Trojan.agent svchost.exe

[Belcoot]

So, while I was checking my normal websites last night, my computer suddenly resetted on its own. When it came back on and I tried to go online, it crashed completely and gave me the blue screen. I reopened in safe mode and ran Malwarebytes to delete whatever I might caught. It found something, rebooted, and thought it was over. Turns out, though, the trojan I caught will not go away. I tried and I tried to get rid of it with several other anti-spyware programs but none of them work. This trojan is really annoying and I need some help. Here's my logs.

Attach.txt

DDS.txt

[MrCharlie]

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

[Belcoot]

Well, a friend of mine was able to rid of the trojan, but now I got another problem. Each time I use the internet, my internet just slows down completely. My Avast keeps blocking an infection called url:Mal. Should I do another scan and upload the result?

[MrCharlie]

Yes please do that, MrC

[Belcoot]

Here they are

Attach.txt

DDS.txt

[MrCharlie]

Run RogueKiller as outlined in my first post, post back the log, MrC

[Belcoot]

Grr, I'm having trouble running Roguekiller. I ran it three times and it suddenly stops after a few minutes.

[MrCharlie]

Uncheck the MBR Scan and then try it, MrC

[Belcoot]

Okay, found a way to run it somehow. Here's what came up.

¤¤¤ Registry Entries: 3 ¤¤¤

[sUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

I don't see anything, all I can do is have you run some scans, I have no idea what the other guy did to the computer.

If you want.....

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

[Belcoot]

15:17:43.0691 0984 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48

15:17:44.0439 0984 ============================================================

15:17:44.0439 0984 Current date / time: 2012/04/02 15:17:44.0439

15:17:44.0439 0984 SystemInfo:

15:17:44.0439 0984

15:17:44.0439 0984 OS Version: 6.1.7600 ServicePack: 0.0

15:17:44.0439 0984 Product type: Workstation

15:17:44.0439 0984 ComputerName: HERNANDEZ-VAIO

15:17:44.0439 0984 UserName: Hernandez

15:17:44.0439 0984 Windows directory: C:\Windows

15:17:44.0439 0984 System windows directory: C:\Windows

15:17:44.0439 0984 Running under WOW64

15:17:44.0439 0984 Processor architecture: Intel x64

15:17:44.0439 0984 Number of processors: 8

15:17:44.0439 0984 Page size: 0x1000

15:17:44.0439 0984 Boot type: Safe boot with network

15:17:44.0439 0984 ============================================================

15:17:45.0150 0984 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:17:45.0155 0984 \Device\Harddisk0\DR0:

15:17:45.0155 0984 MBR used

15:17:45.0155 0984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x141D000, BlocksNum 0x32000

15:17:45.0155 0984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x144F000, BlocksNum 0x49408AB0

15:17:45.0195 0984 Initialize success

15:17:45.0195 0984 ============================================================

15:18:22.0608 0964 ============================================================

15:18:22.0608 0964 Scan started

15:18:22.0608 0964 Mode: Manual; SigCheck; TDLFS;

15:18:22.0608 0964 ============================================================

15:18:25.0259 0964 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys

15:18:25.0390 0964 1394ohci - ok

15:18:25.0481 0964 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

15:18:25.0500 0964 ACDaemon - ok

15:18:25.0669 0964 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys

15:18:25.0685 0964 ACPI - ok

15:18:25.0800 0964 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys

15:18:25.0875 0964 AcpiPmi - ok

15:18:25.0983 0964 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

15:18:26.0006 0964 adp94xx - ok

15:18:26.0113 0964 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

15:18:26.0128 0964 adpahci - ok

15:18:26.0227 0964 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

15:18:26.0240 0964 adpu320 - ok

15:18:26.0353 0964 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

15:18:26.0514 0964 AeLookupSvc - ok

15:18:26.0618 0964 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

15:18:26.0688 0964 AFD - ok

15:18:26.0785 0964 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

15:18:26.0795 0964 agp440 - ok

15:18:26.0871 0964 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

15:18:26.0919 0964 ALG - ok

15:18:27.0030 0964 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

15:18:27.0042 0964 aliide - ok

15:18:27.0130 0964 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

15:18:27.0140 0964 amdide - ok

15:18:27.0243 0964 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

15:18:27.0279 0964 AmdK8 - ok

15:18:27.0378 0964 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

15:18:27.0412 0964 AmdPPM - ok

15:18:27.0514 0964 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

15:18:27.0525 0964 amdsata - ok

15:18:27.0642 0964 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

15:18:27.0655 0964 amdsbs - ok

15:18:27.0763 0964 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

15:18:27.0772 0964 amdxata - ok

15:18:27.0882 0964 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\DRIVERS\Apfiltr.sys

15:18:27.0892 0964 ApfiltrService - ok

15:18:27.0988 0964 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

15:18:28.0027 0964 AppID - ok

15:18:28.0105 0964 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

15:18:28.0172 0964 AppIDSvc - ok

15:18:28.0252 0964 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

15:18:28.0291 0964 Appinfo - ok

15:18:28.0401 0964 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

15:18:28.0412 0964 arc - ok

15:18:28.0516 0964 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

15:18:28.0527 0964 arcsas - ok

15:18:28.0642 0964 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

15:18:28.0649 0964 ArcSoftKsUFilter - ok

15:18:28.0778 0964 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys

15:18:28.0786 0964 aswFsBlk - ok

15:18:28.0946 0964 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys

15:18:28.0953 0964 aswMonFlt - ok

15:18:29.0074 0964 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys

15:18:29.0081 0964 aswRdr - ok

15:18:29.0241 0964 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys

15:18:29.0262 0964 aswSnx - ok

15:18:29.0376 0964 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys

15:18:29.0388 0964 aswSP - ok

15:18:29.0475 0964 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys

15:18:29.0482 0964 aswTdi - ok

15:18:29.0572 0964 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:18:29.0622 0964 AsyncMac - ok

15:18:29.0728 0964 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

15:18:29.0737 0964 atapi - ok

15:18:29.0857 0964 athr (08baaa2432e81031a6c3b11ad5a67e2b) C:\Windows\system32\DRIVERS\athrx.sys

15:18:29.0950 0964 athr - ok

15:18:30.0047 0964 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

15:18:30.0123 0964 AudioEndpointBuilder - ok

15:18:30.0180 0964 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

15:18:30.0223 0964 AudioSrv - ok

15:18:30.0356 0964 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

15:18:30.0363 0964 avast! Antivirus - ok

15:18:30.0431 0964 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

15:18:30.0489 0964 AxInstSV - ok

15:18:30.0599 0964 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

15:18:30.0635 0964 b06bdrv - ok

15:18:30.0772 0964 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:18:30.0834 0964 b57nd60a - ok

15:18:30.0938 0964 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

15:18:30.0971 0964 BDESVC - ok

15:18:31.0084 0964 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:18:31.0160 0964 Beep - ok

