Jump to content

Trojan.Agent.NIX found


Recommended Posts

Moderator NOTE: Do NOT use the attach feature when posting your logs. ALWAYS Copy & Paste all contents directly into main-body of reply !!!

I recently ran your product and it found this malware on my computer. It looks like MBAM was able to remove it, but I'm still having some issues when I try to use LastPass to access my Chase.com account. It appears like the system is logging me into chase.com, but instead the URL reads https:\\mafsa.chase.com\ but nothing happens when I get there. Could this be related to the virus that MBAM removed. Obviously when it comes to my credit I'm very concerned about anything that seems out of the ordinary.

Now if I logon to chase.com without using LastPass my user ID and password take me directly to their site.

Since our computer still is not functioning correctly, I'm concerned there still may be something on there that my Norton Security Suite cannot find since it obviously let this one in.

Here is my MBAM log that found the malware:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.20.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Stoeffler :: STOEFFLER-LT1 [administrator]

12/20/2012 9:52:52 AM

mbam-log-2012-12-20 (09-52-52).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 460136

Time elapsed: 54 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\ProgramData\Microsoft\Windows\DRM\3E77.tmp.dat (Trojan.Agent.NIX) -> Quarantined and deleted successfully.

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by Stoeffler at 7:53:36 on 2012-12-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1741 [GMT -5:00]

.

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\windows\system32\atieclxx.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.yahoo.com/

uSearch Bar = Preserve

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll

uRun: [Artisan 830(Network)] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIGXA.EXE /FU "C:\windows\TEMP\E_SCDCA.tmp" /EF "HKCU"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\STOEFF~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: LastPass - C:\Users\Stoeffler\AppData\LocalLow\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - C:\Users\Stoeffler\AppData\LocalLow\LastPass\context.html?cmd=fillforms

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\Sandy\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1

DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://registration.hsesports.org/Reserved.ReportViewerWebControl.axd?ReportSession=33dgeu55ipeih4455qwxin45&ControlID=6374fc3be7b84dcabcab388f03718220&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab

DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - C:\Users\Sandy\AppData\Local\Temp\f5tmp\f5InspectionHost.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{8ACB5ADB-3D5A-4238-AA4E-6AEE44E620A2} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{8ACB5ADB-3D5A-4238-AA4E-6AEE44E620A2}\3547F6566666C65627 : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe

x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Stoeffler\AppData\Roaming\Mozilla\Firefox\Profiles\3qk9v51x.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - ExtSQL: 2012-11-16 03:41; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2

FF - ExtSQL: 2012-11-20 19:30; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-7-16 450680]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-7-16 912504]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-3 1384608]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121221.001\IDSviA64.sys [2012-12-21 513184]

R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-7-16 171128]

R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-7-16 386168]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-5-28 202752]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-5-28 126392]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-2 1153368]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-19 138912]

R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-5-28 9216]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]

R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-5-28 35008]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\windows\System32\drivers\ssadadb.sys [2011-5-13 36328]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\System32\drivers\motfilt.sys [2009-1-29 6144]

S3 motccgp;Motorola USB Composite Device Driver;C:\windows\System32\drivers\motccgp.sys [2011-4-4 21504]

S3 motccgpfl;MotCcgpFlService;C:\windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-5-28 232992]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-5-28 51512]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-24 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-7-2 1255736]

.

=============== Created Last 30 ================

.

2012-12-21 23:57:35 -------- d-----w- C:\Program Files (x86)\ESET

2012-12-21 23:54:38 -------- d-----w- C:\Users\Stoeffler\AppData\Roaming\LastPass

2012-12-21 22:54:13 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

2012-12-21 22:54:06 -------- d-----w- C:\Program Files (x86)\LastPass

2012-12-21 22:47:00 14690376 ----a-w- C:\Users\Stoeffler\AppData\Roaming\lpuninstall.exe

2012-12-21 13:22:59 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-21 13:22:59 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-21 13:22:59 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-21 13:22:58 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-20 14:51:37 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-12-12 12:30:03 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-12-12 12:30:03 2048 ----a-w- C:\windows\System32\tzres.dll

.

==================== Find3M ====================

.

2012-12-12 03:13:32 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 03:13:32 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-10-18 23:52:47 3718144 ----a-w- C:\windows\System32\drivers\athrx.sys

2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys

2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll

.

============= FINISH: 7:54:25.28 ===============</orphaned></orphaned></orphaned>

attach.txt

Edited by Maurice Naggar
Link to post
Share on other sites

Hello Scott,

DO tell me which browser you use when you do online banking.

NOTE: Do NOT use the attach feature when posting your logs. ALWAYS Copy & Paste all contents directly into main-body of reply !!!

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar
Link to post
Share on other sites

I'm sorry, but I just now saw your post. Let me try what you requesting and see what happens.

I can tell you I'm using IE 9 as my main browser.

I've ran all types of scans with various products (ESET, Norton Power Eraser, SuperAntiSpyware, Spybot, Norton Security Suite, etc.). All of them have returned no findings but when the computer started to act up tonight after installing a new cable modem I found a PCBrowser.exe *32 process running. I'm not sure what this is, but I have the feeling it isn't good.

Link to post
Share on other sites

Okay....I got step #2 figured out..

Step #3: AdwCleaner

# AdwCleaner v2.103 - Logfile created 12/27/2012 at 23:20:11

# Updated 25/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Stoeffler - STOEFFLER-LT1

# Boot Mode : Normal

# Running from : C:\Users\Stoeffler\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Searchqu Toolbar

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\Partner

Folder Found : C:\Users\Branden\AppData\LocalLow\Conduit

Folder Found : C:\Users\Branden\AppData\LocalLow\ConduitEngine

Folder Found : C:\Users\Kayla\AppData\LocalLow\Conduit

Folder Found : C:\Users\Kayla\AppData\LocalLow\ConduitEngine

Folder Found : C:\Users\Sandy\AppData\Local\Conduit

Folder Found : C:\Users\Sandy\AppData\Local\Ilivid Player

Folder Found : C:\Users\Sandy\AppData\LocalLow\Conduit

Folder Found : C:\Users\Sandy\AppData\LocalLow\ConduitEngine

Folder Found : C:\Users\Sandy\AppData\LocalLow\Searchqutoolbar

Folder Found : C:\Users\Stoeffler\AppData\LocalLow\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3061355

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\Software

Key Found : HKU\S-1-5-21-645547694-1297501120-130025777-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

File : C:\Users\Stoeffler\AppData\Roaming\Mozilla\Firefox\Profiles\3qk9v51x.default\prefs.js

[OK] File is clean.

File : C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\5em2ydsq.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.8] : homepage = "hxxp://www.searchnu.com/406",

Found [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://www.google.com" ]

Found [l.35] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=418&systemid=406&sr=0&q={searchTerms}"

Found [l.140] : homepage = "hxxp://www.searchnu.com/406",

Found [l.345] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://www.google.com" ]

*************************

AdwCleaner[R1].txt - [3883 octets] - [27/12/2012 23:20:11]

########## EOF - C:\AdwCleaner[R1].txt - [3943 octets] ##########

Step 4: TDSSKiller

23:25:34.0594 4460 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

23:25:36.0607 4460 ============================================================

23:25:36.0607 4460 Current date / time: 2012/12/27 23:25:36.0607

23:25:36.0607 4460 SystemInfo:

23:25:36.0607 4460

23:25:36.0607 4460 OS Version: 6.1.7601 ServicePack: 1.0

23:25:36.0607 4460 Product type: Workstation

23:25:36.0607 4460 ComputerName: STOEFFLER-LT1

23:25:36.0607 4460 UserName: Stoeffler

23:25:36.0607 4460 Windows directory: C:\windows

23:25:36.0607 4460 System windows directory: C:\windows

23:25:36.0607 4460 Running under WOW64

23:25:36.0607 4460 Processor architecture: Intel x64

23:25:36.0607 4460 Number of processors: 2

23:25:36.0607 4460 Page size: 0x1000

23:25:36.0607 4460 Boot type: Normal boot

23:25:36.0607 4460 ============================================================

23:25:39.0430 4460 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:25:39.0446 4460 ============================================================

23:25:39.0446 4460 \Device\Harddisk0\DR0:

23:25:39.0446 4460 MBR partitions:

23:25:39.0446 4460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCD9000

23:25:39.0446 4460 ============================================================

23:25:39.0493 4460 C: <-> \Device\Harddisk0\DR0\Partition1

23:25:39.0493 4460 ============================================================

23:25:39.0493 4460 Initialize success

23:25:39.0493 4460 ============================================================

23:25:43.0985 5520 ============================================================

23:25:43.0985 5520 Scan started

23:25:43.0985 5520 Mode: Manual;

23:25:43.0985 5520 ============================================================

23:25:45.0296 5520 ================ Scan system memory ========================

23:25:45.0296 5520 System memory - ok

23:25:45.0296 5520 ================ Scan services =============================

23:25:45.0577 5520 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

23:25:45.0577 5520 1394ohci - ok

23:25:45.0701 5520 ACDaemon - ok

23:25:45.0764 5520 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

23:25:45.0764 5520 ACPI - ok

23:25:45.0826 5520 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

23:25:45.0826 5520 AcpiPmi - ok

23:25:45.0951 5520 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:25:45.0951 5520 AdobeARMservice - ok

23:25:46.0123 5520 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:25:46.0123 5520 AdobeFlashPlayerUpdateSvc - ok

23:25:46.0201 5520 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys

23:25:46.0201 5520 adp94xx - ok

23:25:46.0247 5520 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys

23:25:46.0247 5520 adpahci - ok

23:25:46.0294 5520 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys

23:25:46.0294 5520 adpu320 - ok

23:25:46.0325 5520 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

23:25:46.0325 5520 AeLookupSvc - ok

23:25:46.0388 5520 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

23:25:46.0403 5520 AFD - ok

23:25:46.0450 5520 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

23:25:46.0450 5520 agp440 - ok

23:25:46.0481 5520 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

23:25:46.0481 5520 ALG - ok

23:25:46.0528 5520 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

23:25:46.0528 5520 aliide - ok

23:25:46.0575 5520 [ 57B773D82E8CC3C6D7E02CC8A6632043 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe

23:25:46.0591 5520 AMD External Events Utility - ok

23:25:46.0622 5520 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

23:25:46.0637 5520 amdide - ok

23:25:46.0669 5520 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys

23:25:46.0684 5520 AmdK8 - ok

23:25:46.0887 5520 [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] amdkmdag C:\windows\system32\DRIVERS\atipmdag.sys

23:25:47.0090 5520 amdkmdag - ok

23:25:47.0137 5520 [ 8149DB73BE27950EC72767A1193153A6 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys

23:25:47.0137 5520 amdkmdap - ok

23:25:47.0168 5520 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

23:25:47.0168 5520 AmdPPM - ok

23:25:47.0215 5520 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

23:25:47.0215 5520 amdsata - ok

23:25:47.0230 5520 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys

23:25:47.0246 5520 amdsbs - ok

23:25:47.0261 5520 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

23:25:47.0261 5520 amdxata - ok

23:25:47.0308 5520 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\windows\system32\Drivers\ssadadb.sys

23:25:47.0324 5520 androidusb - ok

23:25:47.0355 5520 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

23:25:47.0371 5520 AppID - ok

23:25:47.0402 5520 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

23:25:47.0402 5520 AppIDSvc - ok

23:25:47.0449 5520 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

23:25:47.0449 5520 Appinfo - ok

23:25:47.0495 5520 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys

23:25:47.0495 5520 arc - ok

23:25:47.0527 5520 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys

23:25:47.0527 5520 arcsas - ok

23:25:47.0558 5520 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

23:25:47.0558 5520 AsyncMac - ok

23:25:47.0605 5520 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

23:25:47.0605 5520 atapi - ok

23:25:47.0761 5520 [ 0450B9DA892E7F3AB8EE817D4E835C0B ] athr C:\windows\system32\DRIVERS\athrx.sys

23:25:47.0870 5520 athr - ok

23:25:47.0917 5520 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys

23:25:47.0917 5520 AtiPcie - ok

23:25:47.0963 5520 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

23:25:47.0979 5520 AudioEndpointBuilder - ok

23:25:47.0995 5520 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

23:25:47.0995 5520 AudioSrv - ok

23:25:48.0057 5520 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

23:25:48.0057 5520 AxInstSV - ok

23:25:48.0104 5520 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys

23:25:48.0119 5520 b06bdrv - ok

23:25:48.0166 5520 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

23:25:48.0166 5520 b57nd60a - ok

23:25:48.0213 5520 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

23:25:48.0229 5520 BDESVC - ok

23:25:48.0244 5520 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

23:25:48.0244 5520 Beep - ok

23:25:48.0307 5520 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

23:25:48.0322 5520 BFE - ok

23:25:48.0556 5520 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121130.005\BHDrvx64.sys

23:25:48.0572 5520 BHDrvx64 - ok

23:25:48.0650 5520 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

23:25:48.0665 5520 BITS - ok

23:25:48.0697 5520 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

23:25:48.0712 5520 blbdrive - ok

23:25:48.0759 5520 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

23:25:48.0759 5520 bowser - ok

23:25:48.0790 5520 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys

23:25:48.0790 5520 BrFiltLo - ok

23:25:48.0806 5520 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys

23:25:48.0806 5520 BrFiltUp - ok

23:25:48.0853 5520 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

23:25:48.0853 5520 Browser - ok

23:25:48.0899 5520 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

23:25:48.0899 5520 Brserid - ok

23:25:48.0915 5520 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

23:25:48.0915 5520 BrSerWdm - ok

23:25:48.0946 5520 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

23:25:48.0946 5520 BrUsbMdm - ok

23:25:48.0977 5520 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

23:25:48.0977 5520 BrUsbSer - ok

23:25:49.0009 5520 [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\windows\system32\DRIVERS\motfilt.sys

23:25:49.0024 5520 BTCFilterService - ok

23:25:49.0040 5520 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys

23:25:49.0040 5520 BTHMODEM - ok

23:25:49.0087 5520 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

23:25:49.0102 5520 bthserv - ok

23:25:49.0118 5520 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

23:25:49.0118 5520 cdfs - ok

23:25:49.0180 5520 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

23:25:49.0180 5520 cdrom - ok

23:25:49.0227 5520 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

23:25:49.0227 5520 CertPropSvc - ok

23:25:49.0274 5520 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys

23:25:49.0274 5520 circlass - ok

23:25:49.0321 5520 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

23:25:49.0321 5520 CLFS - ok

23:25:49.0414 5520 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:25:49.0414 5520 clr_optimization_v2.0.50727_32 - ok

23:25:49.0477 5520 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:25:49.0477 5520 clr_optimization_v2.0.50727_64 - ok

23:25:49.0570 5520 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:25:49.0570 5520 clr_optimization_v4.0.30319_32 - ok

23:25:49.0633 5520 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:25:49.0633 5520 clr_optimization_v4.0.30319_64 - ok

23:25:49.0679 5520 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

23:25:49.0695 5520 CmBatt - ok

23:25:49.0711 5520 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

23:25:49.0711 5520 cmdide - ok

23:25:49.0773 5520 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

23:25:49.0773 5520 CNG - ok

23:25:49.0851 5520 [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys

23:25:49.0851 5520 CnxtHdAudService - ok

23:25:49.0898 5520 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys

23:25:49.0898 5520 Compbatt - ok

23:25:49.0929 5520 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys

23:25:49.0945 5520 CompositeBus - ok

23:25:49.0960 5520 COMSysApp - ok

23:25:49.0991 5520 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys

23:25:49.0991 5520 crcdisk - ok

23:25:50.0069 5520 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll

23:25:50.0069 5520 CryptSvc - ok

23:25:50.0147 5520 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

23:25:50.0163 5520 DcomLaunch - ok

23:25:50.0210 5520 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

23:25:50.0210 5520 defragsvc - ok

23:25:50.0257 5520 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

23:25:50.0272 5520 DfsC - ok

23:25:50.0303 5520 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

23:25:50.0319 5520 Dhcp - ok

23:25:50.0350 5520 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

23:25:50.0350 5520 discache - ok

23:25:50.0381 5520 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys

23:25:50.0381 5520 Disk - ok

23:25:50.0475 5520 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

23:25:50.0491 5520 Dnscache - ok

23:25:50.0631 5520 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

23:25:50.0631 5520 dot3svc - ok

23:25:50.0678 5520 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

23:25:50.0678 5520 DPS - ok

23:25:50.0709 5520 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

23:25:50.0709 5520 drmkaud - ok

23:25:50.0787 5520 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

23:25:50.0803 5520 DXGKrnl - ok

23:25:50.0849 5520 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

23:25:50.0849 5520 EapHost - ok

23:25:50.0974 5520 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys

23:25:51.0052 5520 ebdrv - ok

23:25:51.0208 5520 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

23:25:51.0208 5520 eeCtrl - ok

23:25:51.0255 5520 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

23:25:51.0255 5520 EFS - ok

23:25:51.0349 5520 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

23:25:51.0364 5520 ehRecvr - ok

23:25:51.0395 5520 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

23:25:51.0411 5520 ehSched - ok

23:25:51.0458 5520 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys

23:25:51.0473 5520 elxstor - ok

23:25:51.0551 5520 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

23:25:51.0551 5520 EpsonBidirectionalService - ok

23:25:51.0614 5520 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

23:25:51.0629 5520 EraserUtilRebootDrv - ok

23:25:51.0645 5520 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

23:25:51.0645 5520 ErrDev - ok

23:25:51.0723 5520 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

23:25:51.0723 5520 EventSystem - ok

23:25:51.0770 5520 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

23:25:51.0770 5520 exfat - ok

23:25:51.0801 5520 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

23:25:51.0801 5520 fastfat - ok

23:25:51.0863 5520 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

23:25:51.0879 5520 Fax - ok

23:25:51.0910 5520 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys

23:25:51.0926 5520 fdc - ok

23:25:51.0957 5520 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

23:25:51.0957 5520 fdPHost - ok

23:25:51.0973 5520 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

23:25:51.0973 5520 FDResPub - ok

23:25:52.0004 5520 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

23:25:52.0004 5520 FileInfo - ok

23:25:52.0004 5520 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

23:25:52.0019 5520 Filetrace - ok

23:25:52.0051 5520 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys

23:25:52.0051 5520 flpydisk - ok

23:25:52.0113 5520 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

23:25:52.0113 5520 FltMgr - ok

23:25:52.0191 5520 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

23:25:52.0207 5520 FontCache - ok

23:25:52.0269 5520 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:25:52.0269 5520 FontCache3.0.0.0 - ok

23:25:52.0300 5520 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

23:25:52.0300 5520 FsDepends - ok

23:25:52.0347 5520 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

23:25:52.0347 5520 Fs_Rec - ok

23:25:52.0394 5520 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

23:25:52.0394 5520 fvevol - ok

23:25:52.0441 5520 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys

23:25:52.0441 5520 FwLnk - ok

23:25:52.0503 5520 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys

23:25:52.0503 5520 gagp30kx - ok

23:25:52.0550 5520 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

23:25:52.0550 5520 GEARAspiWDM - ok

23:25:52.0612 5520 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

23:25:52.0628 5520 gpsvc - ok

23:25:52.0643 5520 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

23:25:52.0643 5520 hcw85cir - ok

23:25:52.0706 5520 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

23:25:52.0706 5520 HdAudAddService - ok

23:25:52.0737 5520 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys

23:25:52.0737 5520 HDAudBus - ok

23:25:52.0784 5520 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys

23:25:52.0784 5520 HidBatt - ok

23:25:52.0799 5520 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys

23:25:52.0815 5520 HidBth - ok

23:25:52.0831 5520 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys

23:25:52.0831 5520 HidIr - ok

23:25:52.0862 5520 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll

23:25:52.0862 5520 hidserv - ok

23:25:52.0909 5520 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

23:25:52.0924 5520 HidUsb - ok

23:25:52.0971 5520 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

23:25:52.0971 5520 hkmsvc - ok

23:25:53.0018 5520 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

23:25:53.0018 5520 HomeGroupListener - ok

23:25:53.0065 5520 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

23:25:53.0080 5520 HomeGroupProvider - ok

23:25:53.0143 5520 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

23:25:53.0143 5520 HpSAMD - ok

23:25:53.0205 5520 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

23:25:53.0221 5520 HTTP - ok

23:25:53.0252 5520 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

23:25:53.0252 5520 hwpolicy - ok

23:25:53.0299 5520 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys

23:25:53.0314 5520 i8042prt - ok

23:25:53.0345 5520 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

23:25:53.0361 5520 iaStorV - ok

23:25:53.0439 5520 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:25:53.0455 5520 idsvc - ok

23:25:53.0564 5520 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121226.001\IDSvia64.sys

23:25:53.0564 5520 IDSVia64 - ok

23:25:53.0611 5520 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys

23:25:53.0626 5520 iirsp - ok

23:25:53.0689 5520 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

23:25:53.0704 5520 IKEEXT - ok

23:25:53.0751 5520 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

23:25:53.0751 5520 intelide - ok

23:25:53.0798 5520 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

23:25:53.0798 5520 intelppm - ok

23:25:53.0829 5520 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

23:25:53.0845 5520 IPBusEnum - ok

23:25:53.0876 5520 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

23:25:53.0876 5520 IpFilterDriver - ok

23:25:53.0938 5520 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

23:25:53.0954 5520 iphlpsvc - ok

23:25:53.0985 5520 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

23:25:53.0985 5520 IPMIDRV - ok

23:25:54.0032 5520 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

23:25:54.0047 5520 IPNAT - ok

23:25:54.0063 5520 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

23:25:54.0063 5520 IRENUM - ok

23:25:54.0094 5520 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

23:25:54.0094 5520 isapnp - ok

23:25:54.0141 5520 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

23:25:54.0157 5520 iScsiPrt - ok

23:25:54.0188 5520 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

23:25:54.0188 5520 kbdclass - ok

23:25:54.0219 5520 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys

23:25:54.0235 5520 kbdhid - ok

23:25:54.0250 5520 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

23:25:54.0250 5520 KeyIso - ok

23:25:54.0297 5520 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

23:25:54.0313 5520 KSecDD - ok

23:25:54.0344 5520 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

23:25:54.0359 5520 KSecPkg - ok

23:25:54.0391 5520 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

23:25:54.0391 5520 ksthunk - ok

23:25:54.0453 5520 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

23:25:54.0453 5520 KtmRm - ok

23:25:54.0515 5520 [ 655A5D8E80869781CCE23760ADA7E695 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys

23:25:54.0515 5520 L1C - ok

23:25:54.0578 5520 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll

23:25:54.0578 5520 LanmanServer - ok

23:25:54.0609 5520 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

23:25:54.0625 5520 LanmanWorkstation - ok

23:25:54.0671 5520 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

23:25:54.0671 5520 lltdio - ok

23:25:54.0718 5520 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

23:25:54.0718 5520 lltdsvc - ok

23:25:54.0749 5520 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

23:25:54.0749 5520 lmhosts - ok

23:25:54.0781 5520 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys

23:25:54.0796 5520 LSI_FC - ok

23:25:54.0812 5520 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys

23:25:54.0812 5520 LSI_SAS - ok

23:25:54.0843 5520 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys

23:25:54.0843 5520 LSI_SAS2 - ok

23:25:54.0905 5520 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys

23:25:54.0905 5520 LSI_SCSI - ok

23:25:54.0952 5520 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

23:25:54.0968 5520 luafv - ok

23:25:54.0999 5520 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

23:25:54.0999 5520 Mcx2Svc - ok

23:25:55.0030 5520 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys

23:25:55.0030 5520 megasas - ok

23:25:55.0077 5520 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys

23:25:55.0077 5520 MegaSR - ok

23:25:55.0171 5520 Microsoft SharePoint Workspace Audit Service - ok

23:25:55.0202 5520 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

23:25:55.0217 5520 MMCSS - ok

23:25:55.0233 5520 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

23:25:55.0233 5520 Modem - ok

23:25:55.0264 5520 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

23:25:55.0264 5520 monitor - ok

23:25:55.0327 5520 [ C94A2EA3FDFA5D650884926B710B7DB1 ] motccgp C:\windows\system32\DRIVERS\motccgp.sys

23:25:55.0327 5520 motccgp - ok

23:25:55.0358 5520 [ D51E009BAEDA07EBC107D49D224C2414 ] motccgpfl C:\windows\system32\DRIVERS\motccgpfl.sys

23:25:55.0358 5520 motccgpfl - ok

23:25:55.0420 5520 [ 060F0EF84F430802DF3788F3DCFD009C ] motmodem C:\windows\system32\DRIVERS\motmodem.sys

23:25:55.0420 5520 motmodem - ok

23:25:55.0498 5520 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

23:25:55.0514 5520 MotoHelper - ok

23:25:55.0545 5520 [ EBD05F60CAFC5BBA2602B8D7101082D3 ] MotoSwitchService C:\windows\system32\DRIVERS\motswch.sys

23:25:55.0561 5520 MotoSwitchService - ok

23:25:55.0576 5520 [ 87701078C3F720AC7A028E937994CC49 ] Motousbnet C:\windows\system32\DRIVERS\Motousbnet.sys

23:25:55.0576 5520 Motousbnet - ok

23:25:55.0623 5520 motusbdevice - ok

23:25:55.0670 5520 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

23:25:55.0670 5520 mouclass - ok

23:25:55.0732 5520 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

23:25:55.0732 5520 mouhid - ok

23:25:55.0779 5520 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

23:25:55.0779 5520 mountmgr - ok

23:25:55.0841 5520 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

23:25:55.0841 5520 MozillaMaintenance - ok

23:25:55.0888 5520 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

23:25:55.0888 5520 mpio - ok

23:25:55.0919 5520 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

23:25:55.0919 5520 mpsdrv - ok

23:25:55.0966 5520 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

23:25:55.0997 5520 MpsSvc - ok

23:25:56.0044 5520 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

23:25:56.0044 5520 MREMP50 - ok

23:25:56.0122 5520 [ C2758DF79C83A0D12A5599A040CA1818 ] MREMP50a64 C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS

23:25:56.0138 5520 MREMP50a64 - ok

23:25:56.0138 5520 MREMPR5 - ok

23:25:56.0153 5520 MRENDIS5 - ok

23:25:56.0200 5520 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

23:25:56.0216 5520 MRESP50 - ok

23:25:56.0231 5520 [ 38BD5B32E0722752BE8465D2A6DA43D9 ] MRESP50a64 C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS

23:25:56.0231 5520 MRESP50a64 - ok

23:25:56.0278 5520 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

23:25:56.0278 5520 MRxDAV - ok

23:25:56.0325 5520 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

23:25:56.0341 5520 mrxsmb - ok

23:25:56.0387 5520 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

23:25:56.0387 5520 mrxsmb10 - ok

23:25:56.0434 5520 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

23:25:56.0434 5520 mrxsmb20 - ok

23:25:56.0481 5520 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

23:25:56.0481 5520 msahci - ok

23:25:56.0512 5520 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

23:25:56.0512 5520 msdsm - ok

23:25:56.0528 5520 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

23:25:56.0543 5520 MSDTC - ok

23:25:56.0606 5520 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

23:25:56.0606 5520 Msfs - ok

23:25:56.0621 5520 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

23:25:56.0621 5520 mshidkmdf - ok

23:25:56.0653 5520 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

23:25:56.0653 5520 msisadrv - ok

23:25:56.0699 5520 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

23:25:56.0699 5520 MSiSCSI - ok

23:25:56.0715 5520 msiserver - ok

23:25:56.0762 5520 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

23:25:56.0762 5520 MSKSSRV - ok

23:25:56.0793 5520 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

23:25:56.0793 5520 MSPCLOCK - ok

23:25:56.0809 5520 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

23:25:56.0809 5520 MSPQM - ok

23:25:56.0871 5520 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

23:25:56.0871 5520 MsRPC - ok

23:25:56.0933 5520 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys

23:25:56.0933 5520 mssmbios - ok

23:25:56.0980 5520 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

23:25:56.0980 5520 MSTEE - ok

23:25:56.0996 5520 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys

23:25:56.0996 5520 MTConfig - ok

23:25:57.0043 5520 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

23:25:57.0043 5520 Mup - ok

23:25:57.0121 5520 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe

23:25:57.0121 5520 N360 - ok

23:25:57.0167 5520 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

23:25:57.0183 5520 napagent - ok

23:25:57.0245 5520 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

23:25:57.0245 5520 NativeWifiP - ok

23:25:57.0386 5520 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121227.003\ENG64.SYS

23:25:57.0386 5520 NAVENG - ok

23:25:57.0526 5520 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121227.003\EX64.SYS

23:25:57.0557 5520 NAVEX15 - ok

23:25:57.0604 5520 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

23:25:57.0620 5520 NDIS - ok

23:25:57.0635 5520 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

23:25:57.0635 5520 NdisCap - ok

23:25:57.0667 5520 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

23:25:57.0667 5520 NdisTapi - ok

23:25:57.0729 5520 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

23:25:57.0729 5520 Ndisuio - ok

23:25:57.0776 5520 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

23:25:57.0776 5520 NdisWan - ok

23:25:57.0823 5520 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

23:25:57.0823 5520 NDProxy - ok

23:25:57.0854 5520 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

23:25:57.0854 5520 NetBIOS - ok

23:25:57.0901 5520 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

23:25:57.0901 5520 NetBT - ok

23:25:57.0916 5520 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

23:25:57.0916 5520 Netlogon - ok

23:25:57.0979 5520 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

23:25:57.0994 5520 Netman - ok

23:25:58.0025 5520 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

23:25:58.0041 5520 netprofm - ok

23:25:58.0072 5520 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:25:58.0072 5520 NetTcpPortSharing - ok

