Trojan.agent infection

[cestmoi1337]

Hello all,

I have a laptop with 64bit Windows 7. I started observing random advertisements and ran Malwarebytes and the svchost file using a lot of cpu power. The results were that I had an infection with trojan.agent. I tried to clean it but it comes back all the time, either as trojan.agent or trojanproxy.agent. Please help.

Attached are the dds.txt and attach files as well as a hijackthis log.

Any help will be greatly appreciated.

Thanks in advance,

Gus

Sorry for attaching the logs.

This is the DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by ccaracciolo at 11:03:08 on 2012-03-30

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3032.1658 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\explorer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://m.www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100312,6687,0,8,0

uWindow Title = Microsoft Internet Explorer provided by IN)Range Systems

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Windows\SysWOW64\StopzillaBHO.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [<NO NAME>]

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

dRun: [4Y3Y0C3A1V0FUXUGPXMSQPMVDIRKALS] C:\RBin\0A50B4EE035.exe /q

StartupFolder: C:\Users\CCARAC~1\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe

uPolicies-system: HideLegacyLogonScripts = 1 (0x1)

uPolicies-system: HideLogonScripts = 1 (0x1)

uPolicies-system: HideLogoffScripts = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-explorer: HideSCAHealth = 1 (0x1)

dPolicies-system: HideLegacyLogonScripts = 1 (0x1)

dPolicies-system: HideLogonScripts = 1 (0x1)

dPolicies-system: HideLogoffScripts = 1 (0x1)

IE: &Search

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: mswsock.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.1.2.20 10.1.2.19

TCP: Interfaces\{5698B770-A4CA-4C7F-AA8B-E31DCCABBCD9} : DhcpNameServer = 4.2.2.1 4.2.2.2

TCP: Interfaces\{F3BE685E-EDAE-4531-B1A6-A3CA0E1C4EF8} : DhcpNameServer = 10.1.2.20 10.1.2.19

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: STOPzilla Browser Helper Object: {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Windows\SysWOW64\StopzillaBHO.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [(Default)]

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\ccaracciolo\Application Data\Mozilla\Firefox\Profiles\8zycntl7.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-4-1 2440120]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-23 136824]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Device Manager;Device Manager;C:\Windows\System32\config\systemprofile\AppData\Roaming\devicemgrsvc.bat [2012-3-28 120]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-25 136176]

S2 STOPzilla Local Service;STOPzilla Local Service;C:\Program Files (x86)\STOPzilla!\SZNTSvc.exe /service "STOPzilla Local Service" --> C:\Program Files (x86)\STOPzilla!\SZNTSvc.exe [?]

S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2010-7-27 121416]

S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2010-7-27 125512]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-25 136176]

S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]

S3 Ser2rs;Radioshack USB to Serial Driver;C:\Windows\system32\DRIVERS\ser2rs64.sys --> C:\Windows\system32\DRIVERS\ser2rs64.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);C:\Windows\system32\DRIVERS\swnc8u80.sys --> C:\Windows\system32\DRIVERS\swnc8u80.sys [?]

S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);C:\Windows\system32\DRIVERS\swumx80.sys --> C:\Windows\system32\DRIVERS\swumx80.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

SUnknown SPService;SPService; [x]

.

=============== Created Last 30 ================

.

2012-03-30 14:11:58 -------- d-----w- C:\Program Files (x86)\STOPzilla!

2012-03-30 13:17:39 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2012-03-29 21:24:31 -------- d-----w- C:\Program Files\STOPzilla!

2012-03-29 19:35:22 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys

2012-03-29 19:01:36 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-29 18:51:29 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd

2012-03-29 17:57:59 -------- d-----w- C:\Program Files\CCleaner

2012-03-29 15:10:34 20480 ----a-w- C:\Windows\backupsvchostbackup.exe

2012-03-27 18:29:48 -------- d-----w- C:\ProgramData\F4D55F3B000435DB03318318A6014588

2012-03-27 18:28:10 -------- d-----we C:\Windows\system64

2012-03-27 18:27:16 99328 ----a-w- C:\Windows\System32\compgMgr64.dll

2012-03-27 18:27:16 88064 ----a-w- C:\Windows\SysWow64\compgMgr.dll

2012-03-26 21:41:31 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2012-03-23 18:43:37 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-23 18:43:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-23 18:31:24 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-03-23 18:31:24 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-03-20 18:19:06 -------- d-----w- C:\Program Files (x86)\Citrix

2012-03-20 18:17:35 60304 ----a-w- C:\Users\ccaracciolo\g2mdlhlpx.exe

2012-03-19 14:50:34 -------- d-----w- C:\Program Files\iPod

2012-03-19 14:50:33 -------- d-----w- C:\Program Files\iTunes

2012-03-19 14:50:33 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M ====================

.

2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-01-19 14:22:08 45936 ----a-r- C:\Windows\System32\SBBD.EXE

.

============= FINISH: 11:04:38.72 ===============

This is the Attach log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/23/2011 6:46:05 AM

System Uptime: 3/30/2012 10:43:20 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0G848F

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 213 GiB total, 158.204 GiB free.

D: is FIXED (NTFS) - 20 GiB total, 11.674 GiB free.

E: is CDROM ()

F: is CDROM (CDFS)

G: is Removable

M: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter for 64-bit Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter for 64-bit Windows

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.1)

Amazon Kindle

Apple Application Support

Apple Software Update

Brother Driver Deployment Wizard

Cisco IP Communicator

Click to Call with Skype

Driver Detective

Dropbox

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.1.0.880

Java Auto Updater

Java 6 Update 26

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Mozilla Firefox 4.0.1 (x86 en-US)

QuickTime

RadioShack USB to Serial Driver

Revo Uninstaller 1.93

Safari

Skype™ 5.5

SolidWorks eDrawings 2011

Spybot - Search & Destroy

Stamps.com

Stamps.com Address Book Support for Microsoft Outlook 97-2010

Stamps.com support for Microsoft Outlook 97-2010

VLC media player 1.1.9

.

==== Event Viewer Messages From Past Week ========

.

3/30/2012 9:55:58 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/30/2012 9:55:58 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/30/2012 9:55:13 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 9:55:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/30/2012 9:55:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/30/2012 9:55:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/30/2012 9:55:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/30/2012 9:55:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/30/2012 9:55:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/30/2012 9:54:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl luafv NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSP SRTSPX tcpipBM tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

3/30/2012 9:54:55 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 9:54:55 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/30/2012 9:54:55 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 9:54:55 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 9:54:55 AM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 9:54:55 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 9:54:49 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/30/2012 9:54:49 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

3/30/2012 9:54:49 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 9:54:49 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/30/2012 9:54:49 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/30/2012 11:02:11 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

3/30/2012 10:43:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: luafv

3/30/2012 10:43:49 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

3/30/2012 10:43:48 AM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.

3/30/2012 10:43:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Device Manager service to connect.

3/30/2012 10:43:45 AM, Error: Service Control Manager [7000] - The STOPzilla Local Service service failed to start due to the following error: The system cannot find the file specified.

3/30/2012 10:12:34 AM, Error: Service Control Manager [7030] - The STOPzilla Local Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/29/2012 9:42:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002adc79f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032912-46457-01.

3/29/2012 9:36:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002aac08a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032912-29858-01.

3/29/2012 9:32:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80001e6a797, 0x0000000000000000, 0x000000007ef90000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032912-35505-01.

3/29/2012 2:54:31 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

3/29/2012 2:54:31 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/29/2012 2:52:05 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

3/29/2012 2:52:05 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

3/29/2012 2:43:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl luafv NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tcpipBM tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

3/29/2012 2:09:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

3/29/2012 11:46:20 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

3/29/2012 11:29:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl luafv spldr SRTSP SRTSPX Wanarpv6

3/29/2012 1:55:35 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/29/2012 1:55:34 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/28/2012 4:57:02 PM, Error: Service Control Manager [7030] - The Device Manager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/28/2012 4:45:50 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Symantec Endpoint Protection service, but this action failed with the following error: An instance of the service is already running.

3/28/2012 4:45:41 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

3/28/2012 4:45:41 PM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.

3/28/2012 4:45:40 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

3/28/2012 4:45:40 PM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

3/28/2012 3:02:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80001e62797, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032812-40513-01.

3/27/2012 3:56:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

3/27/2012 2:40:18 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.

3/27/2012 2:34:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002d6a32a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-34694-01.

3/27/2012 2:17:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

3/27/2012 2:17:01 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/27/2012 10:05:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ab1797, 0x0000000000000000, 0x000000007ef90000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-30201-01.

3/26/2012 8:51:35 AM, Error: NetBT [4321] - The name "INRANGE :1d" could not be registered on the interface with IP address 10.1.2.98. The computer with the IP address 10.1.2.20 did not allow the name to be claimed by this computer.

3/26/2012 5:44:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ab1797, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032612-29437-01.

3/26/2012 5:40:49 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/23/2012 2:34:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

3/23/2012 2:34:27 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/23/2012 2:34:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

3/23/2012 10:11:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

3/23/2012 10:11:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

3/23/2012 10:11:17 AM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

and this is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:52:24 AM, on 3/30/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Users\ccaracciolo\Desktop\HijackThis.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100312,6687,0,8,0

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by IN)Range Systems

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Windows\SysWOW64\StopzillaBHO.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKUS\S-1-5-18\..\Run: [4Y3Y0C3A1V0FUXUGPXMSQPMVDIRKALS] C:\RBin\0A50B4EE035.exe /q (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [4Y3Y0C3A1V0FUXUGPXMSQPMVDIRKALS] C:\RBin\0A50B4EE035.exe /q (User 'Default user')

O4 - Startup: Dropbox.lnk = C:\Users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inrange.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = inrange.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = inrange.local

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: AT&T Con App Svc (CAATT) - SmithMicro Inc. - C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Device Manager - Unknown owner - C:\Windows\System32\config\systemprofile\AppData\Roaming\devicemgrsvc.bat (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files (x86)\STOPzilla!\SZNTSvc.exe (file missing)

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9434 bytes

Attach.txt

DDS.txt

hijackthis.log

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

[cestmoi1337]

Thank for your help MrCharlie!

I followed your instructions and this is the report:

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: ccaracciolo [Admin rights]

Mode: Scan -- Date: 04/02/2012 09:43:17

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] sys32\consrv.dll present!

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-75A23T0 ATA Device +++++

--- User ---

[MBR] d33edfe67ab1a03c3937bdb8a311678b

[bSP] 81b7824b68ee6103ca78272c99caf828 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 217990 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 446445568 | Size: 20482 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[9].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

[MrCharlie]

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] sys32\consrv.dll present!

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......

• There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
  
• There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
  
• I strongly suggest you back up all of the important items on the system before we continue.
  

Please let me know you have read this and agree to it.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

--------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

[cestmoi1337]

I decided to go with the cleaning. I ran TDSSKiller and this is a screen print of the results of the scan. There is no option to CURE.

Please advise.

[MrCharlie]

The second one shown > Backdoor.Multi.ZAccess.gen should be cured.

MrC

[cestmoi1337]

There is not an option to cure, only to delete, but the instructions say not to use delete unless instructed.

Thanks

Gus

[MrCharlie]

Choose Delete, post the log when done, MrC

[cestmoi1337]

MrC,

I ran the tool and the report follows. I re-ran it after rebooting but I still get the same results, the thing is still there. Please advise.

11:10:16.0618 2648 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48

11:10:16.0680 2648 ============================================================

11:10:16.0680 2648 Current date / time: 2012/04/02 11:10:16.0680

11:10:16.0680 2648 SystemInfo:

11:10:16.0680 2648

11:10:16.0680 2648 OS Version: 6.1.7600 ServicePack: 0.0

11:10:16.0680 2648 Product type: Workstation

11:10:16.0680 2648 ComputerName: CCARACCIOLO1

11:10:16.0680 2648 UserName: ccaracciolo

11:10:16.0680 2648 Windows directory: C:\Windows

11:10:16.0680 2648 System windows directory: C:\Windows

11:10:16.0680 2648 Running under WOW64

11:10:16.0680 2648 Processor architecture: Intel x64

11:10:16.0680 2648 Number of processors: 2

11:10:16.0680 2648 Page size: 0x1000

11:10:16.0680 2648 Boot type: Normal boot

11:10:16.0680 2648 ============================================================

11:10:16.0930 2648 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:10:16.0945 2648 \Device\Harddisk0\DR0:

11:10:16.0945 2648 MBR used

11:10:16.0945 2648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1A9C3000

11:10:16.0945 2648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A9C3800, BlocksNum 0x2801000

11:10:17.0023 2648 Initialize success

11:10:17.0023 2648 ============================================================

11:10:31.0127 1784 ============================================================

11:10:31.0127 1784 Scan started

11:10:31.0127 1784 Mode: Manual; SigCheck; TDLFS;

11:10:31.0127 1784 ============================================================

11:10:32.0281 1784 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

11:10:32.0343 1784 1394ohci - ok

11:10:32.0468 1784 69158801 (ccde590a195cb3a02fb0bfd787ce7ac5) C:\Windows\system32\drivers\84381709.sys

11:10:32.0749 1784 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

11:10:32.0780 1784 ACPI - ok

11:10:33.0014 1784 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

11:10:33.0030 1784 AcpiPmi - ok

11:10:33.0139 1784 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

11:10:33.0155 1784 AdobeARMservice - ok

11:10:33.0295 1784 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

11:10:33.0311 1784 adp94xx - ok

11:10:33.0435 1784 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

11:10:33.0451 1784 adpahci - ok

11:10:33.0498 1784 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

11:10:33.0513 1784 adpu320 - ok

11:10:33.0560 1784 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:10:33.0607 1784 AeLookupSvc - ok

11:10:33.0685 1784 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

11:10:33.0716 1784 AFD - ok

11:10:33.0857 1784 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

11:10:33.0872 1784 agp440 - ok

11:10:33.0981 1784 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:10:33.0997 1784 ALG - ok

11:10:34.0122 1784 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

11:10:34.0122 1784 aliide - ok

11:10:34.0247 1784 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

11:10:34.0262 1784 amdide - ok

11:10:34.0293 1784 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

11:10:34.0309 1784 AmdK8 - ok

11:10:34.0325 1784 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

11:10:34.0340 1784 AmdPPM - ok

11:10:34.0371 1784 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

11:10:34.0387 1784 amdsata - ok

11:10:34.0496 1784 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

11:10:34.0512 1784 amdsbs - ok

11:10:34.0543 1784 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

11:10:34.0559 1784 amdxata - ok

11:10:34.0668 1784 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

11:10:34.0683 1784 AppID - ok

11:10:34.0715 1784 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:10:34.0746 1784 AppIDSvc - ok

11:10:34.0839 1784 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

11:10:34.0855 1784 Appinfo - ok

11:10:34.0980 1784 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:10:34.0995 1784 Apple Mobile Device - ok

11:10:35.0105 1784 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

11:10:35.0136 1784 AppMgmt - ok

11:10:35.0198 1784 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

11:10:35.0214 1784 arc - ok

11:10:35.0323 1784 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

11:10:35.0339 1784 arcsas - ok

11:10:35.0370 1784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:10:35.0401 1784 AsyncMac - ok

11:10:35.0510 1784 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

11:10:35.0526 1784 atapi - ok

11:10:35.0619 1784 ATTRcAppSvc (3087cca13c80fe8596baa50fa5f63a2f) C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe

11:10:35.0666 1784 ATTRcAppSvc - ok

11:10:35.0775 1784 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

11:10:35.0822 1784 AudioEndpointBuilder - ok

11:10:35.0838 1784 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

11:10:35.0885 1784 AudioSrv - ok

11:10:35.0994 1784 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

11:10:36.0009 1784 AxInstSV - ok

11:10:36.0087 1784 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

11:10:36.0103 1784 b06bdrv - ok

11:10:36.0228 1784 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:10:36.0259 1784 b57nd60a - ok

11:10:36.0353 1784 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys

11:10:36.0415 1784 BCM43XX - ok

11:10:36.0493 1784 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:10:36.0509 1784 BDESVC - ok

11:10:36.0618 1784 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:10:36.0649 1784 Beep - ok

11:10:36.0696 1784 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

11:10:36.0758 1784 BITS - ok

11:10:36.0805 1784 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:10:36.0821 1784 blbdrive - ok

11:10:36.0945 1784 BMLoad (98ba874a59481d50916febcb472fe69f) C:\Windows\system32\drivers\BMLoad.sys

11:10:36.0977 1784 BMLoad ( UnsignedFile.Multi.Generic ) - warning

11:10:36.0977 1784 BMLoad - detected UnsignedFile.Multi.Generic (1)

11:10:37.0117 1784 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

11:10:37.0133 1784 Bonjour Service - ok

11:10:37.0243 1784 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

11:10:37.0258 1784 bowser - ok

11:10:37.0290 1784 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

11:10:37.0305 1784 BrFiltLo - ok

11:10:37.0321 1784 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

11:10:37.0336 1784 BrFiltUp - ok

11:10:37.0477 1784 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

11:10:37.0524 1784 BridgeMP - ok

11:10:37.0555 1784 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

11:10:37.0602 1784 Browser - ok

11:10:37.0664 1784 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:10:37.0680 1784 Brserid - ok

11:10:37.0695 1784 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:10:37.0711 1784 BrSerWdm - ok

11:10:37.0742 1784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:10:37.0758 1784 BrUsbMdm - ok

11:10:37.0758 1784 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:10:37.0773 1784 BrUsbSer - ok

11:10:37.0804 1784 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

11:10:37.0820 1784 BTHMODEM - ok

11:10:37.0867 1784 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:10:37.0898 1784 bthserv - ok

11:10:38.0054 1784 CAATT (2ffe4d9dc77bfc9420b424836eede965) C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe

11:10:38.0070 1784 CAATT - ok

11:10:38.0163 1784 ccEvtMgr (4aa730bb7b79b7ba70b1e30acf97d6ab) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

11:10:38.0163 1784 ccEvtMgr - ok

11:10:38.0179 1784 ccSetMgr (4aa730bb7b79b7ba70b1e30acf97d6ab) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

11:10:38.0179 1784 ccSetMgr - ok

11:10:38.0304 1784 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:10:38.0335 1784 cdfs - ok

11:10:38.0460 1784 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

11:10:38.0475 1784 cdrom - ok

11:10:38.0584 1784 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

11:10:38.0631 1784 CertPropSvc - ok

11:10:38.0772 1784 Cinemsup (5f22132c9153639762708909f156b33d) C:\Windows\system32\TcUsb.dll

11:10:38.0772 1784 Cinemsup ( Backdoor.Multi.ZAccess.gen ) - infected

11:10:38.0772 1784 Cinemsup - detected Backdoor.Multi.ZAccess.gen (0)

11:10:38.0896 1784 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

11:10:38.0912 1784 circlass - ok

11:10:39.0037 1784 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:10:39.0052 1784 CLFS - ok

11:10:39.0162 1784 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:10:39.0162 1784 clr_optimization_v2.0.50727_32 - ok

11:10:39.0208 1784 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:10:39.0224 1784 clr_optimization_v2.0.50727_64 - ok

11:10:39.0333 1784 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:10:39.0349 1784 clr_optimization_v4.0.30319_32 - ok

11:10:39.0442 1784 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:10:39.0442 1784 clr_optimization_v4.0.30319_64 - ok

11:10:39.0536 1784 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

11:10:39.0552 1784 CmBatt - ok

11:10:39.0567 1784 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

11:10:39.0567 1784 cmdide - ok

11:10:39.0598 1784 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

11:10:39.0630 1784 CNG - ok

11:10:39.0708 1784 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

11:10:39.0723 1784 Compbatt - ok

11:10:39.0848 1784 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

11:10:39.0864 1784 CompositeBus - ok

11:10:39.0879 1784 COMSysApp - ok

11:10:39.0910 1784 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

11:10:39.0910 1784 crcdisk - ok

11:10:40.0004 1784 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

11:10:40.0051 1784 CryptSvc - ok

11:10:40.0098 1784 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

11:10:40.0129 1784 CSC - ok

11:10:40.0144 1784 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll

11:10:40.0176 1784 CscService - ok

11:10:40.0222 1784 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

11:10:40.0238 1784 CVirtA - ok

11:10:40.0363 1784 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

11:10:40.0394 1784 CVPND - ok

11:10:40.0519 1784 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

11:10:40.0550 1784 CVPNDRVA - ok

11:10:40.0597 1784 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

11:10:40.0644 1784 DcomLaunch - ok

11:10:40.0675 1784 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:10:40.0706 1784 defragsvc - ok

11:10:40.0831 1784 Device Manager - ok

11:10:40.0878 1784 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

11:10:40.0924 1784 DfsC - ok

11:10:41.0049 1784 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

11:10:41.0065 1784 Dhcp - ok

11:10:41.0127 1784 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:10:41.0158 1784 discache - ok

11:10:41.0174 1784 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

11:10:41.0190 1784 Disk - ok

11:10:41.0236 1784 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

11:10:41.0252 1784 DNE - ok

11:10:41.0361 1784 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

11:10:41.0377 1784 Dnscache - ok

11:10:41.0486 1784 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

11:10:41.0533 1784 dot3svc - ok

11:10:41.0564 1784 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

11:10:41.0595 1784 DPS - ok

11:10:41.0642 1784 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:10:41.0658 1784 drmkaud - ok

11:10:41.0782 1784 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

11:10:41.0814 1784 DXGKrnl - ok

11:10:41.0907 1784 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:10:41.0954 1784 EapHost - ok

11:10:42.0063 1784 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

11:10:42.0110 1784 ebdrv - ok

11:10:42.0251 1784 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

11:10:42.0282 1784 eeCtrl - ok

11:10:42.0375 1784 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe

11:10:42.0407 1784 EFS - ok

11:10:42.0453 1784 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

11:10:42.0469 1784 ehRecvr - ok

11:10:42.0516 1784 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:10:42.0531 1784 ehSched - ok

11:10:42.0594 1784 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

11:10:42.0625 1784 elxstor - ok

11:10:42.0734 1784 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

11:10:42.0750 1784 EraserUtilRebootDrv - ok

11:10:42.0859 1784 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

11:10:42.0859 1784 ErrDev - ok

11:10:42.0921 1784 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:10:42.0968 1784 EventSystem - ok

11:10:43.0015 1784 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:10:43.0062 1784 exfat - ok

11:10:43.0077 1784 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:10:43.0124 1784 fastfat - ok

11:10:43.0202 1784 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

11:10:43.0233 1784 Fax - ok

11:10:43.0280 1784 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

11:10:43.0296 1784 fdc - ok

11:10:43.0327 1784 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:10:43.0358 1784 fdPHost - ok

11:10:43.0389 1784 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:10:43.0436 1784 FDResPub - ok

11:10:43.0483 1784 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:10:43.0499 1784 FileInfo - ok

11:10:43.0514 1784 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:10:43.0561 1784 Filetrace - ok

11:10:43.0577 1784 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

11:10:43.0592 1784 flpydisk - ok

11:10:43.0623 1784 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

11:10:43.0639 1784 FltMgr - ok

11:10:43.0686 1784 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll

11:10:43.0717 1784 FontCache - ok

11:10:43.0795 1784 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:10:43.0795 1784 FontCache3.0.0.0 - ok

11:10:43.0935 1784 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:10:43.0951 1784 FsDepends - ok

11:10:44.0154 1784 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

11:10:44.0154 1784 Fs_Rec - ok

11:10:44.0263 1784 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:10:44.0279 1784 fvevol - ok

11:10:44.0310 1784 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

11:10:44.0325 1784 gagp30kx - ok

11:10:44.0372 1784 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:10:44.0388 1784 GEARAspiWDM - ok

11:10:44.0435 1784 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

11:10:44.0450 1784 gpsvc - ok

11:10:44.0528 1784 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:10:44.0528 1784 gupdate - ok

11:10:44.0544 1784 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:10:44.0559 1784 gupdatem - ok

11:10:44.0653 1784 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:10:44.0669 1784 hcw85cir - ok

11:10:44.0731 1784 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

11:10:44.0747 1784 HdAudAddService - ok

11:10:44.0856 1784 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:10:44.0871 1784 HDAudBus - ok

11:10:44.0903 1784 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

11:10:44.0918 1784 HidBatt - ok

11:10:44.0934 1784 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

11:10:44.0949 1784 HidBth - ok

11:10:44.0965 1784 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

11:10:44.0996 1784 HidIr - ok

11:10:45.0012 1784 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

11:10:45.0059 1784 hidserv - ok

11:10:45.0183 1784 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

11:10:45.0199 1784 HidUsb - ok

11:10:45.0215 1784 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

11:10:45.0261 1784 hkmsvc - ok

11:10:45.0277 1784 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

11:10:45.0293 1784 HomeGroupListener - ok

11:10:45.0324 1784 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

11:10:45.0355 1784 HomeGroupProvider - ok

11:10:45.0386 1784 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

11:10:45.0402 1784 HpSAMD - ok

11:10:45.0511 1784 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

11:10:45.0558 1784 HTTP - ok

11:10:45.0589 1784 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

11:10:45.0605 1784 hwpolicy - ok

11:10:45.0683 1784 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

11:10:45.0698 1784 i8042prt - ok

11:10:45.0854 1784 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

11:10:45.0870 1784 iaStorV - ok

11:10:45.0963 1784 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:10:45.0979 1784 idsvc - ok

11:10:46.0229 1784 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys

11:10:46.0369 1784 igfx - ok

11:10:46.0463 1784 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

11:10:46.0478 1784 iirsp - ok

11:10:46.0603 1784 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

11:10:46.0665 1784 IKEEXT - ok

11:10:46.0728 1784 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

11:10:46.0743 1784 intelide - ok

11:10:46.0837 1784 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:10:46.0837 1784 intelppm - ok

11:10:46.0884 1784 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:10:46.0915 1784 IPBusEnum - ok

11:10:46.0977 1784 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:10:47.0024 1784 IpFilterDriver - ok

11:10:47.0165 1784 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

11:10:47.0211 1784 iphlpsvc - ok

11:10:47.0274 1784 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

11:10:47.0289 1784 IPMIDRV - ok

11:10:47.0336 1784 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:10:47.0367 1784 IPNAT - ok

11:10:47.0477 1784 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe

11:10:47.0492 1784 iPod Service - ok

11:10:47.0601 1784 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:10:47.0617 1784 IRENUM - ok

11:10:47.0633 1784 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

11:10:47.0648 1784 isapnp - ok

11:10:47.0664 1784 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

11:10:47.0679 1784 iScsiPrt - ok

11:10:47.0711 1784 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:10:47.0726 1784 kbdclass - ok

11:10:47.0742 1784 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

11:10:47.0757 1784 kbdhid - ok

11:10:47.0789 1784 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

11:10:47.0804 1784 KeyIso - ok

11:10:47.0867 1784 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

11:10:47.0882 1784 KSecDD - ok

11:10:47.0945 1784 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

11:10:47.0960 1784 KSecPkg - ok

11:10:47.0976 1784 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:10:48.0023 1784 ksthunk - ok

11:10:48.0054 1784 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:10:48.0116 1784 KtmRm - ok

11:10:48.0225 1784 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll

11:10:48.0241 1784 LanmanServer - ok

11:10:48.0288 1784 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

11:10:48.0319 1784 LanmanWorkstation - ok

11:10:48.0475 1784 LiveUpdate (6293e44f4aa06f7fcda06f4b07cdc0c2) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

11:10:48.0522 1784 LiveUpdate - ok

11:10:48.0647 1784 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:10:48.0693 1784 lltdio - ok

11:10:48.0725 1784 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:10:48.0771 1784 lltdsvc - ok

11:10:48.0787 1784 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:10:48.0834 1784 lmhosts - ok

11:10:48.0881 1784 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

11:10:48.0896 1784 LSI_FC - ok

11:10:48.0912 1784 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

11:10:48.0927 1784 LSI_SAS - ok

11:10:48.0943 1784 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

11:10:48.0943 1784 LSI_SAS2 - ok

11:10:48.0959 1784 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

11:10:48.0974 1784 LSI_SCSI - ok

11:10:49.0005 1784 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:10:49.0052 1784 luafv - ok

11:10:49.0083 1784 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

11:10:49.0099 1784 Mcx2Svc - ok

11:10:49.0146 1784 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

11:10:49.0161 1784 megasas - ok

11:10:49.0224 1784 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

11:10:49.0239 1784 MegaSR - ok

11:10:49.0271 1784 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:10:49.0317 1784 MMCSS - ok

11:10:49.0364 1784 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:10:49.0395 1784 Modem - ok

11:10:49.0473 1784 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:10:49.0489 1784 monitor - ok

11:10:49.0520 1784 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:10:49.0536 1784 mouclass - ok

11:10:49.0645 1784 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:10:49.0661 1784 mouhid - ok

11:10:49.0692 1784 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

11:10:49.0692 1784 mountmgr - ok

11:10:49.0723 1784 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

11:10:49.0739 1784 mpio - ok

11:10:49.0754 1784 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:10:49.0785 1784 mpsdrv - ok

11:10:49.0817 1784 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

11:10:49.0832 1784 MRxDAV - ok

11:10:49.0863 1784 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:10:49.0879 1784 mrxsmb - ok

11:10:49.0895 1784 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:10:49.0910 1784 mrxsmb10 - ok

11:10:49.0941 1784 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:10:49.0957 1784 mrxsmb20 - ok

11:10:50.0004 1784 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

11:10:50.0019 1784 msahci - ok

11:10:50.0035 1784 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

11:10:50.0051 1784 msdsm - ok

11:10:50.0082 1784 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:10:50.0097 1784 MSDTC - ok

11:10:50.0191 1784 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:10:50.0222 1784 Msfs - ok

11:10:50.0238 1784 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:10:50.0285 1784 mshidkmdf - ok

11:10:50.0300 1784 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

11:10:50.0316 1784 msisadrv - ok

11:10:50.0363 1784 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:10:50.0409 1784 MSiSCSI - ok

11:10:50.0409 1784 msiserver - ok

11:10:50.0472 1784 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:10:50.0503 1784 MSKSSRV - ok

11:10:50.0550 1784 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:10:50.0581 1784 MSPCLOCK - ok

11:10:50.0597 1784 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:10:50.0643 1784 MSPQM - ok

11:10:50.0675 1784 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

11:10:50.0690 1784 MsRPC - ok

11:10:50.0721 1784 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

11:10:50.0721 1784 mssmbios - ok

11:10:50.0768 1784 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:10:50.0799 1784 MSTEE - ok

11:10:50.0815 1784 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

11:10:50.0831 1784 MTConfig - ok

11:10:50.0862 1784 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:10:50.0862 1784 Mup - ok

11:10:50.0909 1784 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

11:10:50.0940 1784 napagent - ok

11:10:51.0065 1784 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:10:51.0080 1784 NativeWifiP - ok

11:10:51.0221 1784 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110524.035\ENG64.SYS

11:10:51.0252 1784 NAVENG - ok

11:10:51.0299 1784 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110524.035\EX64.SYS

11:10:51.0345 1784 NAVEX15 - ok

11:10:51.0455 1784 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

11:10:51.0486 1784 NDIS - ok

11:10:51.0579 1784 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:10:51.0626 1784 NdisCap - ok

11:10:51.0657 1784 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:10:51.0689 1784 NdisTapi - ok

11:10:51.0720 1784 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

11:10:51.0767 1784 Ndisuio - ok

11:10:51.0782 1784 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

11:10:51.0813 1784 NdisWan - ok

11:10:51.0860 1784 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

11:10:51.0891 1784 NDProxy - ok

11:10:52.0001 1784 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:10:52.0032 1784 NetBIOS - ok

11:10:52.0063 1784 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

11:10:52.0094 1784 NetBT - ok

11:10:52.0141 1784 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

11:10:52.0157 1784 Netlogon - ok

11:10:52.0203 1784 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:10:52.0250 1784 Netman - ok

11:10:52.0281 1784 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:10:52.0313 1784 netprofm - ok

11:10:52.0391 1784 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:10:52.0406 1784 NetTcpPortSharing - ok

11:10:52.0469 1784 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

11:10:52.0469 1784 nfrd960 - ok

11:10:52.0562 1784 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

11:10:52.0609 1784 NlaSvc - ok

11:10:52.0640 1784 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:10:52.0687 1784 Npfs - ok

11:10:52.0718 1784 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:10:52.0749 1784 nsi - ok

11:10:52.0796 1784 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:10:52.0827 1784 nsiproxy - ok

11:10:52.0874 1784 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

11:10:52.0905 1784 Ntfs - ok

11:10:52.0937 1784 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:10:52.0968 1784 Null - ok

11:10:52.0999 1784 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

11:10:52.0999 1784 nvraid - ok

11:10:53.0030 1784 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

11:10:53.0046 1784 nvstor - ok

11:10:53.0061 1784 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

11:10:53.0077 1784 nv_agp - ok

11:10:53.0202 1784 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

11:10:53.0217 1784 odserv - ok

11:10:53.0327 1784 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

11:10:53.0342 1784 ohci1394 - ok

11:10:53.0420 1784 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:10:53.0420 1784 ose - ok

11:10:53.0545 1784 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:10:53.0561 1784 p2pimsvc - ok

11:10:53.0592 1784 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:10:53.0607 1784 p2psvc - ok

11:10:53.0654 1784 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:10:53.0670 1784 Parport - ok

11:10:53.0701 1784 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

11:10:53.0701 1784 partmgr - ok

11:10:53.0763 1784 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:10:53.0779 1784 PcaSvc - ok

11:10:53.0810 1784 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

11:10:53.0826 1784 pci - ok

11:10:53.0841 1784 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

11:10:53.0857 1784 pciide - ok

11:10:53.0888 1784 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

11:10:53.0904 1784 pcmcia - ok

11:10:54.0029 1784 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS

11:10:54.0060 1784 PCTINDIS5X64 - ok

11:10:54.0107 1784 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:10:54.0107 1784 pcw - ok

11:10:54.0138 1784 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:10:54.0185 1784 PEAUTH - ok

11:10:54.0247 1784 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

11:10:54.0278 1784 PeerDistSvc - ok

11:10:54.0387 1784 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:10:54.0403 1784 PerfHost - ok

11:10:54.0497 1784 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

11:10:54.0559 1784 pla - ok

11:10:54.0606 1784 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll

11:10:54.0637 1784 PlugPlay - ok

11:10:54.0746 1784 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:10:54.0762 1784 PNRPAutoReg - ok

11:10:54.0793 1784 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:10:54.0809 1784 PNRPsvc - ok

11:10:54.0840 1784 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

11:10:54.0887 1784 PolicyAgent - ok

11:10:54.0933 1784 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:10:54.0965 1784 Power - ok

11:10:55.0074 1784 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

11:10:55.0105 1784 PptpMiniport - ok

11:10:55.0136 1784 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

11:10:55.0152 1784 Processor - ok

11:10:55.0199 1784 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

11:10:55.0245 1784 ProfSvc - ok

11:10:55.0277 1784 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

11:10:55.0292 1784 ProtectedStorage - ok

11:10:55.0355 1784 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

11:10:55.0386 1784 Psched - ok

11:10:55.0526 1784 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

11:10:55.0557 1784 ql2300 - ok

11:10:55.0573 1784 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

11:10:55.0589 1784 ql40xx - ok

11:10:55.0635 1784 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:10:55.0651 1784 QWAVE - ok

11:10:55.0698 1784 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:10:55.0729 1784 QWAVEdrv - ok

11:10:55.0745 1784 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:10:55.0776 1784 RasAcd - ok

11:10:55.0901 1784 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:10:55.0932 1784 RasAgileVpn - ok

11:10:55.0979 1784 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:10:56.0010 1784 RasAuto - ok

11:10:56.0072 1784 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:10:56.0103 1784 Rasl2tp - ok

11:10:56.0197 1784 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

11:10:56.0244 1784 RasMan - ok

11:10:56.0291 1784 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:10:56.0322 1784 RasPppoe - ok

11:10:56.0415 1784 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:10:56.0462 1784 RasSstp - ok

11:10:56.0478 1784 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

11:10:56.0509 1784 rdbss - ok

11:10:56.0540 1784 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:10:56.0556 1784 rdpbus - ok

11:10:56.0571 1784 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:10:56.0603 1784 RDPCDD - ok

11:10:56.0649 1784 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

11:10:56.0665 1784 RDPDR - ok

11:10:56.0696 1784 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:10:56.0743 1784 RDPENCDD - ok

11:10:56.0805 1784 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:10:56.0852 1784 RDPREFMP - ok

11:10:56.0883 1784 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

11:10:56.0915 1784 RDPWD - ok

11:10:56.0946 1784 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

11:10:56.0961 1784 rdyboost - ok

11:10:57.0055 1784 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:10:57.0102 1784 RemoteAccess - ok

11:10:57.0133 1784 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:10:57.0164 1784 RemoteRegistry - ok

11:10:57.0227 1784 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

11:10:57.0242 1784 RimVSerPort - ok

11:10:57.0289 1784 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

11:10:57.0336 1784 ROOTMODEM - ok

11:10:57.0383 1784 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:10:57.0414 1784 RpcEptMapper - ok

11:10:57.0461 1784 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:10:57.0476 1784 RpcLocator - ok

11:10:57.0507 1784 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

11:10:57.0554 1784 RpcSs - ok

11:10:57.0601 1784 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:10:57.0648 1784 rspndr - ok

11:10:57.0710 1784 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

11:10:57.0726 1784 s3cap - ok

11:10:57.0757 1784 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

11:10:57.0773 1784 SamSs - ok

11:10:57.0819 1784 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

11:10:57.0835 1784 sbp2port - ok

11:10:57.0897 1784 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:10:57.0929 1784 SCardSvr - ok

11:10:58.0038 1784 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

11:10:58.0069 1784 scfilter - ok

11:10:58.0131 1784 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

11:10:58.0147 1784 Schedule - ok

11:10:58.0194 1784 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

11:10:58.0225 1784 SCPolicySvc - ok

11:10:58.0256 1784 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

11:10:58.0272 1784 SDRSVC - ok

11:10:58.0334 1784 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:10:58.0365 1784 secdrv - ok

11:10:58.0397 1784 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

11:10:58.0443 1784 seclogon - ok

11:10:58.0475 1784 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

11:10:58.0506 1784 SENS - ok

11:10:58.0521 1784 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:10:58.0537 1784 SensrSvc - ok

11:10:58.0599 1784 Ser2rs (487fe5ca3b50cf31989298108f192a73) C:\Windows\system32\DRIVERS\ser2rs64.sys

11:10:58.0615 1784 Ser2rs - ok

11:10:58.0662 1784 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:10:58.0677 1784 Serenum - ok

11:10:58.0709 1784 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:10:58.0724 1784 Serial - ok

11:10:58.0740 1784 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

11:10:58.0755 1784 sermouse - ok

11:10:58.0802 1784 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

11:10:58.0833 1784 SessionEnv - ok

11:10:58.0880 1784 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

11:10:58.0896 1784 sffdisk - ok

11:10:58.0911 1784 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

11:10:58.0927 1784 sffp_mmc - ok

11:10:58.0943 1784 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

11:10:58.0958 1784 sffp_sd - ok

11:10:59.0005 1784 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

11:10:59.0021 1784 sfloppy - ok

11:10:59.0052 1784 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

11:10:59.0099 1784 SharedAccess - ok

11:10:59.0145 1784 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

11:10:59.0161 1784 ShellHWDetection - ok

11:10:59.0208 1784 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

11:10:59.0223 1784 SiSRaid2 - ok

11:10:59.0239 1784 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

11:10:59.0255 1784 SiSRaid4 - ok

11:10:59.0286 1784 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:10:59.0317 1784 Smb - ok

11:10:59.0457 1784 SmcService (cb7a612fd3ce17a83584ec1ca7042801) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

11:10:59.0504 1784 SmcService - ok

11:10:59.0551 1784 SNAC (7baaa607b3d6b9f6180a3f1746bf1a6a) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE

11:10:59.0567 1784 SNAC - ok

11:10:59.0660 1784 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:10:59.0676 1784 SNMPTRAP - ok

11:10:59.0754 1784 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

11:10:59.0754 1784 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning

11:10:59.0754 1784 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)

11:10:59.0832 1784 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:10:59.0847 1784 spldr - ok

11:10:59.0894 1784 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

11:10:59.0910 1784 Spooler - ok

11:11:00.0003 1784 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

11:11:00.0066 1784 sppsvc - ok

11:11:00.0081 1784 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:11:00.0113 1784 sppuinotify - ok

11:11:00.0175 1784 SRTSP (38d169348885454747a9b0b32d3b57f4) C:\Windows\system32\Drivers\SRTSP64.SYS

11:11:00.0206 1784 SRTSP - ok

11:11:00.0237 1784 SRTSPL (8321388d4af04003ac3c3f97f98317ea) C:\Windows\system32\Drivers\SRTSPL64.SYS

11:11:00.0269 1784 SRTSPL - ok

11:11:00.0300 1784 SRTSPX (7e91a1ae3053e876195bebfe0d4b938c) C:\Windows\system32\Drivers\SRTSPX64.SYS

11:11:00.0331 1784 SRTSPX - ok

11:11:00.0362 1784 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys

11:11:00.0393 1784 srv - ok

11:11:00.0409 1784 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys

11:11:00.0425 1784 srv2 - ok

11:11:00.0471 1784 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys

11:11:00.0487 1784 srvnet - ok

11:11:00.0549 1784 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:11:00.0596 1784 SSDPSRV - ok

11:11:00.0690 1784 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:11:00.0737 1784 SstpSvc - ok

11:11:00.0799 1784 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

11:11:00.0815 1784 stexstor - ok

11:11:00.0861 1784 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

11:11:00.0893 1784 stisvc - ok

11:11:00.0955 1784 STOPzilla Local Service - ok

11:11:01.0033 1784 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

11:11:01.0049 1784 storflt - ok

11:11:01.0080 1784 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

11:11:01.0111 1784 StorSvc - ok

11:11:01.0173 1784 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

11:11:01.0189 1784 storvsc - ok

11:11:01.0283 1784 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

11:11:01.0298 1784 swenum - ok

11:11:01.0345 1784 swmsflt (0f84a321e89d3d78233d77a5ca86bba6) C:\Windows\System32\drivers\swmsflt.sys

11:11:01.0361 1784 swmsflt - ok

11:11:01.0485 1784 SWNC8U80 (773a241e354daaecfd0e716462c9ba43) C:\Windows\system32\DRIVERS\swnc8u80.sys

11:11:01.0501 1784 SWNC8U80 - ok

11:11:01.0548 1784 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:11:01.0595 1784 swprv - ok

11:11:01.0688 1784 SWUMX80 (6149b0691beb390a0bda3a8e90787fd4) C:\Windows\system32\DRIVERS\swumx80.sys

11:11:01.0719 1784 SWUMX80 - ok

11:11:01.0829 1784 Symantec AntiVirus (dd10cb8aa990f89091bc267370fd0843) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

11:11:01.0875 1784 Symantec AntiVirus - ok

11:11:01.0969 1784 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

11:11:02.0000 1784 SymEvent - ok

11:11:02.0063 1784 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

11:11:02.0109 1784 SysMain - ok

11:11:02.0141 1784 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

11:11:02.0156 1784 TabletInputService - ok

11:11:02.0187 1784 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

11:11:02.0219 1784 TapiSrv - ok

11:11:02.0250 1784 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:11:02.0281 1784 TBS - ok

11:11:02.0359 1784 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

11:11:02.0406 1784 Tcpip - ok

11:11:02.0484 1784 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

11:11:02.0515 1784 TCPIP6 - ok

11:11:02.0546 1784 tcpipBM (7734bdcf76898452c8d83745da1b86fa) C:\Windows\system32\drivers\tcpipBM.sys

11:11:02.0577 1784 tcpipBM ( UnsignedFile.Multi.Generic ) - warning

11:11:02.0577 1784 tcpipBM - detected UnsignedFile.Multi.Generic (1)

11:11:02.0609 1784 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

11:11:02.0655 1784 tcpipreg - ok

11:11:02.0671 1784 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:11:02.0718 1784 TDPIPE - ok

11:11:02.0749 1784 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

11:11:02.0780 1784 TDTCP - ok

11:11:02.0811 1784 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

11:11:02.0843 1784 tdx - ok

11:11:02.0858 1784 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

11:11:02.0874 1784 TermDD - ok

11:11:02.0921 1784 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

11:11:02.0967 1784 TermService - ok

11:11:02.0983 1784 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:11:02.0999 1784 Themes - ok

11:11:03.0030 1784 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:11:03.0077 1784 THREADORDER - ok

11:11:03.0108 1784 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:11:03.0155 1784 TrkWks - ok

11:11:03.0217 1784 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

11:11:03.0233 1784 TrustedInstaller - ok

11:11:03.0295 1784 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:11:03.0326 1784 tssecsrv - ok

11:11:03.0404 1784 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

11:11:03.0435 1784 tunnel - ok

11:11:03.0467 1784 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

11:11:03.0482 1784 uagp35 - ok

11:11:03.0513 1784 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

11:11:03.0545 1784 udfs - ok

11:11:03.0591 1784 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:11:03.0607 1784 UI0Detect - ok

11:11:03.0654 1784 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

11:11:03.0669 1784 uliagpkx - ok

11:11:03.0701 1784 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

11:11:03.0716 1784 umbus - ok

11:11:03.0732 1784 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

11:11:03.0747 1784 UmPass - ok

11:11:03.0779 1784 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll

11:11:03.0794 1784 UmRdpService - ok

11:11:03.0825 1784 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:11:03.0872 1784 upnphost - ok

11:11:03.0919 1784 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

11:11:03.0935 1784 USBAAPL64 - ok

11:11:03.0981 1784 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

11:11:03.0997 1784 usbccgp - ok

11:11:04.0028 1784 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

11:11:04.0044 1784 usbcir - ok

11:11:04.0075 1784 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

11:11:04.0091 1784 usbehci - ok

11:11:04.0122 1784 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

11:11:04.0137 1784 usbhub - ok

11:11:04.0153 1784 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

11:11:04.0169 1784 usbohci - ok

11:11:04.0200 1784 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:11:04.0215 1784 usbprint - ok

11:11:04.0247 1784 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:11:04.0262 1784 USBSTOR - ok

11:11:04.0278 1784 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

11:11:04.0293 1784 usbuhci - ok

11:11:04.0387 1784 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

11:11:04.0403 1784 usbvideo - ok

11:11:04.0449 1784 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:11:04.0481 1784 UxSms - ok

11:11:04.0527 1784 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

11:11:04.0543 1784 VaultSvc - ok

11:11:04.0652 1784 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

11:11:04.0668 1784 vdrvroot - ok

11:11:04.0715 1784 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

11:11:04.0730 1784 vds - ok

11:11:04.0777 1784 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:11:04.0808 1784 vga - ok

11:11:04.0824 1784 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:11:04.0871 1784 VgaSave - ok

11:11:04.0902 1784 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

11:11:04.0917 1784 vhdmp - ok

11:11:04.0933 1784 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

11:11:04.0949 1784 viaide - ok

11:11:04.0980 1784 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

11:11:04.0995 1784 vmbus - ok

11:11:05.0027 1784 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

11:11:05.0042 1784 VMBusHID - ok

11:11:05.0073 1784 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

11:11:05.0089 1784 volmgr - ok

11:11:05.0120 1784 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

11:11:05.0136 1784 volmgrx - ok

11:11:05.0167 1784 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

11:11:05.0183 1784 volsnap - ok

11:11:05.0198 1784 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

11:11:05.0214 1784 vsmraid - ok

11:11:05.0276 1784 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

11:11:05.0323 1784 VSS - ok

11:11:05.0370 1784 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:11:05.0385 1784 vwifibus - ok

11:11:05.0432 1784 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:11:05.0448 1784 vwififlt - ok

11:11:05.0557 1784 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:11:05.0604 1784 W32Time - ok

11:11:05.0651 1784 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

11:11:05.0666 1784 WacomPen - ok

11:11:05.0713 1784 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

11:11:05.0744 1784 WANARP - ok

11:11:05.0760 1784 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

11:11:05.0807 1784 Wanarpv6 - ok

11:11:05.0900 1784 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

11:11:05.0931 1784 wbengine - ok

11:11:05.0963 1784 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:11:05.0978 1784 WbioSrvc - ok

11:11:06.0025 1784 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

11:11:06.0041 1784 wcncsvc - ok

11:11:06.0072 1784 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:11:06.0087 1784 WcsPlugInService - ok

11:11:06.0119 1784 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

11:11:06.0134 1784 Wd - ok

11:11:06.0165 1784 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:11:06.0181 1784 Wdf01000 - ok

11:11:06.0228 1784 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:11:06.0243 1784 WdiServiceHost - ok

11:11:06.0259 1784 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:11:06.0306 1784 WdiSystemHost - ok

11:11:06.0337 1784 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

11:11:06.0353 1784 WebClient - ok

11:11:06.0384 1784 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:11:06.0431 1784 Wecsvc - ok

11:11:06.0462 1784 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:11:06.0493 1784 wercplsupport - ok

11:11:06.0540 1784 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:11:06.0571 1784 WerSvc - ok

11:11:06.0680 1784 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:11:06.0711 1784 WfpLwf - ok

11:11:06.0743 1784 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:11:06.0758 1784 WIMMount - ok

11:11:06.0821 1784 WinDefend - ok

11:11:06.0836 1784 WinHttpAutoProxySvc - ok

11:11:06.0945 1784 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:11:06.0992 1784 Winmgmt - ok

11:11:07.0070 1784 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

11:11:07.0133 1784 WinRM - ok

11:11:07.0257 1784 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

11:11:07.0273 1784 WinUsb - ok

11:11:07.0320 1784 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:11:07.0351 1784 Wlansvc - ok

11:11:07.0413 1784 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

11:11:07.0413 1784 WmiAcpi - ok

11:11:07.0491 1784 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:11:07.0507 1784 wmiApSrv - ok

11:11:07.0538 1784 WMPNetworkSvc - ok

11:11:07.0632 1784 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:11:07.0647 1784 WPCSvc - ok

11:11:07.0663 1784 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

11:11:07.0679 1784 WPDBusEnum - ok

11:11:07.0725 1784 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:11:07.0772 1784 ws2ifsl - ok

11:11:07.0866 1784 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll

11:11:07.0881 1784 wscsvc - ok

11:11:07.0881 1784 WSearch - ok

11:11:07.0959 1784 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll

11:11:08.0037 1784 wuauserv - ok

11:11:08.0084 1784 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

11:11:08.0115 1784 WudfPf - ok

11:11:08.0147 1784 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:11:08.0178 1784 WUDFRd - ok

11:11:08.0256 1784 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

11:11:08.0287 1784 wudfsvc - ok

11:11:08.0318 1784 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:11:08.0349 1784 WwanSvc - ok

11:11:08.0459 1784 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys

11:11:08.0474 1784 yukonw7 - ok

11:11:08.0521 1784 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

11:11:08.0661 1784 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:11:08.0661 1784 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:11:08.0677 1784 Boot (0x1200) (662aa67fcc5d0fc65b4e9adc62f2bfa4) \Device\Harddisk0\DR0\Partition0

11:11:08.0677 1784 \Device\Harddisk0\DR0\Partition0 - ok

11:11:08.0693 1784 Boot (0x1200) (3f0bc95441fa6dd9f75b18afbe369bf5) \Device\Harddisk0\DR0\Partition1

11:11:08.0693 1784 \Device\Harddisk0\DR0\Partition1 - ok

11:11:08.0693 1784 ============================================================

11:11:08.0693 1784 Scan finished

11:11:08.0693 1784 ============================================================

11:11:08.0708 2976 Detected object count: 5

11:11:08.0708 2976 Actual detected object count: 5

11:11:13.0263 2976 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user

11:11:13.0263 2976 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:11:13.0404 2976 C:\Windows\system32\TcUsb.dll - copied to quarantine

11:11:13.0887 2976 HKLM\SYSTEM\ControlSet001\services\Cinemsup - will be deleted on reboot

11:11:14.0075 2976 C:\Windows\system32\TcUsb.dll - will be deleted on reboot

11:11:14.0075 2976 Cinemsup ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete

11:11:14.0075 2976 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

11:11:14.0090 2976 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:11:14.0090 2976 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user

11:11:14.0090 2976 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:11:14.0090 2976 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:11:14.0090 2976 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

11:11:22.0967 0996 Deinitialize success

[MrCharlie]

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

[cestmoi1337]

MrC,

This is the content of the ComboFix.txt:

ComboFix 12-04-01.02 - ccaracciolo 04/02/2012 11:38:10.1.2 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3032.1893 [GMT -4:00]

Running from: c:\users\ccaracciolo\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\ccaracciolo\AppData\Local\.#

c:\users\ccaracciolo\AppData\Local\.#\MBX@680@901F90.###

c:\users\ccaracciolo\AppData\Local\.#\MBX@680@901FA0.###

c:\users\ccaracciolo\AppData\Local\.#\MBX@680@902090.###

c:\users\ccaracciolo\AppData\Local\.#\MBX@680@9020B0.###

c:\users\ccaracciolo\AppData\Local\.#\MBX@CBC@1DC1F90.###

c:\users\ccaracciolo\AppData\Local\.#\MBX@CBC@1DC1FA0.###

c:\users\ccaracciolo\AppData\Local\.#\MBX@CBC@1DC2090.###

c:\users\ccaracciolo\AppData\Local\.#\MBX@CBC@1DC20B0.###

c:\users\ccaracciolo\g2mdlhlpx.exe

c:\users\ccaracciolo\WINDOWS

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))

.

.

2012-04-02 15:44 . 2012-04-02 15:44 -------- d-----w- c:\users\delete\AppData\Local\temp

2012-04-02 15:44 . 2012-04-02 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-02 15:44 . 2012-04-02 15:44 -------- d-----w- c:\users\ccaracciolo - Copy\AppData\Local\temp

2012-04-02 15:44 . 2012-04-02 15:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-03-30 14:12 . 2012-03-30 14:12 -------- d-----w- c:\users\ccaracciolo\AppData\Roaming\STOPzilla!

2012-03-30 14:11 . 2012-03-30 14:43 -------- d-----w- c:\program files (x86)\STOPzilla!

2012-03-30 13:17 . 2012-03-30 13:17 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-03-29 21:24 . 2012-03-30 14:14 -------- d-----w- c:\program files\STOPzilla!

2012-03-29 19:35 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys

2012-03-29 19:01 . 2012-04-02 15:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-29 18:51 . 2012-04-02 15:13 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-03-29 17:57 . 2012-03-29 17:58 -------- d-----w- c:\program files\CCleaner

2012-03-29 15:10 . 2009-07-14 01:14 20480 ----a-w- c:\windows\backupsvchostbackup.exe

2012-03-29 14:11 . 2012-03-29 14:11 -------- d-----w- c:\users\ccaracciolo\AppData\Local\{A0E2C2E6-7918-11E1-826D-B8AC6F996F26}

2012-03-28 12:01 . 2012-03-28 12:01 -------- d-----w- c:\users\ccaracciolo\AppData\Local\{B0AADF8D-7847-11E1-826D-B8AC6F996F26}

2012-03-27 18:37 . 2012-03-27 18:37 -------- d-----w- c:\users\ccaracciolo\AppData\Local\{ADE27D14-783A-11E1-826D-B8AC6F996F26}

2012-03-27 18:30 . 2012-03-27 18:30 -------- d-sh--w- c:\windows\SysWow64\config\systemprofile\IETldCache

2012-03-27 18:29 . 2012-03-27 18:29 -------- d-----w- c:\programdata\F4D55F3B000435DB03318318A6014588

2012-03-27 18:27 . 2012-03-27 18:27 99328 ----a-w- c:\windows\system32\compgMgr64.dll

2012-03-27 18:27 . 2012-03-27 18:27 88064 ----a-w- c:\windows\SysWow64\compgMgr.dll

2012-03-26 21:41 . 2012-03-26 21:41 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-03-23 18:43 . 2012-03-23 18:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-23 18:43 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-23 18:31 . 2012-03-30 13:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-03-23 18:31 . 2012-03-23 18:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-03-20 18:19 . 2012-03-20 18:19 -------- d-----w- c:\program files (x86)\Citrix

2012-03-20 18:18 . 2012-03-20 18:18 -------- d-----w- c:\users\ccaracciolo\AppData\Local\Apps

2012-03-20 18:18 . 2012-03-20 18:18 -------- d-----w- c:\users\ccaracciolo\AppData\Local\Deployment

2012-03-19 14:50 . 2012-03-19 14:50 -------- d-----w- c:\program files\iPod

2012-03-19 14:50 . 2012-03-19 14:51 -------- d-----w- c:\program files\iTunes

2012-03-19 14:50 . 2012-03-19 14:51 -------- d-----w- c:\program files (x86)\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-01-19 14:22 . 2012-01-19 14:22 45936 ----a-r- c:\windows\system32\SBBD.EXE

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-04-02 115560]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

.

c:\users\ccaracciolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

.

c:\users\ccaracciolo\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLogonScripts"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"= 1 (0x1)

"HideLogonScripts"= 1 (0x1)

"HideLogoffScripts"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1085031214-796845957-725345543-2611\Scripts\Logoff\0\0]

"Script"=logoff.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1085031214-796845957-725345543-2611\Scripts\Logon\0\0]

"Script"=logon.bat

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 136176]

R2 STOPzilla Local Service;STOPzilla Local Service;c:\program files (x86)\STOPzilla!\SZNTSvc.exe [x]

R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2010-07-27 121416]

R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2010-07-27 125512]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 136176]

R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]

R3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\DRIVERS\ser2rs64.sys [x]

R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x]

R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-16 136824]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - BMLoad

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 17:43]

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 17:43]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"combofix"="c:\combofix\CF16437.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

STV680m

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://m.www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100312,6687,0,8,0

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: mswsock.dll

TCP: DhcpNameServer = 10.1.2.20 10.1.2.19

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

FF - ProfilePath - c:\users\ccaracciolo\Application Data\Mozilla\Firefox\Profiles\8zycntl7.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKU-Default-Run-4Y3Y0C3A1V0FUXUGPXMSQPMVDIRKALS - c:\rbin\0A50B4EE035.exe

SafeBoot-27505487.sys

SafeBoot-33413689.sys

SafeBoot-34957894.sys

SafeBoot-69158801.sys

SafeBoot-84889259.sys

SafeBoot-92893762.sys

SafeBoot-Symantec Antvirus

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Device Manager]

"ImagePath"="%SystemRoot%\System32\config\systemprofile\AppData\Roaming\devicemgrsvc.bat"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

.

**************************************************************************

.

Completion time: 2012-04-02 11:53:12 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-02 15:53

.

Pre-Run: 169,758,654,464 bytes free

Post-Run: 169,748,287,488 bytes free

.

- - End Of File - - AA562119B65768A03010E962544E1A49

[MrCharlie]

Please do this:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Run OTL

Under the Custom Scans/Fixes

Copy and paste this in: netsvcs

Click the None button on top

Now click on the blue Run Scan button

Post the log it creates.

MrC

[cestmoi1337]

After following your instructions, this is the OTL log:

OTL logfile created on: 4/2/2012 12:27:09 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\ccaracciolo\Desktop

64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 61.02% Memory free

3.46 Gb Paging File | 2.34 Gb Available in Paging File | 67.62% Paging File free

Paging file location(s): c:\pagefile.sys 512 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 212.88 Gb Total Space | 158.17 Gb Free Space | 74.30% Space Free | Partition Type: NTFS

Drive D: | 20.00 Gb Total Space | 11.67 Gb Free Space | 58.37% Space Free | Partition Type: NTFS

Drive F: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 7.62 Gb Total Space | 4.39 Gb Free Space | 57.62% Space Free | Partition Type: FAT32

Computer Name: CCARACCIOLO1 | User Name: ccaracciolo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

NetSvcs:64bit: STV680m - C:\Windows\SysNative\motmodem.dll (Oak Technology Inc.)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

< End of report >

[MrCharlie]

Enable hidden files: (they may already be un-hidden)

http://www.bleepingc...s-in-windows-7/

Find each of these files and upload them to VirusTotal for a free scan, let me know the results > Just copy the URL back here for each one:

C:\Windows\SysNative\motmodem.dll <---------I'm all most certain this one is malware!!

C:\Windows\SysNative\appmgmts.dll

http://www.virustotal.com/

MrC

[cestmoi1337]

https://www.virustotal.com/file/77c3a8a545e7339fb149f20bf0864c7e5772022f4ced67236d8b78d51328dc12/analysis/1333385333/

https://www.virustotal.com/file/e2001acd44da270b8289da362d26416676301773ab22616c211f31cf2e7869aa/analysis/1333385650/

[MrCharlie]

Sorry, I forgot to include this one that TDSSKiller found:

C:\Windows\system32\TcUsb.dll

Please upload it for a scan, MrC

[cestmoi1337]

MrC,

The later, TcUsb.dll does not exist anymore.

[MrCharlie]

OK, please do this using ComboFix:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

Rootkit::

C:\Windows\SysNative\motmodem.dll

Driver::

STV680m

NetSvc::

STV680m

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

[cestmoi1337]

Done. This the ComboFix log:

ComboFix 12-04-01.02 - ccaracciolo 04/02/2012 14:25:38.2.2 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3032.1706 [GMT -4:00]

Running from: c:\users\ccaracciolo\Desktop\ComboFix.exe

Command switches used :: c:\users\ccaracciolo\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\ccaracciolo\Desktop\.lnk

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

c:\windows\system32\dds_trash_log.cmd

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_STV680m

.

.

((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))

.

.

2012-04-02 18:30 . 2012-04-02 18:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-04-02 18:30 . 2012-04-02 18:30 -------- d-----w- c:\users\delete\AppData\Local\temp

2012-04-02 18:30 . 2012-04-02 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-02 18:30 . 2012-04-02 18:30 -------- d-----w- c:\users\ccaracciolo - Copy\AppData\Local\temp

2012-04-02 18:30 . 2012-04-02 18:30 -------- d-----w- c:\users\administrator\AppData\Local\temp

2012-03-30 14:12 . 2012-03-30 14:12 -------- d-----w- c:\users\ccaracciolo\AppData\Roaming\STOPzilla!

2012-03-30 14:11 . 2012-03-30 14:43 -------- d-----w- c:\program files (x86)\STOPzilla!

2012-03-30 13:17 . 2012-03-30 13:17 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-03-29 21:24 . 2012-03-30 14:14 -------- d-----w- c:\program files\STOPzilla!

2012-03-29 19:35 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys

2012-03-29 19:01 . 2012-04-02 15:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-29 17:57 . 2012-03-29 17:58 -------- d-----w- c:\program files\CCleaner

2012-03-29 15:10 . 2009-07-14 01:14 20480 ----a-w- c:\windows\backupsvchostbackup.exe

2012-03-29 14:11 . 2012-03-29 14:11 -------- d-----w- c:\users\ccaracciolo\AppData\Local\{A0E2C2E6-7918-11E1-826D-B8AC6F996F26}

2012-03-28 12:01 . 2012-03-28 12:01 -------- d-----w- c:\users\ccaracciolo\AppData\Local\{B0AADF8D-7847-11E1-826D-B8AC6F996F26}

2012-03-27 18:37 . 2012-03-27 18:37 -------- d-----w- c:\users\ccaracciolo\AppData\Local\{ADE27D14-783A-11E1-826D-B8AC6F996F26}

2012-03-27 18:30 . 2012-03-27 18:30 -------- d-sh--w- c:\windows\SysWow64\config\systemprofile\IETldCache

2012-03-27 18:29 . 2012-03-27 18:29 -------- d-----w- c:\programdata\F4D55F3B000435DB03318318A6014588

2012-03-27 18:27 . 2012-03-27 18:27 99328 ----a-w- c:\windows\system32\compgMgr64.dll

2012-03-27 18:27 . 2012-03-27 18:27 88064 ----a-w- c:\windows\SysWow64\compgMgr.dll

2012-03-26 21:41 . 2012-03-26 21:41 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-03-23 18:43 . 2012-03-23 18:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-23 18:43 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-23 18:31 . 2012-03-30 13:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-03-23 18:31 . 2012-03-23 18:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-03-20 18:19 . 2012-03-20 18:19 -------- d-----w- c:\program files (x86)\Citrix

2012-03-20 18:18 . 2012-03-20 18:18 -------- d-----w- c:\users\ccaracciolo\AppData\Local\Apps

2012-03-20 18:18 . 2012-03-20 18:18 -------- d-----w- c:\users\ccaracciolo\AppData\Local\Deployment

2012-03-19 14:50 . 2012-03-19 14:50 -------- d-----w- c:\program files\iPod

2012-03-19 14:50 . 2012-03-19 14:51 -------- d-----w- c:\program files\iTunes

2012-03-19 14:50 . 2012-03-19 14:51 -------- d-----w- c:\program files (x86)\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-01-19 14:22 . 2012-01-19 14:22 45936 ----a-r- c:\windows\system32\SBBD.EXE

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-02_15.48.24 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2012-04-02 15:49 33274 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-24 14:06 . 2012-04-02 15:49 16840 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1085031214-796845957-725345543-2611_UserData.bin

- 2011-05-23 13:44 . 2012-04-02 15:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-05-23 13:44 . 2012-04-02 18:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-05-23 13:44 . 2012-04-02 18:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-05-23 13:44 . 2012-04-02 15:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-02 18:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-02 15:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-04-02 18:32 . 2012-04-02 18:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-02 15:47 . 2012-04-02 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-02 15:47 . 2012-04-02 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-04-02 18:32 . 2012-04-02 18:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 02:36 . 2012-04-02 15:52 627082 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-04-02 15:39 627082 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-04-02 15:39 107366 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-04-02 15:52 107366 c:\windows\system32\perfc009.dat

- 2009-07-14 05:12 . 2012-04-02 15:12 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2012-04-02 16:51 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:01 . 2012-04-02 18:31 395260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-04-02 15:46 395260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-03-29 19:40 . 2012-04-02 18:31 396028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1085031214-796845957-725345543-2611-8192.dat

- 2012-03-29 19:40 . 2012-04-02 14:44 396028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1085031214-796845957-725345543-2611-8192.dat

+ 2012-04-02 18:34 . 2012-04-02 18:34 1522160 c:\windows\temp\CR_1C4A0.tmp\setup.exe

- 2009-07-14 02:34 . 2012-03-30 15:00 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2012-04-02 16:53 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-04-02 115560]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

.

c:\users\ccaracciolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

.

c:\users\ccaracciolo\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLogonScripts"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"= 1 (0x1)

"HideLogonScripts"= 1 (0x1)

"HideLogoffScripts"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1085031214-796845957-725345543-2611\Scripts\Logoff\0\0]

"Script"=logoff.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1085031214-796845957-725345543-2611\Scripts\Logon\0\0]

"Script"=logon.bat

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 136176]

R2 STOPzilla Local Service;STOPzilla Local Service;c:\program files (x86)\STOPzilla!\SZNTSvc.exe [x]

R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2010-07-27 121416]

R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2010-07-27 125512]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 136176]

R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]

R3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\DRIVERS\ser2rs64.sys [x]

R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x]

R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-16 136824]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - BMLoad

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 17:43]

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 17:43]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"combofix"="c:\combofix\CF16690.3XE" [2009-07-14 344576]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

STV680m

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://m.www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100312,6687,0,8,0

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.1.2.20 10.1.2.19

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

FF - ProfilePath - c:\users\ccaracciolo\Application Data\Mozilla\Firefox\Profiles\8zycntl7.default\

FF - prefs.js: network.proxy.type - 0

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Device Manager]

"ImagePath"="%SystemRoot%\System32\config\systemprofile\AppData\Roaming\devicemgrsvc.bat"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\SescLU.exe

.

**************************************************************************

.

Completion time: 2012-04-02 14:39:09 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-02 18:39

ComboFix2.txt 2012-04-02 15:53

.

Pre-Run: 169,817,030,656 bytes free

Post-Run: 169,709,436,928 bytes free

.

- - End Of File - - 6423E9D32E4060F6CD8F81170D4E3E3F

[MrCharlie]

Run OTL again as before.....

Under the Custom Scans/Fixes

Copy and paste this in: netsvcs

Click the None button on top

Now click on the blue Run Scan button

Post the log it creates.

----------------------

Update and run a Quick scan with MBAM, post the log.

Let me know how the computer is now, MrC

[cestmoi1337]

This is the OTL log:

OTL logfile created on: 4/2/2012 3:09:08 PM - Run 3

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\ccaracciolo\Desktop

64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 51.89% Memory free

3.46 Gb Paging File | 2.09 Gb Available in Paging File | 60.53% Paging File free

Paging file location(s): c:\pagefile.sys 512 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 212.88 Gb Total Space | 158.14 Gb Free Space | 74.28% Space Free | Partition Type: NTFS

Drive D: | 20.00 Gb Total Space | 11.67 Gb Free Space | 58.37% Space Free | Partition Type: NTFS

Computer Name: CCARACCIOLO1 | User Name: ccaracciolo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

< End of report >

and this is the MWare log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.02.08

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

ccaracciolo :: CCARACCIOLO1 [administrator]

4/2/2012 3:10:50 PM

mbam-log-2012-04-02 (15-10-50).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 283483

Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

The computer seems to be fine now, it displays google results as expected, no random ads so far and it is a lot faster than it was. Should I consider is clean?

[MrCharlie]

Yes, looks like we got it, use it for a day and then let me know how it is (it should be OK).

Then we'll uninstall all the tools and logs, there's a special way to do that.

MrC

[cestmoi1337]

Thank you so much!! I will let you know in a couple of days!!

[MrCharlie]

How is it??? MrC

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!