15:18:31.0258 0964 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

15:18:31.0306 0964 BFE - ok

15:18:31.0489 0964 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys

15:18:31.0517 0964 BHDrvx64 - ok

15:18:31.0653 0964 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

15:18:31.0744 0964 BITS - ok

15:18:31.0840 0964 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

15:18:31.0867 0964 blbdrive - ok

15:18:31.0963 0964 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

15:18:32.0020 0964 bowser - ok

15:18:32.0131 0964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

15:18:32.0181 0964 BrFiltLo - ok

15:18:32.0298 0964 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

15:18:32.0312 0964 BrFiltUp - ok

15:18:32.0398 0964 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

15:18:32.0449 0964 Browser - ok

15:18:32.0565 0964 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:18:32.0597 0964 Brserid - ok

15:18:32.0698 0964 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:18:32.0723 0964 BrSerWdm - ok

15:18:32.0842 0964 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:18:32.0881 0964 BrUsbMdm - ok

15:18:32.0987 0964 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:18:33.0015 0964 BrUsbSer - ok

15:18:33.0134 0964 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

15:18:33.0153 0964 BthEnum - ok

15:18:33.0268 0964 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

15:18:33.0298 0964 BTHMODEM - ok

15:18:33.0404 0964 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

15:18:33.0428 0964 BthPan - ok

15:18:33.0552 0964 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys

15:18:33.0611 0964 BTHPORT - ok

15:18:33.0698 0964 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

15:18:33.0753 0964 bthserv - ok

15:18:33.0860 0964 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys

15:18:33.0889 0964 BTHUSB - ok

15:18:33.0987 0964 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys

15:18:33.0999 0964 btwampfl - ok

15:18:34.0083 0964 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys

15:18:34.0093 0964 btwaudio - ok

15:18:34.0198 0964 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys

15:18:34.0206 0964 btwavdt - ok

15:18:34.0280 0964 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

15:18:34.0303 0964 btwdins - ok

15:18:34.0401 0964 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys

15:18:34.0407 0964 btwl2cap - ok

15:18:34.0495 0964 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys

15:18:34.0501 0964 btwrchid - ok

15:18:34.0622 0964 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:18:34.0703 0964 cdfs - ok

15:18:34.0949 0964 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

15:18:34.0987 0964 cdrom - ok

15:18:35.0072 0964 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

15:18:35.0141 0964 CertPropSvc - ok

15:18:35.0227 0964 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

15:18:35.0268 0964 circlass - ok

15:18:35.0353 0964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:18:35.0369 0964 CLFS - ok

15:18:35.0490 0964 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:18:35.0500 0964 clr_optimization_v2.0.50727_32 - ok

15:18:35.0603 0964 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:18:35.0616 0964 clr_optimization_v2.0.50727_64 - ok

15:18:36.0074 0964 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:18:36.0086 0964 clr_optimization_v4.0.30319_32 - ok

15:18:37.0615 0964 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:18:37.0645 0964 clr_optimization_v4.0.30319_64 - ok

15:18:37.0741 0964 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

15:18:37.0757 0964 CmBatt - ok

15:18:37.0863 0964 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

15:18:37.0872 0964 cmdide - ok

15:18:37.0974 0964 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

15:18:38.0003 0964 CNG - ok

15:18:38.0797 0964 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

15:18:38.0808 0964 Compbatt - ok

15:18:39.0043 0964 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys

15:18:39.0073 0964 CompositeBus - ok

15:18:39.0127 0964 COMSysApp - ok

15:18:39.0166 0964 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

15:18:39.0176 0964 crcdisk - ok

15:18:39.0247 0964 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

15:18:39.0295 0964 CryptSvc - ok

15:18:39.0375 0964 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

15:18:39.0435 0964 DcomLaunch - ok

15:18:39.0518 0964 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

15:18:39.0582 0964 defragsvc - ok

15:18:39.0681 0964 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

15:18:39.0735 0964 DfsC - ok

15:18:39.0829 0964 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

15:18:39.0909 0964 Dhcp - ok

15:18:40.0003 0964 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:18:40.0065 0964 discache - ok

15:18:40.0161 0964 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

15:18:40.0175 0964 Disk - ok

15:18:40.0249 0964 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

15:18:40.0262 0964 Dnscache - ok

15:18:40.0351 0964 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

15:18:40.0412 0964 dot3svc - ok

15:18:40.0500 0964 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

15:18:40.0559 0964 DPS - ok

15:18:40.0653 0964 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:18:40.0680 0964 drmkaud - ok

15:18:40.0808 0964 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

15:18:40.0838 0964 DXGKrnl - ok

15:18:40.0918 0964 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

15:18:40.0971 0964 EapHost - ok

15:18:41.0121 0964 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

15:18:41.0207 0964 ebdrv - ok

15:18:41.0303 0964 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

15:18:41.0317 0964 eeCtrl - ok

15:18:41.0429 0964 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

15:18:41.0481 0964 EFS - ok

15:18:41.0560 0964 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

15:18:41.0605 0964 ehRecvr - ok

15:18:41.0679 0964 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

15:18:41.0695 0964 ehSched - ok

15:18:41.0781 0964 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

15:18:41.0804 0964 elxstor - ok

15:18:41.0900 0964 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

15:18:41.0908 0964 EraserUtilRebootDrv - ok

15:18:42.0111 0964 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

15:18:42.0246 0964 ErrDev - ok

15:18:42.0351 0964 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

15:18:42.0405 0964 EventSystem - ok

15:18:42.0496 0964 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:18:42.0548 0964 exfat - ok

15:18:42.0667 0964 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:18:42.0718 0964 fastfat - ok

15:18:42.0846 0964 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

15:18:42.0890 0964 Fax - ok

15:18:43.0033 0964 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

15:18:43.0121 0964 fdc - ok

15:18:43.0224 0964 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

15:18:43.0273 0964 fdPHost - ok

15:18:43.0419 0964 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

15:18:43.0476 0964 FDResPub - ok

15:18:43.0613 0964 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:18:43.0627 0964 FileInfo - ok

15:18:43.0736 0964 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:18:43.0805 0964 Filetrace - ok

15:18:43.0936 0964 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

15:18:43.0975 0964 flpydisk - ok

15:18:44.0079 0964 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

15:18:44.0094 0964 FltMgr - ok

15:18:44.0207 0964 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll

15:18:44.0263 0964 FontCache - ok

15:18:44.0362 0964 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:18:44.0372 0964 FontCache3.0.0.0 - ok

15:18:44.0512 0964 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:18:44.0522 0964 FsDepends - ok

15:18:45.0079 0964 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

15:18:45.0091 0964 Fs_Rec - ok

15:18:45.0212 0964 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:18:45.0228 0964 fvevol - ok

15:18:45.0334 0964 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

15:18:45.0344 0964 gagp30kx - ok

15:18:45.0443 0964 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

15:18:45.0486 0964 gpsvc - ok

15:18:45.0586 0964 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:18:45.0595 0964 gupdate - ok

15:18:45.0670 0964 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

15:18:45.0678 0964 gusvc - ok

15:18:45.0791 0964 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:18:45.0824 0964 hcw85cir - ok

15:18:45.0937 0964 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

15:18:45.0977 0964 HdAudAddService - ok

15:18:46.0105 0964 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys

15:18:46.0127 0964 HDAudBus - ok

15:18:46.0236 0964 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

15:18:46.0247 0964 HidBatt - ok

15:18:46.0360 0964 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

15:18:46.0405 0964 HidBth - ok

15:18:46.0529 0964 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

15:18:46.0569 0964 HidIr - ok

15:18:46.0670 0964 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

15:18:46.0716 0964 hidserv - ok

15:18:46.0855 0964 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

15:18:46.0892 0964 HidUsb - ok

15:18:46.0990 0964 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

15:18:47.0055 0964 hkmsvc - ok

15:18:47.0164 0964 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

15:18:47.0183 0964 HomeGroupListener - ok

15:18:47.0272 0964 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

15:18:47.0304 0964 HomeGroupProvider - ok

15:18:47.0423 0964 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys

15:18:47.0434 0964 HpSAMD - ok

15:18:47.0557 0964 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

15:18:47.0645 0964 HTTP - ok

15:18:47.0764 0964 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

15:18:47.0773 0964 hwpolicy - ok

15:18:47.0957 0964 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

15:18:47.0970 0964 i8042prt - ok

15:18:48.0238 0964 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys

15:18:48.0253 0964 iaStor - ok

15:18:48.0327 0964 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

15:18:48.0333 0964 IAStorDataMgrSvc - ok

15:18:48.0479 0964 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

15:18:48.0497 0964 iaStorV - ok

15:18:48.0828 0964 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:18:48.0852 0964 idsvc - ok

15:18:49.0186 0964 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120330.002\IDSvia64.sys

15:18:49.0203 0964 IDSVia64 - ok

15:18:49.0423 0964 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

15:18:49.0434 0964 iirsp - ok

15:18:49.0564 0964 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

15:18:49.0645 0964 IKEEXT - ok

15:18:50.0002 0964 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\drivers\Impcd.sys

15:18:50.0038 0964 Impcd - ok

15:18:50.0193 0964 IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys

15:18:50.0251 0964 IntcAzAudAddService - ok

15:18:50.0345 0964 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

15:18:50.0355 0964 intelide - ok

15:18:50.0560 0964 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

15:18:50.0578 0964 intelppm - ok

15:18:50.0675 0964 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

15:18:50.0735 0964 IPBusEnum - ok

15:18:50.0849 0964 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:18:50.0914 0964 IpFilterDriver - ok

15:18:51.0027 0964 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

15:18:51.0103 0964 iphlpsvc - ok

15:18:51.0218 0964 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys

15:18:51.0242 0964 IPMIDRV - ok

15:18:51.0330 0964 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:18:51.0386 0964 IPNAT - ok

15:18:51.0476 0964 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:18:51.0492 0964 IRENUM - ok

15:18:51.0587 0964 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

15:18:51.0601 0964 isapnp - ok

15:18:51.0689 0964 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys

15:18:51.0703 0964 iScsiPrt - ok

15:18:51.0759 0964 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

15:18:51.0771 0964 IviRegMgr - ok

15:18:51.0855 0964 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

15:18:51.0865 0964 kbdclass - ok

15:18:51.0956 0964 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys

15:18:51.0990 0964 kbdhid - ok

15:18:52.0074 0964 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:18:52.0087 0964 KeyIso - ok

15:18:52.0173 0964 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

15:18:52.0184 0964 KSecDD - ok

15:18:52.0282 0964 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

15:18:52.0296 0964 KSecPkg - ok

15:18:52.0390 0964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:18:52.0436 0964 ksthunk - ok

15:18:52.0535 0964 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

15:18:52.0602 0964 KtmRm - ok

15:18:52.0728 0964 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

15:18:52.0773 0964 LanmanServer - ok

15:18:52.0896 0964 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

15:18:52.0966 0964 LanmanWorkstation - ok

15:18:53.0069 0964 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:18:53.0107 0964 lltdio - ok

15:18:53.0212 0964 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

15:18:53.0254 0964 lltdsvc - ok

15:18:53.0333 0964 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

15:18:53.0371 0964 lmhosts - ok

15:18:53.0482 0964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

15:18:53.0494 0964 LSI_FC - ok

15:18:53.0586 0964 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

15:18:53.0597 0964 LSI_SAS - ok

15:18:53.0687 0964 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

15:18:53.0697 0964 LSI_SAS2 - ok

15:18:53.0790 0964 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

15:18:53.0801 0964 LSI_SCSI - ok

15:18:53.0892 0964 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:18:53.0938 0964 luafv - ok

15:18:54.0015 0964 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

15:18:54.0027 0964 Mcx2Svc - ok

15:18:54.0126 0964 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

15:18:54.0136 0964 megasas - ok

15:18:54.0235 0964 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

15:18:54.0250 0964 MegaSR - ok

15:18:54.0333 0964 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:18:54.0391 0964 MMCSS - ok

15:18:54.0490 0964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:18:54.0548 0964 Modem - ok

15:18:54.0668 0964 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:18:54.0691 0964 monitor - ok

15:18:54.0814 0964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

15:18:54.0824 0964 mouclass - ok

15:18:54.0970 0964 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:18:54.0997 0964 mouhid - ok

15:18:55.0117 0964 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

15:18:55.0127 0964 mountmgr - ok

15:18:55.0244 0964 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys

15:18:55.0256 0964 mpio - ok

15:18:55.0367 0964 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:18:55.0417 0964 mpsdrv - ok

15:18:55.0532 0964 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

15:18:55.0598 0964 MpsSvc - ok

15:18:55.0714 0964 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

15:18:55.0747 0964 MRxDAV - ok

15:18:55.0861 0964 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:18:55.0900 0964 mrxsmb - ok

15:18:56.0045 0964 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:18:56.0060 0964 mrxsmb10 - ok

15:18:56.0179 0964 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:18:56.0209 0964 mrxsmb20 - ok

15:18:56.0335 0964 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys

15:18:56.0345 0964 msahci - ok

15:18:56.0472 0964 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys

15:18:56.0488 0964 msdsm - ok

15:18:56.0586 0964 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

15:18:56.0619 0964 MSDTC - ok

15:18:56.0772 0964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:18:56.0808 0964 Msfs - ok

15:18:56.0927 0964 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:18:56.0987 0964 mshidkmdf - ok

15:18:57.0109 0964 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

15:18:57.0122 0964 msisadrv - ok

15:18:57.0218 0964 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

15:18:57.0272 0964 MSiSCSI - ok

15:18:57.0496 0964 msiserver - ok

15:18:57.0566 0964 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:18:57.0626 0964 MSKSSRV - ok

15:18:57.0722 0964 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:18:57.0783 0964 MSPCLOCK - ok

15:18:58.0111 0964 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:18:58.0179 0964 MSPQM - ok

15:18:58.0300 0964 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

15:18:58.0317 0964 MsRPC - ok

15:18:58.0920 0964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

15:18:58.0931 0964 mssmbios - ok

15:18:59.0043 0964 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:18:59.0085 0964 MSTEE - ok

15:18:59.0199 0964 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

15:18:59.0243 0964 MTConfig - ok

15:18:59.0367 0964 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:18:59.0377 0964 Mup - ok

15:18:59.0470 0964 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

15:18:59.0516 0964 napagent - ok

15:18:59.0641 0964 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:18:59.0687 0964 NativeWifiP - ok

15:18:59.0831 0964 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120402.002\ENG64.SYS

15:18:59.0839 0964 NAVENG - ok

15:19:00.0012 0964 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120402.002\EX64.SYS

15:19:00.0058 0964 NAVEX15 - ok

15:19:00.0194 0964 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

15:19:00.0221 0964 NDIS - ok

15:19:00.0345 0964 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:19:00.0390 0964 NdisCap - ok

15:19:00.0545 0964 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:19:00.0582 0964 NdisTapi - ok

15:19:00.0690 0964 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

15:19:00.0750 0964 Ndisuio - ok

15:19:00.0872 0964 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

15:19:00.0911 0964 NdisWan - ok

15:19:01.0153 0964 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

15:19:01.0204 0964 NDProxy - ok

15:19:01.0321 0964 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:19:01.0387 0964 NetBIOS - ok

15:19:01.0505 0964 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

15:19:01.0571 0964 NetBT - ok

15:19:01.0664 0964 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:19:01.0676 0964 Netlogon - ok

15:19:01.0806 0964 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

15:19:01.0884 0964 Netman - ok

15:19:01.0998 0964 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

15:19:02.0050 0964 netprofm - ok

15:19:02.0183 0964 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:19:02.0192 0964 NetTcpPortSharing - ok

15:19:02.0358 0964 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

15:19:02.0368 0964 nfrd960 - ok

15:19:02.0463 0964 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe

15:19:02.0472 0964 NIS - ok

15:19:02.0627 0964 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

15:19:02.0686 0964 NlaSvc - ok

15:19:02.0804 0964 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:19:02.0850 0964 Npfs - ok

15:19:03.0083 0964 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

15:19:03.0149 0964 nsi - ok

15:19:03.0448 0964 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:19:03.0498 0964 nsiproxy - ok

15:19:03.0692 0964 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

15:19:03.0733 0964 Ntfs - ok

15:19:03.0864 0964 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:19:03.0914 0964 Null - ok

15:19:04.0010 0964 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys

15:19:04.0017 0964 nusb3hub - ok

15:19:04.0117 0964 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\drivers\nusb3xhc.sys

15:19:04.0125 0964 nusb3xhc - ok

15:19:04.0220 0964 NVHDA (a842341ef3c702ef8208e610be0fd1d9) C:\Windows\system32\drivers\nvhda64v.sys

15:19:04.0228 0964 NVHDA - ok

15:19:04.0969 0964 nvlddmkm (b4402e1d61a3015fc29bef94bb1c81fd) C:\Windows\system32\DRIVERS\nvlddmkm.sys

15:19:05.0361 0964 nvlddmkm - ok

15:19:05.0703 0964 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

15:19:05.0717 0964 nvraid - ok

15:19:05.0831 0964 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

15:19:05.0843 0964 nvstor - ok

15:19:06.0099 0964 nvsvc (3446574a40b1f355b9ce636fc49da5f1) C:\Windows\system32\nvvsvc.exe

15:19:06.0108 0964 nvsvc - ok

15:19:06.0215 0964 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

15:19:06.0226 0964 nv_agp - ok

15:19:06.0322 0964 Oasis2Service (07571684567859da796a566cc78ffa74) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

15:19:06.0347 0964 Oasis2Service ( UnsignedFile.Multi.Generic ) - warning

15:19:06.0347 0964 Oasis2Service - detected UnsignedFile.Multi.Generic (1)

15:19:06.0699 0964 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

15:19:06.0717 0964 ohci1394 - ok

15:19:07.0003 0964 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:19:07.0027 0964 p2pimsvc - ok

15:19:07.0108 0964 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

15:19:07.0126 0964 p2psvc - ok

15:19:07.0226 0964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

15:19:07.0238 0964 Parport - ok

15:19:07.0338 0964 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

15:19:07.0349 0964 partmgr - ok

15:19:07.0395 0964 Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe

15:19:07.0407 0964 Partner Service - ok

15:19:07.0489 0964 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

15:19:07.0519 0964 PcaSvc - ok

15:19:07.0620 0964 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys

15:19:07.0634 0964 pci - ok

15:19:07.0809 0964 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

15:19:07.0818 0964 pciide - ok

15:19:08.0028 0964 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

15:19:08.0043 0964 pcmcia - ok

15:19:08.0139 0964 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:19:08.0149 0964 pcw - ok

15:19:08.0283 0964 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:19:08.0339 0964 PEAUTH - ok

15:19:08.0413 0964 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

15:19:08.0440 0964 PerfHost - ok

15:19:08.0551 0964 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

15:19:08.0627 0964 pla - ok

15:19:08.0894 0964 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

15:19:08.0912 0964 PlugPlay - ok

15:19:09.0624 0964 PMBDeviceInfoProvider (80e85394d8cd7f84340b1c6f4b9d698f) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

15:19:09.0647 0964 PMBDeviceInfoProvider - ok

15:19:09.0751 0964 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

15:19:09.0764 0964 PNRPAutoReg - ok

15:19:10.0359 0964 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:19:10.0374 0964 PNRPsvc - ok

15:19:10.0472 0964 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

15:19:10.0571 0964 PolicyAgent - ok

15:19:10.0667 0964 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

15:19:10.0707 0964 Power - ok

15:19:10.0812 0964 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

15:19:10.0860 0964 PptpMiniport - ok

15:19:10.0987 0964 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

15:19:11.0017 0964 Processor - ok

15:19:11.0133 0964 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

15:19:11.0213 0964 ProfSvc - ok

15:19:11.0531 0964 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:19:11.0543 0964 ProtectedStorage - ok

15:19:11.0669 0964 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

15:19:11.0707 0964 Psched - ok

15:19:11.0797 0964 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

15:19:11.0807 0964 PSI_SVC_2 - ok

15:19:12.0008 0964 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

15:19:12.0047 0964 ql2300 - ok

15:19:12.0858 0964 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

15:19:12.0874 0964 ql40xx - ok

15:19:12.0982 0964 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

15:19:13.0028 0964 QWAVE - ok

15:19:13.0136 0964 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:19:13.0168 0964 QWAVEdrv - ok

15:19:13.0281 0964 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:19:13.0324 0964 RasAcd - ok

15:19:13.0443 0964 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:19:13.0485 0964 RasAgileVpn - ok

15:19:13.0610 0964 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

15:19:13.0662 0964 RasAuto - ok

15:19:13.0784 0964 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:19:13.0859 0964 Rasl2tp - ok

15:19:14.0045 0964 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

15:19:14.0124 0964 RasMan - ok

15:19:14.0221 0964 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:19:14.0275 0964 RasPppoe - ok

15:19:14.0391 0964 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:19:14.0444 0964 RasSstp - ok

15:19:14.0632 0964 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

15:19:14.0696 0964 rdbss - ok

15:19:14.0910 0964 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

15:19:14.0934 0964 rdpbus - ok

15:19:15.0054 0964 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:19:15.0104 0964 RDPCDD - ok

15:19:15.0210 0964 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:19:15.0268 0964 RDPENCDD - ok

15:19:15.0377 0964 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:19:15.0420 0964 RDPREFMP - ok

15:19:15.0537 0964 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys

15:19:15.0567 0964 RDPWD - ok

15:19:15.0686 0964 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys

15:19:15.0702 0964 rdyboost - ok

15:19:15.0796 0964 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

15:19:15.0802 0964 regi - ok

15:19:15.0897 0964 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

15:19:15.0954 0964 RemoteAccess - ok

15:19:16.0027 0964 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

15:19:16.0071 0964 RemoteRegistry - ok

15:19:16.0185 0964 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

15:19:16.0221 0964 RFCOMM - ok

15:19:16.0328 0964 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys

15:19:16.0376 0964 rimspci - ok

15:19:16.0764 0964 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys

15:19:16.0814 0964 risdsnpe - ok

15:19:16.0890 0964 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

15:19:16.0954 0964 RpcEptMapper - ok

15:19:17.0040 0964 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

15:19:17.0074 0964 RpcLocator - ok

15:19:17.0156 0964 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

15:19:17.0205 0964 RpcSs - ok

15:19:17.0302 0964 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:19:17.0351 0964 rspndr - ok

15:19:17.0432 0964 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:19:17.0443 0964 SamSs - ok

15:19:17.0537 0964 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys

15:19:17.0550 0964 sbp2port - ok

15:19:17.0647 0964 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

15:19:17.0679 0964 SBSDWSCService - ok

15:19:17.0778 0964 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

15:19:17.0837 0964 SCardSvr - ok

15:19:17.0938 0964 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

15:19:18.0002 0964 scfilter - ok

15:19:18.0107 0964 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

15:19:18.0147 0964 Schedule - ok

15:19:18.0220 0964 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

15:19:18.0258 0964 SCPolicySvc - ok

15:19:18.0344 0964 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys

15:19:18.0367 0964 sdbus - ok

15:19:18.0444 0964 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

15:19:18.0467 0964 SDRSVC - ok

15:19:18.0556 0964 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:19:18.0600 0964 secdrv - ok

15:19:18.0679 0964 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

15:19:18.0734 0964 seclogon - ok

15:19:18.0808 0964 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

15:19:18.0871 0964 SENS - ok

15:19:18.0958 0964 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

15:19:18.0993 0964 SensrSvc - ok

15:19:19.0101 0964 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

15:19:19.0118 0964 Serenum - ok

15:19:19.0227 0964 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

15:19:19.0240 0964 Serial - ok

15:19:19.0349 0964 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

15:19:19.0382 0964 sermouse - ok

15:19:19.0482 0964 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

15:19:19.0522 0964 SessionEnv - ok

15:19:19.0613 0964 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys

15:19:19.0657 0964 SFEP - ok

15:19:19.0761 0964 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

15:19:19.0783 0964 sffdisk - ok

15:19:19.0883 0964 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

15:19:19.0906 0964 sffp_mmc - ok

15:19:20.0006 0964 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys

15:19:20.0039 0964 sffp_sd - ok

15:19:20.0140 0964 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

15:19:20.0150 0964 sfloppy - ok

15:19:20.0245 0964 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

15:19:20.0306 0964 SharedAccess - ok

15:19:20.0416 0964 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

15:19:20.0447 0964 ShellHWDetection - ok

15:19:20.0563 0964 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

15:19:20.0573 0964 SiSRaid2 - ok

15:19:20.0698 0964 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

15:19:20.0708 0964 SiSRaid4 - ok

15:19:20.0822 0964 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:19:20.0874 0964 Smb - ok

15:19:20.0978 0964 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

15:19:21.0020 0964 SNMPTRAP - ok

15:19:21.0109 0964 SOHCImp (c3e69db0a4e59564230e053232f39ac7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

15:19:21.0117 0964 SOHCImp - ok

15:19:21.0216 0964 SOHDms (65cc4779a29c3e82b987bd4961790dff) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

15:19:21.0228 0964 SOHDms - ok

15:19:21.0332 0964 SOHDs (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

15:19:21.0339 0964 SOHDs - ok

15:19:21.0428 0964 SpfService (5449fc97476f52e027409e703791e6a9) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

15:19:21.0440 0964 SpfService - ok

15:19:21.0556 0964 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:19:21.0566 0964 spldr - ok

15:19:21.0676 0964 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

15:19:21.0850 0964 Spooler - ok

15:19:22.0026 0964 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

15:19:22.0138 0964 sppsvc - ok

15:19:22.0253 0964 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

15:19:22.0305 0964 sppuinotify - ok

15:19:22.0460 0964 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS

15:19:22.0480 0964 SRTSP - ok

15:19:22.0638 0964 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS

15:19:22.0644 0964 SRTSPX - ok

15:19:22.0777 0964 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

15:19:22.0820 0964 srv - ok

15:19:22.0971 0964 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

15:19:23.0010 0964 srv2 - ok

15:19:23.0137 0964 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

15:19:23.0185 0964 srvnet - ok

15:19:23.0306 0964 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

15:19:23.0361 0964 SSDPSRV - ok

15:19:23.0472 0964 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

15:19:23.0510 0964 SstpSvc - ok

15:19:23.0623 0964 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

15:19:23.0633 0964 stexstor - ok

15:19:23.0764 0964 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

15:19:23.0817 0964 stisvc - ok

15:19:23.0915 0964 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

15:19:23.0924 0964 swenum - ok

15:19:24.0032 0964 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

15:19:24.0100 0964 swprv - ok

15:19:24.0246 0964 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS

15:19:24.0260 0964 SymDS - ok

15:19:24.0417 0964 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS

15:19:24.0463 0964 SymEFA - ok

15:19:24.0924 0964 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

15:19:24.0933 0964 SymEvent - ok

15:19:25.0078 0964 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS

15:19:25.0087 0964 SymIRON - ok

15:19:25.0226 0964 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS

15:19:25.0239 0964 SymNetS - ok

15:19:25.0394 0964 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

15:19:25.0456 0964 SysMain - ok

15:19:25.0561 0964 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

15:19:25.0606 0964 TabletInputService - ok

15:19:25.0729 0964 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

15:19:25.0804 0964 TapiSrv - ok

15:19:25.0914 0964 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

15:19:25.0953 0964 TBS - ok

15:19:26.0112 0964 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

15:19:26.0157 0964 Tcpip - ok

15:19:26.0324 0964 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

15:19:26.0365 0964 TCPIP6 - ok

15:19:26.0472 0964 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

15:19:26.0511 0964 tcpipreg - ok

15:19:26.0628 0964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:19:26.0647 0964 TDPIPE - ok

15:19:26.0782 0964 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

15:19:26.0793 0964 TDTCP - ok

15:19:26.0908 0964 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

15:19:26.0953 0964 tdx - ok

15:19:27.0065 0964 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys

15:19:27.0075 0964 TermDD - ok

15:19:27.0178 0964 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

15:19:27.0245 0964 TermService - ok

15:19:27.0363 0964 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

15:19:27.0402 0964 Themes - ok

15:19:27.0514 0964 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:19:27.0552 0964 THREADORDER - ok

15:19:27.0674 0964 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

15:19:27.0716 0964 TrkWks - ok

15:19:27.0780 0964 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

15:19:27.0798 0964 TrustedInstaller - ok

15:19:27.0899 0964 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:19:27.0954 0964 tssecsrv - ok

15:19:28.0235 0964 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

15:19:28.0293 0964 tunnel - ok

15:19:28.0404 0964 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

15:19:28.0415 0964 uagp35 - ok

15:19:28.0480 0964 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

15:19:28.0488 0964 uCamMonitor - ok

15:19:28.0624 0964 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys

15:19:28.0662 0964 udfs - ok

15:19:28.0765 0964 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

15:19:28.0778 0964 UI0Detect - ok

15:19:28.0879 0964 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

15:19:28.0889 0964 uliagpkx - ok

15:19:28.0991 0964 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

15:19:29.0010 0964 umbus - ok

15:19:29.0135 0964 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

15:19:29.0158 0964 UmPass - ok

15:19:29.0263 0964 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

15:19:29.0329 0964 upnphost - ok

15:19:29.0450 0964 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

15:19:29.0486 0964 usbccgp - ok

15:19:29.0587 0964 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

15:19:29.0608 0964 usbcir - ok

15:19:29.0748 0964 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys

15:19:29.0760 0964 usbehci - ok

15:19:29.0891 0964 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

15:19:29.0934 0964 usbhub - ok

15:19:30.0056 0964 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys

15:19:30.0083 0964 usbohci - ok

15:19:30.0215 0964 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

15:19:30.0235 0964 usbprint - ok

15:19:30.0394 0964 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

15:19:30.0433 0964 USBSTOR - ok

15:19:30.0550 0964 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

15:19:30.0560 0964 usbuhci - ok

15:19:30.0710 0964 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

15:19:30.0734 0964 usbvideo - ok

15:19:30.0833 0964 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

15:19:30.0895 0964 UxSms - ok

15:19:30.0986 0964 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

15:19:30.0995 0964 VAIO Event Service - ok

15:19:31.0089 0964 VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

15:19:31.0105 0964 VAIO Power Management - ok

15:19:31.0222 0964 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:19:31.0233 0964 VaultSvc - ok

15:19:31.0349 0964 VCFw (96efa2698d6b9e2931609a3ea73fc5dc) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

15:19:31.0372 0964 VCFw - ok

15:19:31.0459 0964 VcmIAlzMgr (7bebf6a5285ffc03c34a7297a4e177cb) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

15:19:31.0475 0964 VcmIAlzMgr - ok

15:19:31.0562 0964 VcmINSMgr (e005b04dfca99f5880c5111933194ca9) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

15:19:31.0575 0964 VcmINSMgr - ok

15:19:31.0646 0964 VcmXmlIfHelper (829a32fd1334f72429ca0515760eb7a7) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

15:19:31.0654 0964 VcmXmlIfHelper - ok

15:19:31.0746 0964 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

15:19:31.0755 0964 vdrvroot - ok

15:19:31.0852 0964 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

15:19:31.0879 0964 vds - ok

15:19:31.0958 0964 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:19:31.0972 0964 vga - ok

15:19:32.0058 0964 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:19:32.0118 0964 VgaSave - ok

15:19:32.0208 0964 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys

15:19:32.0221 0964 vhdmp - ok

15:19:32.0308 0964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

15:19:32.0317 0964 viaide - ok

15:19:32.0402 0964 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys

15:19:32.0413 0964 volmgr - ok

15:19:32.0545 0964 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

15:19:32.0560 0964 volmgrx - ok

15:19:32.0685 0964 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys

15:19:32.0700 0964 volsnap - ok

15:19:32.0943 0964 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

15:19:32.0956 0964 vsmraid - ok

15:19:33.0108 0964 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

15:19:33.0161 0964 VSS - ok

15:19:33.0280 0964 VUAgent (e55a44d8f9f713d5f5d5bbaef2ba0a34) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe

15:19:33.0308 0964 VUAgent - ok

15:19:33.0409 0964 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

15:19:33.0433 0964 vwifibus - ok

15:19:33.0532 0964 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

15:19:33.0548 0964 vwififlt - ok

15:19:33.0632 0964 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

15:19:33.0648 0964 vwifimp - ok

15:19:33.0732 0964 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

15:19:33.0778 0964 W32Time - ok

15:19:33.0911 0964 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

15:19:33.0945 0964 WacomPen - ok

15:19:34.0048 0964 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

15:19:34.0106 0964 WANARP - ok

15:19:34.0110 0964 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

15:19:34.0147 0964 Wanarpv6 - ok

15:19:34.0291 0964 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

15:19:34.0326 0964 WatAdminSvc - ok

15:19:34.0628 0964 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

15:19:34.0662 0964 wbengine - ok

15:19:34.0747 0964 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

15:19:34.0766 0964 WbioSrvc - ok

15:19:34.0879 0964 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

15:19:34.0912 0964 wcncsvc - ok

15:19:34.0989 0964 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

15:19:35.0001 0964 WcsPlugInService - ok

15:19:35.0105 0964 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

15:19:35.0114 0964 Wd - ok

15:19:35.0203 0964 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:19:35.0224 0964 Wdf01000 - ok

15:19:35.0305 0964 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:19:35.0332 0964 WdiServiceHost - ok

15:19:35.0360 0964 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:19:35.0378 0964 WdiSystemHost - ok

15:19:35.0917 0964 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

15:19:35.0947 0964 WebClient - ok

15:19:36.0160 0964 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

15:19:36.0217 0964 Wecsvc - ok

15:19:36.0299 0964 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

15:19:36.0338 0964 wercplsupport - ok

15:19:36.0428 0964 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

15:19:36.0467 0964 WerSvc - ok

15:19:36.0568 0964 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:19:36.0605 0964 WfpLwf - ok

15:19:36.0702 0964 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:19:36.0711 0964 WIMMount - ok

15:19:36.0747 0964 WinDefend - ok

15:19:36.0751 0964 WinHttpAutoProxySvc - ok

15:19:36.0847 0964 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

15:19:36.0901 0964 Winmgmt - ok

15:19:37.0146 0964 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

15:19:37.0228 0964 WinRM - ok

15:19:37.0322 0964 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

15:19:37.0369 0964 Wlansvc - ok

15:19:37.0458 0964 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

15:19:37.0470 0964 WmiAcpi - ok

15:19:37.0570 0964 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

15:19:37.0595 0964 wmiApSrv - ok

15:19:37.0795 0964 WMPNetworkSvc - ok

15:19:37.0862 0964 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

15:19:37.0873 0964 WPCSvc - ok

15:19:38.0021 0964 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

15:19:38.0103 0964 WPDBusEnum - ok

15:19:38.0181 0964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:19:38.0218 0964 ws2ifsl - ok

15:19:38.0306 0964 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll

15:19:38.0318 0964 wscsvc - ok

15:19:38.0377 0964 WSearch - ok

15:19:38.0462 0964 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll

15:19:38.0559 0964 wuauserv - ok

15:19:38.0651 0964 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

15:19:38.0706 0964 WudfPf - ok

15:19:38.0842 0964 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:19:38.0880 0964 WUDFRd - ok

