/01 04:53:26 | 000,000,000 | R--D | C] -- C:\Users\martha\Favorites
[2015/03/01 04:53:26 | 000,000,000 | R--D | C] -- C:\Users\martha\Downloads
[2015/03/01 04:53:26 | 000,000,000 | R--D | C] -- C:\Users\martha\Documents
[2015/03/01 04:53:26 | 000,000,000 | R--D | C] -- C:\Users\martha\Desktop
[2015/03/01 04:53:26 | 000,000,000 | R--D | C] -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2015/03/01 04:53:26 | 000,000,000 | R--D | C] -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2015/03/01 04:53:26 | 000,000,000 | -H-D | C] -- C:\Users\martha\AppData
[2015/03/01 04:53:26 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\Temp
[2015/03/01 04:53:26 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\Pokki
[2015/03/01 04:53:26 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Local\Microsoft
[2015/03/01 04:53:26 | 000,000,000 | ---D | C] -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2015/03/01 04:53:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2015/03/01 03:07:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2021/10/21 13:36:56 | 000,000,852 | ---- | M] () -- C:\Windows\SysNative\drivers\RTKHDRC.DAT
[2021/10/04 07:34:42 | 000,000,712 | ---- | M] () -- C:\Windows\SysNative\drivers\RTMICEQ0.DAT
[2015/03/01 19:06:53 | 005,229,292 | ---- | M] () -- C:\Users\martha\Documents\list2.pcapng
[2015/03/01 18:37:06 | 032,228,204 | ---- | M] () -- C:\Users\martha\Documents\filw`.pcapng
[2015/03/01 14:08:24 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Security Task Manager.lnk
[2015/03/01 13:14:17 | 000,863,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/03/01 13:14:17 | 000,735,932 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/03/01 13:14:17 | 000,139,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/03/01 13:13:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/03/01 10:19:42 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
[2015/03/01 09:42:07 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015/03/01 08:55:17 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\abPhoto.lnk
[2015/03/01 08:51:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/03/01 08:51:24 | 577,166,515 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/03/01 08:51:24 | 3337,994,240 | -HS- | M] () -- C:\hiberfil.sys
[2015/03/01 08:24:44 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Acer Portal.lnk
[2015/03/01 08:23:06 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\abMedia.lnk
[2015/03/01 08:21:14 | 000,000,000 | ---- | M] () -- C:\upgradeOOBE.tag
[2015/03/01 08:20:03 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\abDocs.lnk
[2015/03/01 08:08:49 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/03/01 07:16:43 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/03/01 06:14:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2015/03/01 04:54:27 | 000,000,180 | ---- | M] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2015/03/01 04:53:39 | 002,279,423 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Cat.DB
[2015/03/01 03:07:57 | 000,344,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/16 11:29:10 | 000,077,505 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1506000.020\VT20150216.002
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2015/03/01 19:06:52 | 005,229,292 | ---- | C] () -- C:\Users\martha\Documents\list2.pcapng
[2015/03/01 18:37:03 | 032,228,204 | ---- | C] () -- C:\Users\martha\Documents\filw`.pcapng
[2015/03/01 16:48:09 | 000,001,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2015/03/01 14:08:25 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
[2015/03/01 14:08:24 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
[2015/03/01 14:08:24 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Security Task Manager.lnk
[2015/03/01 10:19:42 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
[2015/03/01 08:54:43 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\abPhoto.lnk
[2015/03/01 08:51:24 | 577,166,515 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2015/03/01 08:24:34 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Acer Portal.lnk
[2015/03/01 08:22:43 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\abMedia.lnk
[2015/03/01 08:21:14 | 000,000,000 | ---- | C] () -- C:\upgradeOOBE.tag
[2015/03/01 08:20:02 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\abDocs.lnk
[2015/03/01 08:08:49 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/03/01 07:20:15 | 000,037,624 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015/03/01 07:16:42 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/03/01 07:16:39 | 000,001,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/03/01 06:14:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2015/03/01 04:58:07 | 000,002,132 | ---- | C] () -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[2015/03/01 04:58:02 | 000,002,303 | ---- | C] () -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[2015/03/01 04:55:47 | 000,001,284 | ---- | C] () -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
[2015/03/01 04:54:57 | 000,001,454 | ---- | C] () -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2015/03/01 04:54:26 | 000,000,180 | ---- | C] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2015/03/01 04:53:26 | 000,000,369 | ---- | C] () -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[2015/03/01 04:53:26 | 000,000,369 | ---- | C] () -- C:\Users\martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[2015/03/01 03:07:44 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2015/03/01 03:07:43 | 3337,994,240 | -HS- | C] () -- C:\hiberfil.sys
[2014/06/25 07:59:30 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/05/06 04:12:03 | 000,068,608 | ---- | C] () -- C:\Windows\SysWow64\igfxexps32.dll
[2014/05/06 04:12:00 | 000,342,944 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/05/06 04:11:59 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/05/06 04:11:59 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/03/18 09:49:15 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/03/18 09:48:55 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/22 15:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 15:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 14:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 07:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/22 03:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/21 23:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 23:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2013/07/01 18:44:46 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/18 09:49:11 | 021,230,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/18 09:49:19 | 018,682,288 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 09:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 02:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 09:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Attached Thumbnails

  • ccd.PNG

Edited by Patrick_M, 01 March 2015 - 04:36 PM.

  • 0

Advertisements


#2
Patrick_M

Patrick_M

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

There is something after hapeing my laptop, all traffic showing n wirehsark and TCPVIEW i have no idea how I'm visiting all these sites? As my laptop I am not.. but traffic shows as coming from mine that i can see??

 

It's happening now, any one able to help? or show me what i could do to get more information?


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, dns

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP