The same 4 viruses won't go away. Please help.

texanfan100 · August 13, 2012

I hope I do this right. Everytime I run a scan, the same viruses pop up. Here are the logs.

---------------------------------------------------------------------

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.07.09

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Backup :: OWNER-PC [limited]

8/12/2012 8:38:58 PM

mbam-log-2012-08-12 (20-38-58).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 151086

Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Windows\Installer\{3aec2f9c-8275-0748-8a4e-02491e8f24f1}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Windows\Installer\{3aec2f9c-8275-0748-8a4e-02491e8f24f1}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\Installer\{3aec2f9c-8275-0748-8a4e-02491e8f24f1}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

-------------------------------------------------------------------------------

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Owner at 20:27:17 on 2012-08-12

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1518 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\system32\igfxext.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

-netsvcs

C:\windows\system32\conhost.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe

C:\windows\system32\LogonUI.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\windows\system32\igfxext.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingApp.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingBar.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingSurrogate.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Registry Mechanic\RegMech.exe

"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = hxxp://www.bing.com/?PC=BNHP

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

uSearch Bar =

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"

TB: {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{8C08AD2A-B1E6-4327-A212-4B91B191526C} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{8C08AD2A-B1E6-4327-A212-4B91B191526C}\37163717571647368677966696 : DhcpNameServer = 192.168.2.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"

TB-X64: {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20111122.030\IDSviA64.sys [2011-11-23 488568]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-10-28 632792]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-22 2320920]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE [2012-2-20 240408]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]

R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-22 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE [2012-2-20 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-1 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-1 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-13 00:41:46 20480 ----a-w- C:\windows\svchost.exe

2012-08-11 19:15:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com

2012-08-11 19:13:55 -------- d-----w- C:\Program Files\CCleaner

2012-08-11 19:07:50 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-08-11 19:07:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-08-11 19:07:43 -------- d-----w- C:\ProgramData\SUPERSetup

2012-08-11 01:06:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\Registry Mechanic

2012-08-10 18:20:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\Tific

2012-08-10 18:20:54 -------- d-----w- C:\Users\Owner\AppData\Local\Symantec

2012-08-10 17:44:43 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%

2012-08-10 17:30:09 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC2B44CB-85A8-4FCC-845A-494F60445E18}\mpengine.dll

2012-07-31 03:58:03 -------- d-----w- C:\ProgramData\InstallMate

2012-07-25 19:48:53 -------- d-----w- C:\ProgramData\Graboid Inc

2012-07-25 19:48:52 -------- d-----w- C:\Users\Owner\AppData\Local\Geckofx

2012-07-25 19:48:14 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-07-25 19:48:02 -------- d-----w- C:\Program Files (x86)\Graboid

2012-07-18 18:59:00 172032 ----a-w- C:\windows\SysWow64\AniGIF.ocx

.

==================== Find3M ====================

.

2012-07-03 18:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-06-12 03:02:52 3147264 ----a-w- C:\windows\System32\win32k.sys

2012-06-06 05:50:50 2003968 ----a-w- C:\windows\System32\msxml6.dll

2012-06-06 05:50:50 1880064 ----a-w- C:\windows\System32\msxml3.dll

2012-06-06 05:09:46 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-06-06 05:09:46 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-02 05:38:26 95088 ----a-w- C:\windows\System32\drivers\ksecdd.sys

2012-06-02 05:38:24 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2012-06-02 05:37:45 459216 ----a-w- C:\windows\System32\drivers\cng.sys

2012-06-02 05:27:02 340992 ----a-w- C:\windows\System32\schannel.dll

2012-06-02 05:27:00 307200 ----a-w- C:\windows\System32\ncrypt.dll

2012-06-02 04:48:39 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2012-06-02 04:48:35 225280 ----a-w- C:\windows\SysWow64\schannel.dll

2012-06-02 04:47:31 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll

2012-06-02 04:42:51 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

2012-05-31 17:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe

2012-05-15 03:56:59 1197568 ----a-w- C:\windows\System32\wininet.dll

2012-05-15 03:08:48 981504 ----a-w- C:\windows\SysWow64\wininet.dll

.

============= FINISH: 20:28:13.33 ===============

-------------------------------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/22/2011 9:00:37 AM

System Uptime: 8/12/2012 7:40:57 PM (1 hours ago)

.

Motherboard: Intel Corp. | | Base Board Product Name

Processor: Intel® Pentium® CPU P6200 @ 2.13GHz | CPU | 917/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 286 GiB total, 242.772 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP100: 7/10/2012 10:21:38 AM - Windows Update

RP101: 7/12/2012 11:02:09 AM - Windows Update

RP102: 7/17/2012 10:40:43 AM - Windows Update

RP103: 7/20/2012 11:24:18 AM - Windows Update

RP104: 7/24/2012 11:35:51 AM - Windows Update

RP105: 7/27/2012 12:17:24 PM - Windows Update

RP106: 7/31/2012 11:08:29 AM - Windows Update

RP107: 8/7/2012 10:49:32 AM - Windows Update

RP108: 8/10/2012 12:29:24 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 10 Plugin

Adobe Reader 9.3

Adobe Shockwave Player 11.6

Best Buy pc app

Bing Bar

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java™ 6 Update 17

Junk Mail filter update

Label@Once 1.0

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

Norton Internet Security

PokerStars.net

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Registry Mechanic 10.0

Respondus LockDown Browser

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

swMSM

TOSHIBA Application Installer

TOSHIBA Assist

Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA eco Utility

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA Quality Application

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

8/9/2012 1:10:27 PM, Error: Schannel [36887] - The following fatal alert was received: 47.

8/12/2012 8:51:02 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

8/12/2012 8:50:59 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

8/12/2012 8:50:59 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

8/12/2012 8:14:32 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/12/2012 8:14:32 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/12/2012 7:40:49 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the BFE service which failed to start because of the following error: Access is denied.

8/12/2012 7:40:49 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the BFE service which failed to start because of the following error: Access is denied.

8/12/2012 7:40:49 PM, Error: Service Control Manager [7000] - The BFE service failed to start due to the following error: Access is denied.

8/12/2012 7:40:48 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/12/2012 7:37:14 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/12/2012 7:37:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/12/2012 7:37:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/12/2012 7:37:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/12/2012 7:37:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/12/2012 7:37:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/12/2012 7:37:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/12/2012 7:36:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf

8/12/2012 7:36:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/12/2012 7:36:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/12/2012 7:36:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/12/2012 7:36:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/12/2012 7:36:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/12/2012 7:36:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/12/2012 7:36:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/12/2012 7:36:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/12/2012 7:36:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/12/2012 7:36:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/11/2012 8:09:45 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Owner-PC\Owner SID (S-1-5-21-3254824216-408528554-2225864293-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

8/11/2012 2:39:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

8/11/2012 11:53:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ab5117, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 081112-23743-01.

8/11/2012 11:18:15 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/11/2012 11:18:15 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

.

==== End Of File ===========================

MrCharlie · August 13, 2012

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

texanfan100 · August 13, 2012

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date: 08/12/2012 21:00:10

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] HKUS\S-1-5-21-3254824216-408528554-2225864293-1001[...]\Run : Best Buy pc app (C:\Users\Backup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{3aec2f9c-8275-0748-8a4e-02491e8f24f1}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{3aec2f9c-8275-0748-8a4e-02491e8f24f1}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{3aec2f9c-8275-0748-8a4e-02491e8f24f1}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BPVT-16ZEST0 +++++

--- User ---

[MBR] 1521bfff4e246c8a972c3e0d760039fc

[bSP] 49a68ccf72150b951d4683ca5a6f3ab1 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293177 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603500544 | Size: 10567 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] fce9e36783da56a844a9967ac6cbca20

[bSP] 49a68ccf72150b951d4683ca5a6f3ab1 : Windows Vista MBR Code

Partition table:

1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293177 Mo

3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603500544 | Size: 10567 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] fce9e36783da56a844a9967ac6cbca20

[bSP] 49a68ccf72150b951d4683ca5a6f3ab1 : Windows Vista MBR Code

Partition table:

1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293177 Mo

3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603500544 | Size: 10567 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · August 13, 2012

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.
Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]Now press the Search button
[*]When the search is complete, search.txt will also be written to your USB
[*]Type exit and reboot the computer normally
[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

texanfan100 · August 13, 2012

ok this might be bad. I press F8 and then select Repair Computer and a message comes up that says to turn off computer by pressing ok. Error F3-F100-0010

MrCharlie · August 13, 2012

Do this instead.........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

texanfan100 · August 13, 2012

09:59:42.0376 1544 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

09:59:42.0938 1544 ============================================================

09:59:42.0938 1544 Current date / time: 2012/08/13 09:59:42.0938

09:59:42.0938 1544 SystemInfo:

09:59:42.0938 1544

09:59:42.0938 1544 OS Version: 6.1.7600 ServicePack: 0.0

09:59:42.0938 1544 Product type: Workstation

09:59:42.0938 1544 ComputerName: OWNER-PC

09:59:42.0938 1544 UserName: Owner

09:59:42.0938 1544 Windows directory: C:\windows

09:59:42.0938 1544 System windows directory: C:\windows

09:59:42.0938 1544 Running under WOW64

09:59:42.0938 1544 Processor architecture: Intel x64

09:59:42.0938 1544 Number of processors: 2

09:59:42.0938 1544 Page size: 0x1000

09:59:42.0938 1544 Boot type: Normal boot

09:59:42.0938 1544 ============================================================

09:59:43.0484 1544 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:59:43.0484 1544 ============================================================

09:59:43.0484 1544 \Device\Harddisk0\DR0:

09:59:43.0484 1544 MBR partitions:

09:59:43.0484 1544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23C9C800

09:59:43.0484 1544 ============================================================

09:59:43.0500 1544 C: <-> \Device\Harddisk0\DR0\Partition0

09:59:43.0500 1544 ============================================================

09:59:43.0500 1544 Initialize success

09:59:43.0500 1544 ============================================================

10:00:00.0379 3000 ============================================================

10:00:00.0379 3000 Scan started

10:00:00.0379 3000 Mode: Manual; SigCheck; TDLFS;

10:00:00.0379 3000 ============================================================

10:00:01.0518 3000 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys

10:00:01.0611 3000 1394ohci - ok

10:00:01.0674 3000 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys

10:00:01.0689 3000 ACPI - ok

10:00:01.0705 3000 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys

10:00:01.0736 3000 AcpiPmi - ok

10:00:01.0798 3000 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

10:00:01.0845 3000 adp94xx - ok

10:00:01.0939 3000 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

10:00:01.0970 3000 adpahci - ok

10:00:02.0001 3000 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

10:00:02.0017 3000 adpu320 - ok

10:00:02.0032 3000 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

10:00:02.0126 3000 AeLookupSvc - ok

10:00:02.0266 3000 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys

10:00:02.0313 3000 AFD - ok

10:00:02.0360 3000 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys

10:00:02.0376 3000 agp440 - ok

10:00:02.0407 3000 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

10:00:02.0454 3000 ALG - ok

10:00:02.0485 3000 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys

10:00:02.0500 3000 aliide - ok

10:00:02.0516 3000 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys

10:00:02.0532 3000 amdide - ok

10:00:02.0563 3000 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

10:00:02.0610 3000 AmdK8 - ok

10:00:02.0610 3000 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

10:00:02.0641 3000 AmdPPM - ok

10:00:02.0719 3000 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys

10:00:02.0734 3000 amdsata - ok

10:00:02.0766 3000 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

10:00:02.0797 3000 amdsbs - ok

10:00:02.0828 3000 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys

10:00:02.0828 3000 amdxata - ok

10:00:02.0922 3000 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys

10:00:02.0953 3000 AppID - ok

10:00:02.0984 3000 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

10:00:03.0046 3000 AppIDSvc - ok

10:00:03.0109 3000 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll

10:00:03.0187 3000 Appinfo - ok

10:00:03.0249 3000 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

10:00:03.0265 3000 arc - ok

10:00:03.0280 3000 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

10:00:03.0296 3000 arcsas - ok

10:00:03.0327 3000 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

10:00:03.0405 3000 AsyncMac - ok

10:00:03.0468 3000 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys

10:00:03.0483 3000 atapi - ok

10:00:03.0592 3000 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll

10:00:03.0717 3000 AudioEndpointBuilder - ok

10:00:03.0717 3000 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll

10:00:03.0780 3000 AudioSrv - ok

10:00:03.0826 3000 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll

10:00:03.0889 3000 AxInstSV - ok

10:00:03.0998 3000 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

10:00:04.0076 3000 b06bdrv - ok

10:00:04.0154 3000 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

10:00:04.0201 3000 b57nd60a - ok

10:00:04.0372 3000 BBSvc (37bfed63841e56f465e1a0cd32f1bcc9) C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe

10:00:04.0404 3000 BBSvc - ok

10:00:04.0450 3000 BBUpdate (b47230df549e171449b5d25cfcee9f57) C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe

10:00:04.0466 3000 BBUpdate - ok

10:00:04.0513 3000 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

10:00:04.0544 3000 BDESVC - ok

10:00:04.0575 3000 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

10:00:04.0638 3000 Beep - ok

10:00:04.0762 3000 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll

10:00:04.0825 3000 BFE - ok

10:00:05.0137 3000 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20111114.002\BHDrvx64.sys

10:00:08.0085 3000 BHDrvx64 - ok

10:00:08.0288 3000 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll

10:00:08.0397 3000 BITS - ok

10:00:08.0413 3000 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

10:00:08.0428 3000 blbdrive - ok

10:00:08.0460 3000 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys

10:00:08.0491 3000 bowser - ok

10:00:08.0522 3000 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

10:00:08.0553 3000 BrFiltLo - ok

10:00:08.0584 3000 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

10:00:08.0631 3000 BrFiltUp - ok

10:00:08.0694 3000 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll

10:00:08.0772 3000 Browser - ok

10:00:08.0834 3000 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

10:00:08.0896 3000 Brserid - ok

10:00:08.0928 3000 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

10:00:08.0959 3000 BrSerWdm - ok

10:00:08.0974 3000 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

10:00:09.0006 3000 BrUsbMdm - ok

10:00:09.0021 3000 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

10:00:09.0037 3000 BrUsbSer - ok

10:00:09.0068 3000 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

10:00:09.0084 3000 BTHMODEM - ok

10:00:09.0162 3000 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

10:00:09.0208 3000 bthserv - ok

10:00:09.0255 3000 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

10:00:09.0318 3000 cdfs - ok

10:00:09.0349 3000 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys

10:00:09.0364 3000 cdrom - ok

10:00:09.0396 3000 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll

10:00:09.0458 3000 CertPropSvc - ok

10:00:09.0474 3000 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

10:00:09.0489 3000 circlass - ok

10:00:09.0536 3000 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

10:00:09.0552 3000 CLFS - ok

10:00:09.0630 3000 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:00:09.0645 3000 clr_optimization_v2.0.50727_32 - ok

10:00:09.0692 3000 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:00:09.0708 3000 clr_optimization_v2.0.50727_64 - ok

10:00:09.0801 3000 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:00:09.0817 3000 clr_optimization_v4.0.30319_32 - ok

10:00:09.0895 3000 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:00:09.0895 3000 clr_optimization_v4.0.30319_64 - ok

10:00:09.0910 3000 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

10:00:09.0926 3000 CmBatt - ok

10:00:09.0942 3000 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys

10:00:09.0957 3000 cmdide - ok

10:00:10.0020 3000 CNG (ca7720b73446fddec5c69519c1174c98) C:\windows\system32\Drivers\cng.sys

10:00:10.0051 3000 CNG - ok

10:00:10.0144 3000 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys

10:00:10.0160 3000 CnxtHdAudService - ok

10:00:10.0207 3000 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

10:00:10.0222 3000 Compbatt - ok

10:00:10.0238 3000 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys

10:00:10.0269 3000 CompositeBus - ok

10:00:10.0285 3000 COMSysApp - ok

10:00:10.0316 3000 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

10:00:10.0332 3000 crcdisk - ok

10:00:10.0394 3000 CryptSvc (f02786b66375292e58c8777082d4396d) C:\windows\system32\cryptsvc.dll

10:00:10.0425 3000 CryptSvc - ok

10:00:10.0488 3000 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll

10:00:10.0566 3000 DcomLaunch - ok

10:00:10.0612 3000 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

10:00:10.0690 3000 defragsvc - ok

10:00:10.0737 3000 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys

10:00:10.0768 3000 DfsC - ok

10:00:10.0815 3000 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll

10:00:10.0862 3000 Dhcp - ok

10:00:10.0878 3000 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

10:00:10.0924 3000 discache - ok

10:00:10.0971 3000 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

10:00:10.0987 3000 Disk - ok

10:00:11.0034 3000 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll

10:00:11.0065 3000 Dnscache - ok

10:00:11.0112 3000 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll

10:00:11.0174 3000 dot3svc - ok

10:00:11.0190 3000 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll

10:00:11.0236 3000 DPS - ok

10:00:11.0268 3000 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

10:00:11.0299 3000 drmkaud - ok

10:00:11.0392 3000 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys

10:00:11.0424 3000 DXGKrnl - ok

10:00:11.0455 3000 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

10:00:11.0486 3000 EapHost - ok

10:00:11.0720 3000 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

10:00:11.0860 3000 ebdrv - ok

10:00:11.0985 3000 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

10:00:12.0001 3000 eeCtrl - ok

10:00:12.0141 3000 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe

10:00:12.0157 3000 EFS - ok

10:00:12.0235 3000 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe

10:00:12.0282 3000 ehRecvr - ok

10:00:12.0328 3000 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

10:00:12.0344 3000 ehSched - ok

10:00:12.0422 3000 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

10:00:12.0453 3000 elxstor - ok

10:00:12.0500 3000 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

10:00:12.0516 3000 EraserUtilRebootDrv - ok

10:00:12.0531 3000 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys

10:00:12.0562 3000 ErrDev - ok

10:00:12.0625 3000 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

10:00:12.0703 3000 EventSystem - ok

10:00:12.0750 3000 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

10:00:12.0828 3000 exfat - ok

10:00:12.0874 3000 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

10:00:12.0952 3000 fastfat - ok

10:00:13.0062 3000 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe

10:00:13.0155 3000 Fax - ok

10:00:13.0186 3000 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

10:00:13.0202 3000 fdc - ok

10:00:13.0233 3000 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

10:00:13.0296 3000 fdPHost - ok

10:00:13.0342 3000 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

10:00:13.0389 3000 FDResPub - ok

10:00:13.0420 3000 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

10:00:13.0436 3000 FileInfo - ok

10:00:13.0452 3000 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

10:00:13.0514 3000 Filetrace - ok

10:00:13.0545 3000 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

10:00:13.0545 3000 flpydisk - ok

10:00:13.0592 3000 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys

10:00:13.0608 3000 FltMgr - ok

10:00:13.0717 3000 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll

10:00:13.0795 3000 FontCache - ok

10:00:13.0873 3000 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:00:13.0888 3000 FontCache3.0.0.0 - ok

10:00:13.0935 3000 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

10:00:13.0951 3000 FsDepends - ok

10:00:13.0966 3000 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys

10:00:13.0982 3000 Fs_Rec - ok

10:00:14.0060 3000 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys

10:00:14.0076 3000 fvevol - ok

10:00:14.0232 3000 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

10:00:14.0263 3000 gagp30kx - ok

10:00:14.0512 3000 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll

10:00:14.0559 3000 gpsvc - ok

10:00:14.0715 3000 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:00:14.0731 3000 gupdate - ok

10:00:14.0762 3000 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:00:14.0762 3000 gupdatem - ok

10:00:14.0840 3000 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

10:00:14.0856 3000 gusvc - ok

10:00:14.0887 3000 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

10:00:14.0918 3000 hcw85cir - ok

10:00:14.0996 3000 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys

10:00:15.0074 3000 HdAudAddService - ok

10:00:15.0121 3000 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys

10:00:15.0136 3000 HDAudBus - ok

10:00:15.0183 3000 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys

10:00:15.0199 3000 HECIx64 - ok

10:00:15.0261 3000 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

10:00:15.0292 3000 HidBatt - ok

10:00:15.0308 3000 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

10:00:15.0339 3000 HidBth - ok

10:00:15.0386 3000 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

10:00:15.0402 3000 HidIr - ok

10:00:15.0464 3000 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

10:00:15.0495 3000 hidserv - ok

10:00:15.0526 3000 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys

10:00:15.0558 3000 HidUsb - ok

10:00:15.0589 3000 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll

10:00:15.0651 3000 hkmsvc - ok

10:00:15.0698 3000 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll

10:00:15.0745 3000 HomeGroupListener - ok

10:00:15.0776 3000 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll

10:00:15.0807 3000 HomeGroupProvider - ok

10:00:15.0807 3000 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys

10:00:15.0823 3000 HpSAMD - ok

10:00:15.0901 3000 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys

10:00:15.0963 3000 HTTP - ok

10:00:15.0994 3000 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys

10:00:16.0010 3000 hwpolicy - ok

10:00:16.0057 3000 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

10:00:16.0072 3000 i8042prt - ok

10:00:16.0135 3000 iaStor (5e60dd5f090ab4a563c7204c289c4650) C:\windows\system32\DRIVERS\iaStor.sys

10:00:16.0166 3000 iaStor - ok

10:00:16.0244 3000 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys

10:00:16.0260 3000 iaStorV - ok

10:00:16.0353 3000 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

10:00:16.0353 3000 IDriverT ( UnsignedFile.Multi.Generic ) - warning

10:00:16.0353 3000 IDriverT - detected UnsignedFile.Multi.Generic (1)

10:00:16.0494 3000 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:00:16.0525 3000 idsvc - ok

10:00:16.0806 3000 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20111122.030\IDSvia64.sys

10:00:16.0837 3000 IDSVia64 - ok

10:00:17.0679 3000 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys

10:00:17.0976 3000 igfx - ok

10:00:18.0100 3000 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

10:00:18.0132 3000 iirsp - ok

10:00:18.0225 3000 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll

10:00:18.0303 3000 IKEEXT - ok

10:00:18.0366 3000 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\windows\system32\DRIVERS\Impcd.sys

10:00:18.0397 3000 Impcd - ok

10:00:18.0412 3000 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys

10:00:18.0428 3000 intelide - ok

10:00:18.0459 3000 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

10:00:18.0490 3000 intelppm - ok

10:00:18.0522 3000 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

10:00:18.0568 3000 IPBusEnum - ok

10:00:18.0584 3000 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys

10:00:18.0631 3000 IpFilterDriver - ok

10:00:18.0678 3000 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll

10:00:18.0740 3000 iphlpsvc - ok

10:00:18.0787 3000 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys

10:00:18.0818 3000 IPMIDRV - ok

10:00:18.0865 3000 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

10:00:18.0912 3000 IPNAT - ok

10:00:18.0958 3000 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

10:00:18.0974 3000 IRENUM - ok

10:00:18.0990 3000 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys

10:00:19.0005 3000 isapnp - ok

10:00:19.0052 3000 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys

10:00:19.0068 3000 iScsiPrt - ok

10:00:19.0099 3000 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

10:00:19.0114 3000 kbdclass - ok

10:00:19.0130 3000 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys

10:00:19.0161 3000 kbdhid - ok

10:00:19.0177 3000 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

10:00:19.0192 3000 KeyIso - ok

10:00:19.0224 3000 KSecDD (4f4b5fde429416877de7143044582eb5) C:\windows\system32\Drivers\ksecdd.sys

10:00:19.0239 3000 KSecDD - ok

10:00:19.0270 3000 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\windows\system32\Drivers\ksecpkg.sys

10:00:19.0286 3000 KSecPkg - ok

10:00:19.0302 3000 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

10:00:19.0364 3000 ksthunk - ok

10:00:19.0411 3000 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

10:00:19.0489 3000 KtmRm - ok

10:00:19.0551 3000 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\system32\srvsvc.dll

10:00:19.0582 3000 LanmanServer - ok

10:00:19.0614 3000 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll

10:00:19.0660 3000 LanmanWorkstation - ok

10:00:19.0707 3000 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

10:00:19.0754 3000 lltdio - ok

10:00:19.0816 3000 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

10:00:19.0879 3000 lltdsvc - ok

10:00:19.0910 3000 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

10:00:19.0957 3000 lmhosts - ok

10:00:20.0082 3000 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

10:00:20.0097 3000 LMS - ok

10:00:20.0144 3000 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

10:00:20.0160 3000 LSI_FC - ok

10:00:20.0175 3000 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

10:00:20.0191 3000 LSI_SAS - ok

10:00:20.0191 3000 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

10:00:20.0206 3000 LSI_SAS2 - ok

10:00:20.0238 3000 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

10:00:20.0253 3000 LSI_SCSI - ok

10:00:20.0269 3000 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

10:00:20.0331 3000 luafv - ok

10:00:20.0347 3000 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll

10:00:20.0378 3000 Mcx2Svc - ok

10:00:20.0394 3000 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

10:00:20.0409 3000 megasas - ok

10:00:20.0440 3000 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

10:00:20.0472 3000 MegaSR - ok

10:00:20.0534 3000 Microsoft SharePoint Workspace Audit Service - ok

10:00:20.0534 3000 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

10:00:20.0581 3000 MMCSS - ok

10:00:20.0596 3000 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

10:00:20.0643 3000 Modem - ok

10:00:20.0690 3000 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

10:00:20.0721 3000 monitor - ok

10:00:20.0768 3000 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

10:00:20.0784 3000 mouclass - ok

10:00:20.0846 3000 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

10:00:20.0862 3000 mouhid - ok

10:00:20.0893 3000 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys

10:00:20.0908 3000 mountmgr - ok

10:00:20.0971 3000 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys

10:00:20.0986 3000 mpio - ok

10:00:21.0018 3000 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

10:00:21.0064 3000 mpsdrv - ok

10:00:21.0142 3000 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll

10:00:21.0205 3000 MpsSvc - ok

10:00:21.0236 3000 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys

10:00:21.0252 3000 MRxDAV - ok

10:00:21.0298 3000 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys

10:00:21.0314 3000 mrxsmb - ok

10:00:21.0345 3000 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys

10:00:21.0376 3000 mrxsmb10 - ok

10:00:21.0408 3000 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys

10:00:21.0423 3000 mrxsmb20 - ok

10:00:21.0439 3000 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys

10:00:21.0454 3000 msahci - ok

10:00:21.0486 3000 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys

10:00:21.0501 3000 msdsm - ok

10:00:21.0532 3000 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

10:00:21.0579 3000 MSDTC - ok

10:00:21.0595 3000 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

10:00:21.0657 3000 Msfs - ok

10:00:21.0688 3000 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

10:00:21.0751 3000 mshidkmdf - ok

10:00:21.0766 3000 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys

10:00:21.0766 3000 msisadrv - ok

10:00:21.0798 3000 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

10:00:21.0876 3000 MSiSCSI - ok

10:00:21.0876 3000 msiserver - ok

10:00:21.0907 3000 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

10:00:21.0954 3000 MSKSSRV - ok

10:00:21.0985 3000 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

10:00:22.0032 3000 MSPCLOCK - ok

10:00:22.0063 3000 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

10:00:22.0110 3000 MSPQM - ok

10:00:22.0141 3000 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys

10:00:22.0156 3000 MsRPC - ok

10:00:22.0188 3000 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

10:00:22.0203 3000 mssmbios - ok

10:00:22.0234 3000 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

10:00:22.0281 3000 MSTEE - ok

10:00:22.0297 3000 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

10:00:22.0328 3000 MTConfig - ok

10:00:22.0359 3000 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

10:00:22.0375 3000 Mup - ok

10:00:22.0437 3000 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll

10:00:22.0515 3000 napagent - ok

10:00:22.0593 3000 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

10:00:22.0624 3000 NativeWifiP - ok

10:00:22.0780 3000 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20111122.034\ENG64.SYS

10:00:22.0796 3000 NAVENG - ok

10:00:23.0077 3000 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20111122.034\EX64.SYS

10:00:23.0155 3000 NAVEX15 - ok

10:00:23.0389 3000 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys

10:00:23.0436 3000 NDIS - ok

10:00:23.0467 3000 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

10:00:23.0529 3000 NdisCap - ok

10:00:23.0560 3000 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

10:00:23.0607 3000 NdisTapi - ok

10:00:23.0638 3000 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys

10:00:23.0670 3000 Ndisuio - ok

10:00:23.0701 3000 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys

10:00:23.0748 3000 NdisWan - ok

10:00:23.0763 3000 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys

10:00:23.0826 3000 NDProxy - ok

10:00:23.0857 3000 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

10:00:23.0919 3000 NetBIOS - ok

10:00:23.0950 3000 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys

10:00:24.0013 3000 NetBT - ok

10:00:24.0028 3000 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

10:00:24.0044 3000 Netlogon - ok

10:00:24.0122 3000 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

10:00:24.0184 3000 Netman - ok

10:00:24.0231 3000 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

10:00:24.0294 3000 netprofm - ok

10:00:24.0403 3000 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:00:24.0450 3000 NetTcpPortSharing - ok

10:00:24.0465 3000 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

10:00:24.0481 3000 nfrd960 - ok

10:00:24.0652 3000 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

10:00:24.0684 3000 NIS - ok

10:00:24.0746 3000 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll

10:00:24.0793 3000 NlaSvc - ok

10:00:24.0824 3000 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

10:00:24.0886 3000 Npfs - ok

10:00:24.0902 3000 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

10:00:24.0964 3000 nsi - ok

10:00:24.0980 3000 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

10:00:25.0042 3000 nsiproxy - ok

10:00:25.0183 3000 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys

10:00:25.0261 3000 Ntfs - ok

10:00:25.0370 3000 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

10:00:25.0432 3000 Null - ok

10:00:25.0464 3000 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys

10:00:25.0479 3000 nvraid - ok

10:00:25.0526 3000 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys

10:00:25.0557 3000 nvstor - ok

10:00:25.0573 3000 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys

10:00:25.0588 3000 nv_agp - ok

10:00:25.0620 3000 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys

10:00:25.0635 3000 ohci1394 - ok

10:00:25.0713 3000 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:00:25.0729 3000 ose - ok

10:00:26.0056 3000 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

10:00:26.0212 3000 osppsvc - ok

10:00:26.0306 3000 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

10:00:26.0337 3000 p2pimsvc - ok

10:00:26.0400 3000 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

10:00:26.0431 3000 p2psvc - ok

10:00:26.0478 3000 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

10:00:26.0509 3000 Parport - ok

10:00:26.0540 3000 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys

10:00:26.0556 3000 partmgr - ok

10:00:26.0587 3000 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

10:00:26.0618 3000 PcaSvc - ok

10:00:26.0649 3000 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys

10:00:26.0665 3000 pci - ok

10:00:26.0696 3000 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

10:00:26.0712 3000 pciide - ok

10:00:26.0743 3000 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

10:00:26.0758 3000 pcmcia - ok

10:00:26.0914 3000 PCToolsSSDMonitorSvc (c98cd9ee0012df72206bd519db9780d4) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

10:00:26.0946 3000 PCToolsSSDMonitorSvc - ok

10:00:26.0977 3000 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

10:00:26.0977 3000 pcw - ok

10:00:27.0070 3000 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

10:00:27.0195 3000 PEAUTH - ok

10:00:27.0289 3000 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

10:00:27.0304 3000 PerfHost - ok

10:00:27.0351 3000 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

10:00:27.0367 3000 PGEffect - ok

10:00:27.0492 3000 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll

10:00:27.0585 3000 pla - ok

10:00:27.0663 3000 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll

10:00:27.0679 3000 PlugPlay - ok

10:00:27.0710 3000 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

10:00:27.0741 3000 PNRPAutoReg - ok

10:00:27.0772 3000 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

10:00:27.0788 3000 PNRPsvc - ok

10:00:27.0850 3000 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll

10:00:27.0913 3000 PolicyAgent - ok

10:00:27.0960 3000 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

10:00:28.0006 3000 Power - ok

10:00:28.0069 3000 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys

10:00:28.0116 3000 PptpMiniport - ok

10:00:28.0147 3000 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

10:00:28.0178 3000 Processor - ok

10:00:28.0240 3000 ProfSvc (97293447431311c06703368ad0f6c4be) C:\windows\system32\profsvc.dll

10:00:28.0272 3000 ProfSvc - ok

10:00:28.0303 3000 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

10:00:28.0318 3000 ProtectedStorage - ok

10:00:28.0350 3000 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys

10:00:28.0396 3000 Psched - ok

10:00:28.0459 3000 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys

10:00:28.0474 3000 QIOMem - ok

10:00:28.0599 3000 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

10:00:28.0662 3000 ql2300 - ok

10:00:28.0771 3000 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

10:00:28.0786 3000 ql40xx - ok

10:00:28.0833 3000 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

10:00:28.0864 3000 QWAVE - ok

10:00:28.0880 3000 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

10:00:28.0896 3000 QWAVEdrv - ok

10:00:28.0927 3000 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

10:00:28.0974 3000 RasAcd - ok

10:00:29.0036 3000 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

10:00:29.0083 3000 RasAgileVpn - ok

10:00:29.0114 3000 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

10:00:29.0176 3000 RasAuto - ok

10:00:29.0192 3000 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys

10:00:29.0254 3000 Rasl2tp - ok

10:00:29.0301 3000 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll

10:00:29.0379 3000 RasMan - ok

10:00:29.0410 3000 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

10:00:29.0457 3000 RasPppoe - ok

10:00:29.0504 3000 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

10:00:29.0551 3000 RasSstp - ok

10:00:29.0582 3000 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys

10:00:29.0644 3000 rdbss - ok

10:00:29.0660 3000 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

10:00:29.0691 3000 rdpbus - ok

10:00:29.0722 3000 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

10:00:29.0754 3000 RDPCDD - ok

10:00:29.0785 3000 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

10:00:29.0832 3000 RDPENCDD - ok

10:00:29.0847 3000 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

10:00:29.0894 3000 RDPREFMP - ok

10:00:29.0956 3000 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\windows\system32\drivers\RDPWD.sys

10:00:29.0972 3000 RDPWD - ok

10:00:30.0019 3000 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys

10:00:30.0034 3000 rdyboost - ok

10:00:30.0081 3000 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

10:00:30.0144 3000 RemoteAccess - ok

10:00:30.0159 3000 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

10:00:30.0206 3000 RemoteRegistry - ok

10:00:30.0237 3000 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

10:00:30.0300 3000 RpcEptMapper - ok

10:00:30.0315 3000 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

10:00:30.0331 3000 RpcLocator - ok

10:00:30.0393 3000 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll

10:00:30.0456 3000 RpcSs - ok

10:00:30.0471 3000 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

10:00:30.0518 3000 rspndr - ok

10:00:30.0612 3000 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys

10:00:30.0643 3000 RSUSBSTOR - ok

10:00:30.0783 3000 rtl8192Ce (b89c0601a05e1140ac96fa965d94c340) C:\windows\system32\DRIVERS\rtl8192Ce.sys

10:00:30.0814 3000 rtl8192Ce - ok

10:00:30.0861 3000 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

10:00:30.0892 3000 SamSs - ok

10:00:30.0924 3000 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys

10:00:30.0939 3000 sbp2port - ok

10:00:30.0955 3000 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

10:00:31.0002 3000 SCardSvr - ok

10:00:31.0017 3000 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys

10:00:31.0080 3000 scfilter - ok

10:00:31.0189 3000 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll

10:00:31.0220 3000 Schedule - ok

10:00:31.0267 3000 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll

10:00:31.0314 3000 SCPolicySvc - ok

10:00:31.0329 3000 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll

10:00:31.0376 3000 SDRSVC - ok

10:00:31.0423 3000 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

10:00:31.0485 3000 secdrv - ok

10:00:31.0501 3000 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll

10:00:31.0563 3000 seclogon - ok

10:00:31.0594 3000 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

10:00:31.0641 3000 SENS - ok

10:00:31.0657 3000 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

10:00:31.0672 3000 SensrSvc - ok

10:00:31.0704 3000 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

10:00:31.0735 3000 Serenum - ok

10:00:31.0750 3000 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

10:00:31.0766 3000 Serial - ok

10:00:31.0797 3000 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

10:00:31.0828 3000 sermouse - ok

10:00:31.0860 3000 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll

10:00:31.0906 3000 SessionEnv - ok

10:00:31.0922 3000 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys

10:00:31.0938 3000 sffdisk - ok

10:00:31.0953 3000 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys

10:00:31.0984 3000 sffp_mmc - ok

10:00:32.0000 3000 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys

10:00:32.0031 3000 sffp_sd - ok

10:00:32.0062 3000 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

10:00:32.0078 3000 sfloppy - ok

10:00:32.0172 3000 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

10:00:32.0250 3000 SharedAccess - ok

10:00:32.0281 3000 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll

10:00:32.0312 3000 ShellHWDetection - ok

10:00:32.0328 3000 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

10:00:32.0328 3000 SiSRaid2 - ok

10:00:32.0359 3000 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

10:00:32.0359 3000 SiSRaid4 - ok

10:00:32.0406 3000 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

10:00:32.0468 3000 Smb - ok

10:00:32.0499 3000 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

10:00:32.0515 3000 SNMPTRAP - ok

10:00:32.0546 3000 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

10:00:32.0562 3000 spldr - ok

10:00:32.0624 3000 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe

10:00:32.0655 3000 Spooler - ok

10:00:32.0967 3000 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe

10:00:33.0061 3000 sppsvc - ok

10:00:33.0232 3000 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

10:00:33.0295 3000 sppuinotify - ok

10:00:33.0498 3000 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS

10:00:33.0529 3000 SRTSP - ok

10:00:33.0560 3000 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS

10:00:33.0560 3000 SRTSPX - ok

10:00:33.0607 3000 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys

10:00:33.0654 3000 srv - ok

10:00:33.0700 3000 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys

10:00:33.0732 3000 srv2 - ok

10:00:33.0810 3000 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS

10:00:33.0841 3000 SrvHsfHDA - ok

10:00:33.0981 3000 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS

10:00:34.0059 3000 SrvHsfV92 - ok

10:00:34.0184 3000 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS

10:00:34.0231 3000 SrvHsfWinac - ok

10:00:34.0262 3000 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys

10:00:34.0293 3000 srvnet - ok

10:00:34.0340 3000 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

10:00:34.0387 3000 SSDPSRV - ok

10:00:34.0402 3000 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

10:00:34.0465 3000 SstpSvc - ok

10:00:34.0496 3000 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

10:00:34.0512 3000 stexstor - ok

10:00:34.0574 3000 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll

10:00:34.0621 3000 stisvc - ok

10:00:34.0636 3000 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

10:00:34.0652 3000 swenum - ok

10:00:34.0730 3000 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

10:00:34.0839 3000 swprv - ok

10:00:34.0995 3000 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS

10:00:35.0026 3000 SymDS - ok

10:00:35.0151 3000 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS

10:00:35.0182 3000 SymEFA - ok

10:00:35.0245 3000 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

10:00:35.0260 3000 SymEvent - ok

10:00:35.0307 3000 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS

10:00:35.0323 3000 SymIRON - ok

10:00:35.0354 3000 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS

10:00:35.0370 3000 SymNetS - ok

10:00:35.0463 3000 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys

10:00:35.0494 3000 SynTP - ok

10:00:35.0650 3000 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll

10:00:35.0713 3000 SysMain - ok

10:00:35.0838 3000 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll

10:00:35.0869 3000 TabletInputService - ok

10:00:35.0900 3000 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll

10:00:35.0962 3000 TapiSrv - ok

10:00:35.0978 3000 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

10:00:36.0025 3000 TBS - ok

10:00:36.0243 3000 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys

10:00:36.0337 3000 Tcpip - ok

10:00:36.0555 3000 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys

10:00:36.0602 3000 TCPIP6 - ok

10:00:36.0696 3000 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys

10:00:36.0758 3000 tcpipreg - ok

10:00:36.0852 3000 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

10:00:36.0867 3000 tdcmdpst - ok

10:00:36.0898 3000 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

10:00:36.0961 3000 TDPIPE - ok

10:00:37.0008 3000 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys

10:00:37.0023 3000 TDTCP - ok

10:00:37.0054 3000 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys

10:00:37.0101 3000 tdx - ok

10:00:37.0164 3000 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys

10:00:37.0179 3000 TermDD - ok

10:00:37.0288 3000 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll

10:00:37.0366 3000 TermService - ok

10:00:37.0382 3000 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

10:00:37.0429 3000 Themes - ok

10:00:37.0460 3000 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

10:00:37.0507 3000 THREADORDER - ok

10:00:37.0632 3000 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

10:00:37.0647 3000 TMachInfo - ok

10:00:37.0663 3000 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe

10:00:37.0678 3000 TODDSrv - ok

10:00:37.0772 3000 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

10:00:37.0803 3000 TosCoSrv - ok

10:00:37.0866 3000 TOSHIBA eco Utility Service (bae96ad126f4eed4d361b092ba2e61fe) C:\Program Files\TOSHIBA\TECO\TecoService.exe

10:00:37.0897 3000 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - warning

10:00:37.0897 3000 TOSHIBA eco Utility Service - detected UnsignedFile.Multi.Generic (1)

10:00:37.0944 3000 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

10:00:37.0944 3000 TOSHIBA HDD SSD Alert Service - ok

10:00:38.0037 3000 TPCHSrv (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

10:00:38.0053 3000 TPCHSrv - ok

10:00:38.0193 3000 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

10:00:38.0256 3000 TrkWks - ok

10:00:38.0302 3000 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe

10:00:38.0318 3000 TrustedInstaller - ok

10:00:38.0349 3000 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys

10:00:38.0396 3000 tssecsrv - ok

10:00:38.0443 3000 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys

10:00:38.0490 3000 tunnel - ok

10:00:38.0505 3000 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

10:00:38.0521 3000 TVALZ - ok

10:00:38.0568 3000 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

10:00:38.0583 3000 TVALZFL - ok

10:00:38.0599 3000 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

10:00:38.0614 3000 uagp35 - ok

10:00:38.0661 3000 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys

10:00:38.0755 3000 udfs - ok

10:00:38.0802 3000 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

10:00:38.0833 3000 UI0Detect - ok

10:00:38.0864 3000 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys

10:00:38.0880 3000 uliagpkx - ok

10:00:38.0911 3000 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys

10:00:38.0926 3000 umbus - ok

10:00:38.0973 3000 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

10:00:38.0989 3000 UmPass - ok

10:00:39.0238 3000 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

10:00:39.0316 3000 UNS - ok

10:00:39.0441 3000 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

10:00:39.0504 3000 upnphost - ok

10:00:39.0550 3000 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys

10:00:39.0566 3000 usbccgp - ok

10:00:39.0597 3000 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys

10:00:39.0628 3000 usbcir - ok

10:00:39.0660 3000 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys

10:00:39.0675 3000 usbehci - ok

10:00:39.0722 3000 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys

10:00:39.0753 3000 usbhub - ok

10:00:39.0784 3000 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys

10:00:39.0816 3000 usbohci - ok

10:00:39.0831 3000 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

10:00:39.0847 3000 usbprint - ok

10:00:39.0862 3000 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

10:00:39.0909 3000 usbscan - ok

10:00:39.0925 3000 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS

10:00:39.0956 3000 USBSTOR - ok

10:00:39.0972 3000 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys

10:00:39.0987 3000 usbuhci - ok

10:00:40.0034 3000 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys

10:00:40.0065 3000 usbvideo - ok

10:00:40.0096 3000 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

10:00:40.0143 3000 UxSms - ok

10:00:40.0174 3000 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

10:00:40.0190 3000 VaultSvc - ok

10:00:40.0206 3000 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys

10:00:40.0221 3000 vdrvroot - ok

10:00:40.0284 3000 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe

10:00:40.0330 3000 vds - ok

10:00:40.0346 3000 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

10:00:40.0362 3000 vga - ok

10:00:40.0393 3000 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

10:00:40.0440 3000 VgaSave - ok

10:00:40.0486 3000 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys

10:00:40.0502 3000 vhdmp - ok

10:00:40.0518 3000 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys

10:00:40.0533 3000 viaide - ok

10:00:40.0549 3000 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys

10:00:40.0564 3000 volmgr - ok

10:00:40.0611 3000 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys

10:00:40.0627 3000 volmgrx - ok

10:00:40.0658 3000 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys

10:00:40.0689 3000 volsnap - ok

10:00:40.0736 3000 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

10:00:40.0752 3000 vsmraid - ok

10:00:40.0876 3000 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe

10:00:40.0954 3000 VSS - ok

10:00:41.0064 3000 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

10:00:41.0110 3000 vwifibus - ok

10:00:41.0142 3000 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

10:00:41.0173 3000 vwififlt - ok

10:00:41.0204 3000 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

10:00:41.0282 3000 W32Time - ok

10:00:41.0298 3000 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

10:00:41.0329 3000 WacomPen - ok

10:00:41.0360 3000 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

10:00:41.0438 3000 WANARP - ok

10:00:41.0438 3000 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

10:00:41.0485 3000 Wanarpv6 - ok

10:00:41.0625 3000 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

10:00:41.0672 3000 WatAdminSvc - ok

10:00:41.0844 3000 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe

10:00:41.0922 3000 wbengine - ok

10:00:42.0062 3000 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

10:00:42.0093 3000 WbioSrvc - ok

10:00:42.0140 3000 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll

10:00:42.0187 3000 wcncsvc - ok

10:00:42.0202 3000 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

10:00:42.0218 3000 WcsPlugInService - ok

10:00:42.0249 3000 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

10:00:42.0265 3000 Wd - ok

10:00:42.0327 3000 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

10:00:42.0343 3000 Wdf01000 - ok

10:00:42.0374 3000 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

10:00:42.0405 3000 WdiServiceHost - ok

10:00:42.0405 3000 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

10:00:42.0436 3000 WdiSystemHost - ok

10:00:42.0483 3000 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll

10:00:42.0514 3000 WebClient - ok

10:00:42.0546 3000 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

10:00:42.0639 3000 Wecsvc - ok

10:00:42.0655 3000 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

10:00:42.0717 3000 wercplsupport - ok

10:00:42.0764 3000 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

10:00:42.0826 3000 WerSvc - ok

10:00:42.0873 3000 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

10:00:42.0936 3000 WfpLwf - ok

10:00:42.0967 3000 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

10:00:42.0982 3000 WIMMount - ok

10:00:43.0029 3000 WinDefend - ok

10:00:43.0029 3000 WinHttpAutoProxySvc - ok

10:00:43.0107 3000 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

10:00:43.0154 3000 Winmgmt - ok

10:00:43.0450 3000 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll

10:00:43.0591 3000 WinRM - ok

10:00:43.0825 3000 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

10:00:43.0872 3000 Wlansvc - ok

10:00:43.0934 3000 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

10:00:43.0950 3000 WmiAcpi - ok

10:00:44.0028 3000 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

10:00:44.0059 3000 wmiApSrv - ok

10:00:44.0121 3000 WMPNetworkSvc - ok

10:00:44.0137 3000 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

10:00:44.0152 3000 WPCSvc - ok

10:00:44.0168 3000 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll

10:00:44.0199 3000 WPDBusEnum - ok

10:00:44.0230 3000 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

10:00:44.0277 3000 ws2ifsl - ok

10:00:44.0324 3000 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\System32\wscsvc.dll

10:00:44.0355 3000 wscsvc - ok

10:00:44.0371 3000 WSearch - ok

10:00:44.0574 3000 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll

10:00:44.0667 3000 wuauserv - ok

10:00:44.0870 3000 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys

10:00:44.0917 3000 WudfPf - ok

10:00:44.0979 3000 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys

10:00:45.0026 3000 WUDFRd - ok

10:00:45.0073 3000 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll

10:00:45.0135 3000 wudfsvc - ok

10:00:45.0198 3000 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

10:00:45.0276 3000 WwanSvc - ok

10:00:45.0291 3000 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

10:00:45.0354 3000 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

10:00:45.0354 3000 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

10:00:45.0447 3000 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:00:45.0447 3000 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:00:45.0478 3000 Boot (0x1200) (ccef0f6bbfa6e6a82c5044f5140c0465) \Device\Harddisk0\DR0\Partition0

10:00:45.0478 3000 \Device\Harddisk0\DR0\Partition0 - ok

10:00:45.0478 3000 ============================================================

10:00:45.0478 3000 Scan finished

10:00:45.0478 3000 ============================================================

10:00:45.0510 2404 Detected object count: 4

10:00:45.0510 2404 Actual detected object count: 4

10:02:59.0529 2404 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

10:02:59.0529 2404 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:02:59.0529 2404 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - skipped by user

10:02:59.0529 2404 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:03:00.0341 2404 \Device\Harddisk0\DR0\# - copied to quarantine

10:03:00.0341 2404 \Device\Harddisk0\DR0 - copied to quarantine

10:03:00.0387 2404 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

10:03:00.0403 2404 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

10:03:00.0419 2404 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

10:03:00.0434 2404 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

10:03:00.0450 2404 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

10:03:00.0465 2404 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

10:03:00.0465 2404 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

10:03:00.0465 2404 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

10:03:00.0465 2404 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

10:03:00.0465 2404 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

10:03:00.0481 2404 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

10:03:00.0481 2404 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

10:03:00.0481 2404 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

10:03:00.0481 2404 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

10:03:00.0512 2404 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

10:03:00.0543 2404 \Device\Harddisk0\DR0 - ok

10:03:00.0731 2404 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

10:03:00.0731 2404 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:03:00.0731 2404 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

10:03:13.0772 1896 Deinitialize success

MrCharlie · August 13, 2012

Run TDSSKiller again and choose Delete for this one only: (you don't have to pot the log)

10:03:00.0731 2404 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:03:00.0731 2404 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

-------------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

texanfan100 · August 13, 2012

ComboFix 12-08-13.01 - Owner 08/13/2012 12:04:57.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2560 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Shop to Win

c:\program files (x86)\Shop to Win\InstallNotifier.exe

c:\program files (x86)\Shop to Win\ShopToWin.exe

c:\program files (x86)\Shop to Win\unins000.exe

c:\users\Owner\Documents\ShopToWin

c:\windows\svchost.exe

.

((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))

.

2012-08-13 17:09 . 2012-08-13 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-13 15:02 . 2012-08-13 16:49 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-13 03:31 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6182D58A-2F65-44EF-895B-0E0397B9CB00}\mpengine.dll

2012-08-13 02:28 . 2012-08-13 02:28 -------- d-----w- C:\FRST

2012-08-13 00:58 . 2012-08-13 03:09 -------- d-----w- c:\users\Backup

2012-08-11 19:15 . 2012-08-11 19:15 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com

2012-08-11 19:13 . 2012-08-13 03:08 -------- d-----w- c:\program files\CCleaner

2012-08-11 19:07 . 2012-08-13 03:09 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-11 19:07 . 2012-08-11 19:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-08-11 19:07 . 2012-08-11 19:07 -------- d-----w- c:\programdata\SUPERSetup

2012-08-11 01:06 . 2012-08-11 01:07 -------- d-----w- c:\users\Owner\AppData\Roaming\Registry Mechanic

2012-08-10 18:20 . 2012-08-10 18:20 -------- d-----w- c:\users\Owner\AppData\Roaming\Tific

2012-08-10 18:20 . 2012-08-10 18:20 -------- d-----w- c:\users\Owner\AppData\Local\Symantec

2012-08-10 17:44 . 2012-08-10 17:44 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-10 17:34 . 2012-08-10 17:34 -------- d-----w- c:\windows\Sun

2012-07-31 03:58 . 2012-08-13 03:08 -------- d-----w- c:\program files (x86)\Shop to Win 19

2012-07-31 03:58 . 2012-07-31 03:58 -------- d-----w- c:\programdata\InstallMate

2012-07-25 19:51 . 2012-07-25 19:51 -------- d-----w- c:\users\Owner\AppData\Roaming\vlc

2012-07-25 19:48 . 2012-07-25 19:48 -------- d-----w- c:\programdata\Graboid Inc

2012-07-25 19:48 . 2012-07-25 19:48 -------- d-----w- c:\users\Owner\AppData\Local\Geckofx

2012-07-25 19:48 . 2012-07-25 19:48 -------- d-----w- c:\program files (x86)\VideoLAN

2012-07-25 19:48 . 2012-07-25 19:51 -------- d-----w- c:\program files (x86)\Graboid

2012-07-18 18:59 . 2012-07-18 18:59 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 18:46 . 2011-10-31 20:28 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-12 03:02 . 2012-07-12 16:06 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:30 . 2012-07-11 18:10 14165504 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 05:50 . 2012-07-11 18:10 2003968 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:50 . 2012-07-11 18:10 1880064 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:09 . 2012-07-11 18:10 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:09 . 2012-07-11 18:10 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-02 22:19 . 2012-06-24 17:32 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-24 17:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-24 17:32 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-24 17:32 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-24 17:32 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-24 17:32 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-24 17:32 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-24 17:32 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-24 17:32 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:38 . 2012-07-11 18:09 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:38 . 2012-07-11 18:09 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:37 . 2012-07-11 18:09 459216 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:27 . 2012-07-11 18:09 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:27 . 2012-07-11 18:09 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:48 . 2012-07-11 18:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:48 . 2012-07-11 18:09 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:47 . 2012-07-11 18:09 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:42 . 2012-07-11 18:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 17:25 . 2011-11-23 23:20 279656 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8E51683A-EA9D-4127-AE14-A13294FF6F7C}]

2010-12-29 18:20 14432 ----a-w- c:\program files (x86)\Shop to Win 19\Shop to Win 19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-02 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 136176]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [2012-02-20 240408]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20111122.030\IDSvia64.sys [2011-10-21 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [2012-02-20 193816]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]

S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]

S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-02-12 877088]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 02:08]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 02:08]

.

2012-08-10 c:\windows\Tasks\RMSchedule.job

- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-10-28 15:02]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bing.com/?PC=BNHP

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.0.0.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{7aeb3efd-e564-43f1-b658-5058a7c5743b} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Shop To Win - c:\program files (x86)\Shop To Win\ShopToWin.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{833A2489-808F-45FE-8BEF-E391F599CAC0}_is1 - c:\program files (x86)\Shop To Win\unins000.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-08-13 12:16:12 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-13 17:16

.

Pre-Run: 259,937,353,728 bytes free

Post-Run: 259,705,245,696 bytes free

.

- - End Of File - - 2029DD723B8A30577AF72170285417D8

MrCharlie · August 13, 2012

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

texanfan100 · August 13, 2012

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.13.06

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Owner :: OWNER-PC [administrator]

8/13/2012 2:31:16 PM

mbam-log-2012-08-13 (14-31-16).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 222991

Time elapsed: 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

----------------------------------------------

Everything seems to be back to normal. I was getting redirected to a different site everytime I googled something but google is working fine now.

MrCharlie · August 13, 2012

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Maurice Naggar · August 14, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The same 4 viruses won't go away. Please help.

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information