15:19:38.0953 0964 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

15:19:39.0004 0964 wudfsvc - ok

15:19:39.0075 0964 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

15:19:39.0104 0964 WwanSvc - ok

15:19:39.0213 0964 yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys

15:19:39.0225 0964 yukonw7 - ok

15:19:39.0261 0964 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

15:19:39.0286 0964 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

15:19:39.0286 0964 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

15:19:40.0053 0964 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

15:19:40.0053 0964 \Device\Harddisk0\DR0 - detected TDSS File System (1)

15:19:40.0084 0964 Boot (0x1200) (1e5b2d3597c22f36553de0839ad50452) \Device\Harddisk0\DR0\Partition0

15:19:40.0085 0964 \Device\Harddisk0\DR0\Partition0 - ok

15:19:40.0100 0964 Boot (0x1200) (682208e969e7c0cfba3cda9b6eded1e2) \Device\Harddisk0\DR0\Partition1

15:19:40.0101 0964 \Device\Harddisk0\DR0\Partition1 - ok

15:19:40.0101 0964 ============================================================

15:19:40.0101 0964 Scan finished

15:19:40.0101 0964 ============================================================

15:19:40.0126 3536 Detected object count: 3

15:19:40.0126 3536 Actual detected object count: 3

15:20:16.0487 3536 Oasis2Service ( UnsignedFile.Multi.Generic ) - skipped by user

15:20:16.0487 3536 Oasis2Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:20:16.0625 3536 \Device\Harddisk0\DR0\# - copied to quarantine

15:20:16.0625 3536 \Device\Harddisk0\DR0 - copied to quarantine

15:20:16.0655 3536 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

15:20:16.0656 3536 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

15:20:16.0660 3536 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

15:20:16.0663 3536 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

15:20:16.0679 3536 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

15:20:16.0685 3536 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

15:20:16.0686 3536 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

15:20:16.0686 3536 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

15:20:16.0688 3536 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

15:20:16.0691 3536 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

15:20:16.0693 3536 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

15:20:16.0709 3536 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

15:20:16.0757 3536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

15:20:16.0757 3536 \Device\Harddisk0\DR0 - ok

15:20:16.0920 3536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

15:20:16.0921 3536 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:20:16.0921 3536 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

[MrCharlie]

Well, a friend of mine was able to rid of the trojan

I don't think so, you're badly infected!

-----------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

[Belcoot]

Done the scan and here's the results

ComboFix 12-04-01.03 - Hernandez 04/02/2012 15:47:25.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6125.3290 [GMT -7:00]

Running from: c:\users\Hernandez\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))

.

.

2012-04-02 22:53 . 2012-04-02 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-02 22:38 . 2012-04-02 22:38 -------- d-----w- c:\programdata\AIM

2012-04-02 22:38 . 2012-04-02 22:38 -------- d-----w- c:\program files (x86)\AIM

2012-04-02 22:38 . 2012-04-02 22:38 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

2012-04-02 22:38 . 2012-04-02 22:38 -------- d-----w- c:\program files (x86)\Common Files\AOL

2012-04-02 22:20 . 2012-04-02 22:20 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-02 21:17 . 2012-04-02 21:17 -------- d-----w- C:\57d5afa02ad90c9d5809830cb981e80a

2012-04-02 20:33 . 2012-04-02 22:44 -------- d-----w- c:\program files\LeagueOfLegends

2012-04-02 20:32 . 2012-04-02 22:32 -------- d-----w- c:\programdata\PMB Files

2012-04-02 20:32 . 2012-04-02 20:32 -------- d-----w- c:\program files (x86)\Pando Networks

2012-04-02 20:04 . 2012-04-02 20:49 -------- d-----w- c:\program files (x86)\World of Warcraft

2012-04-02 20:04 . 2012-04-02 20:05 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment

2012-04-02 20:02 . 2012-04-02 20:05 -------- d-----w- c:\programdata\Blizzard Entertainment

2012-04-02 19:37 . 2011-04-28 03:58 552448 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-04-02 19:37 . 2011-04-28 03:58 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2012-04-02 19:37 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-04-02 19:37 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-04-02 19:37 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-04-01 23:01 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-01 23:01 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-01 23:00 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-04-01 23:00 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-01 23:00 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-04-01 23:00 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-01 23:00 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-04-01 22:59 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-01 22:59 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-04-01 22:59 . 2012-04-01 22:59 -------- d-----w- c:\programdata\AVAST Software

2012-04-01 22:59 . 2012-04-01 22:59 -------- d-----w- c:\program files\AVAST Software

2012-04-01 22:47 . 2012-04-01 22:47 -------- dc-h--w- c:\programdata\{F974CC36-BF25-4374-A035-B0A9DA79E735}

2012-04-01 22:45 . 2012-04-01 22:45 -------- d-----w- c:\windows\SysWow64\Wat

2012-04-01 22:45 . 2012-04-01 22:45 -------- d-----w- c:\windows\system32\Wat

2012-04-01 22:22 . 2012-04-01 22:22 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-04-01 22:22 . 2012-04-01 22:22 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-04-01 22:21 . 2012-04-01 22:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-04-01 22:21 . 2012-04-01 22:21 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-04-01 22:11 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2012-04-01 22:11 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2012-04-01 21:57 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-04-01 21:57 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-04-01 21:57 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-04-01 21:57 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-04-01 21:57 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-04-01 21:57 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-04-01 21:57 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-04-01 21:57 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-04-01 21:57 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-04-01 21:57 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-04-01 21:45 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2012-04-01 21:45 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2012-04-01 21:41 . 2010-11-02 05:23 1198592 ----a-w- c:\windows\system32\taskschd.dll

2012-04-01 21:40 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll

2012-04-01 21:39 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

2012-04-01 21:39 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-04-01 21:38 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll

2012-04-01 21:38 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe

2012-04-01 21:38 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll

2012-04-01 21:38 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe

2012-04-01 20:26 . 2012-04-02 01:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-01 20:26 . 2012-04-02 01:03 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-01 19:59 . 2012-04-01 20:18 -------- d-----w- C:\Usuario Hermandez

2012-04-01 19:49 . 2012-04-01 19:49 -------- d-----w- c:\programdata\blekko toolbars

2012-04-01 19:49 . 2012-04-01 19:49 -------- d-----w- c:\program files (x86)\vafoontoolbar

2012-04-01 19:49 . 2012-04-02 21:34 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor

2012-04-01 19:26 . 2012-04-01 19:26 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-04-01 19:13 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-04-01 19:13 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-04-01 19:13 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-01 19:13 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-04-01 19:13 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-01 19:13 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-01 19:13 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-01 17:14 . 2012-04-01 17:14 952 --sha-w- c:\programdata\KGyGaAvL.sys

2012-04-01 16:51 . 2012-04-01 19:21 -------- d-----w- c:\program files\Symantec

2012-04-01 16:51 . 2012-04-01 19:21 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-04-01 16:51 . 2012-04-01 16:51 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-04-01 16:49 . 2012-04-01 16:49 -------- d-----w- c:\windows\SysWow64\VAIO Startup Setting Tool

2012-04-01 16:49 . 2012-04-01 16:49 -------- d-----w- c:\users\Public\Symantec

2012-04-01 16:48 . 2012-04-01 17:33 -------- d-----w- c:\users\Hernandez

2012-04-01 13:55 . 2012-04-01 13:55 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-04-01 13:54 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2012-04-01 13:54 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2012-04-01 13:53 . 2012-04-01 13:53 -------- d-----w- c:\program files (x86)\Microsoft

2012-04-01 13:53 . 2012-04-01 13:53 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive

2012-04-01 13:53 . 2012-04-01 13:53 -------- d-----w- c:\windows\PCHEALTH

2012-04-01 13:52 . 2012-04-01 13:52 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2012-04-01 13:45 . 2012-04-01 13:46 -------- d-----w- c:\program files\SPHE BD-Live

2012-04-01 13:41 . 2012-04-01 13:41 -------- d-----w- C:\VAIO Sample Contents

2012-04-01 13:09 . 2012-04-01 13:09 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-04-01 13:09 . 2007-07-20 01:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll

2012-04-01 13:04 . 2005-04-27 23:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll

2012-04-01 13:04 . 2003-03-19 05:14 499712 ----a-r- c:\windows\SysWow64\msvcp71.dll

2012-04-01 13:04 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-04-01 13:04 . 1995-07-31 20:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL

2012-04-01 13:04 . 2012-04-01 13:44 -------- d-----w- c:\program files (x86)\ArcSoft

2012-04-01 13:04 . 2012-04-01 13:04 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft

2012-04-01 13:04 . 2009-05-26 21:32 19968 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys

2012-04-01 13:04 . 2008-09-05 00:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll

2012-04-01 13:04 . 2012-04-01 13:04 -------- d-----w- c:\program files (x86)\Evernote

2012-04-01 13:04 . 2012-04-01 13:04 -------- d-----w- c:\programdata\Evernote

2012-04-01 13:03 . 2012-04-01 16:50 -------- d-----w- c:\program files\Sony

2012-04-01 13:02 . 2007-04-17 18:51 14112 ----a-w- c:\windows\system32\drivers\regi.sys

2012-04-01 13:02 . 2012-04-01 13:02 -------- d-----w- c:\program files (x86)\Common Files\InterVideo

2012-04-01 13:00 . 2012-04-01 13:00 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\en-US\LXKPTPRC.DLL.mui

2012-04-01 13:00 . 2012-04-01 13:00 -------- d-----w- C:\Documentation

2012-04-01 13:00 . 2012-04-01 13:00 -------- d-----w- C:\_FS_SWRINFO

2012-04-01 13:00 . 2008-09-25 01:17 114688 ----a-w- c:\program files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll

2012-04-01 13:00 . 2008-09-25 01:17 114688 ----a-w- c:\program files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll

2012-04-01 12:59 . 2012-04-01 12:59 -------- d-----w- c:\users\boinc_master

2012-04-01 12:57 . 2012-04-01 16:50 -------- d-----w- c:\program files (x86)\BOINC

2012-04-01 12:57 . 2012-04-01 16:50 -------- d-----w- c:\programdata\BOINC

2012-04-01 12:57 . 2012-04-01 12:57 -------- d-----w- c:\windows\Downloaded Installations

2012-04-01 12:57 . 2012-04-01 13:55 -------- d-----w- c:\program files (x86)\Windows Live

2012-04-01 12:49 . 2012-04-01 13:57 -------- d-----w- c:\program files (x86)\Sony

2012-04-01 12:48 . 2012-04-01 12:48 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-04-01 12:48 . 2012-04-01 12:48 -------- d-----r- c:\program files (x86)\Skype

2012-04-01 12:48 . 2012-04-01 12:48 -------- d-----w- c:\programdata\Skype

2012-04-01 12:47 . 2012-04-01 12:47 -------- d---a-w- c:\program files\Shutterfly

2012-04-01 12:45 . 2012-04-01 12:45 -------- d-----w- c:\program files\PlayReady

2012-04-01 12:44 . 2012-04-01 12:44 -------- d---a-w- C:\Nobu_Icon

2012-04-01 12:42 . 2012-04-01 21:22 -------- d-----w- c:\windows\system32\drivers\NISx64

2012-04-01 12:42 . 2012-04-01 16:51 -------- d-----w- c:\programdata\Norton

2012-04-01 12:42 . 2012-04-01 12:42 -------- d-----w- c:\program files (x86)\Norton Internet Security

2012-04-01 12:41 . 2012-04-01 12:41 -------- d-----w- c:\program files (x86)\NortonInstaller

2012-04-01 12:39 . 2010-04-21 21:20 33000960 ----a-w- c:\programdata\Microsoft\OEMOffice14\OStarter\en-us\click2run64.msi

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-01 13:00 . 2012-04-01 13:00 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui

2012-04-01 13:00 . 2012-04-01 13:00 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui

2012-04-01 13:00 . 2012-04-01 13:00 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui

2012-04-01 13:00 . 2012-04-01 13:00 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui

2012-04-01 13:00 . 2012-04-01 13:00 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui

2012-04-01 13:00 . 2012-04-01 13:00 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2012-04-01 12:32 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c65d6942-fe75-4ef5-8fe0-20e8a29ecd20}]

2012-03-30 20:11 85288 ----a-w- c:\program files (x86)\vafoontoolbar\mystartblekkotemplateX.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{c65d6942-fe75-4ef5-8fe0-20e8a29ecd20}"= "c:\program files (x86)\vafoontoolbar\mystartblekkotemplateX.dll" [2012-03-30 85288]

.

[HKEY_CLASSES_ROOT\clsid\{c65d6942-fe75-4ef5-8fe0-20e8a29ecd20}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-02-29 4321112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-03-23 217256]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 136176]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2012-04-01 332272]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-17 1157240]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120330.002\IDSvia64.sys [2012-03-30 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-10 53248]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-01 138360]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 12:32]

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 12:32]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2012-04-01 12:32 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://blekkosearch.mystart.com/vafoontoolbar/?source=4744474a&toolbarid=vafoontoolbar&u=20120401564F404DB7EEC09A0D247CB3&tbp=homepage

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Hernandez\AppData\Roaming\Mozilla\Firefox\Profiles\9cxgr5ex.default\

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-02 15:57:37

ComboFix-quarantined-files.txt 2012-04-02 22:57

.

Pre-Run: 543,566,049,280 bytes free

Post-Run: 543,294,234,624 bytes free

.

- - End Of File - - 6C8B340F2AB842638AAD751726E967E9

[MrCharlie]

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

[Belcoot]

No problems found Thank you so much for your help! Here's the results none the less

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.02.10

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Hernandez :: HERNANDEZ-VAIO [administrator]

Protection: Enabled

4/2/2012 4:08:57 PM

mbam-log-2012-04-02 (16-08-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 212459

Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

How's it running now?? MrC

[Belcoot]

Very fast. Not getting any kind virus alerts or anything. No resets either. Computer used to heat up when it was infected and now it's not.

[MrCharlie]

Great!

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall these:

Java™ 6 Update 20

Then download and install the latest version Java™ 6 Update 31.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.