23:25:58.0119 5520 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys

23:25:58.0119 5520 nfrd960 - ok

23:25:58.0181 5520 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll

23:25:58.0181 5520 NlaSvc - ok

23:25:58.0213 5520 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

23:25:58.0213 5520 Npfs - ok

23:25:58.0244 5520 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

23:25:58.0259 5520 nsi - ok

23:25:58.0275 5520 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

23:25:58.0275 5520 nsiproxy - ok

23:25:58.0353 5520 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

23:25:58.0400 5520 Ntfs - ok

23:25:58.0431 5520 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

23:25:58.0431 5520 Null - ok

23:25:58.0478 5520 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

23:25:58.0478 5520 nvraid - ok

23:25:58.0509 5520 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

23:25:58.0509 5520 nvstor - ok

23:25:58.0540 5520 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

23:25:58.0540 5520 nv_agp - ok

23:25:58.0587 5520 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

23:25:58.0587 5520 ohci1394 - ok

23:25:58.0665 5520 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:25:58.0681 5520 ose - ok

23:25:58.0883 5520 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:25:59.0039 5520 osppsvc - ok

23:25:59.0086 5520 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

23:25:59.0086 5520 p2pimsvc - ok

23:25:59.0117 5520 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

23:25:59.0133 5520 p2psvc - ok

23:25:59.0164 5520 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys

23:25:59.0195 5520 Parport - ok

23:25:59.0227 5520 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

23:25:59.0227 5520 partmgr - ok

23:25:59.0258 5520 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

23:25:59.0258 5520 PcaSvc - ok

23:25:59.0383 5520 [ ACFF877F5C17B9360919919F10DD6072 ] pcCMService C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

23:25:59.0383 5520 pcCMService - ok

23:25:59.0429 5520 [ 05E746C123B7E6BB61AEFDE166E23FDF ] pcCMService64 C:\Program Files\Common Files\Motive\pcCMService.exe

23:25:59.0429 5520 pcCMService64 - ok

23:25:59.0897 5520 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

23:25:59.0897 5520 PCCUJobMgr - ok

23:25:59.0929 5520 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

23:25:59.0944 5520 pci - ok

23:25:59.0960 5520 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

23:25:59.0960 5520 pciide - ok

23:25:59.0991 5520 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys

23:25:59.0991 5520 pcmcia - ok

23:26:00.0022 5520 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

23:26:00.0022 5520 pcw - ok

23:26:00.0053 5520 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

23:26:00.0069 5520 PEAUTH - ok

23:26:00.0178 5520 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

23:26:00.0178 5520 PerfHost - ok

23:26:00.0225 5520 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys

23:26:00.0225 5520 PGEffect - ok

23:26:00.0319 5520 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

23:26:00.0350 5520 pla - ok

23:26:00.0397 5520 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

23:26:00.0412 5520 PlugPlay - ok

23:26:00.0506 5520 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

23:26:00.0537 5520 PMBDeviceInfoProvider - ok

23:26:00.0568 5520 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

23:26:00.0584 5520 PNRPAutoReg - ok

23:26:00.0599 5520 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

23:26:00.0615 5520 PNRPsvc - ok

23:26:00.0662 5520 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

23:26:00.0677 5520 PolicyAgent - ok

23:26:00.0709 5520 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

23:26:00.0724 5520 Power - ok

23:26:00.0771 5520 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

23:26:00.0771 5520 PptpMiniport - ok

23:26:00.0818 5520 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys

23:26:00.0818 5520 Processor - ok

23:26:00.0865 5520 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

23:26:00.0880 5520 ProfSvc - ok

23:26:00.0896 5520 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

23:26:00.0896 5520 ProtectedStorage - ok

23:26:00.0943 5520 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

23:26:00.0958 5520 Psched - ok

23:26:01.0021 5520 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys

23:26:01.0052 5520 ql2300 - ok

23:26:01.0099 5520 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys

23:26:01.0099 5520 ql40xx - ok

23:26:01.0130 5520 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

23:26:01.0145 5520 QWAVE - ok

23:26:01.0161 5520 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

23:26:01.0161 5520 QWAVEdrv - ok

23:26:01.0177 5520 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

23:26:01.0177 5520 RasAcd - ok

23:26:01.0208 5520 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

23:26:01.0223 5520 RasAgileVpn - ok

23:26:01.0255 5520 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

23:26:01.0270 5520 RasAuto - ok

23:26:01.0317 5520 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

23:26:01.0333 5520 Rasl2tp - ok

23:26:01.0379 5520 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

23:26:01.0395 5520 RasMan - ok

23:26:01.0442 5520 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

23:26:01.0442 5520 RasPppoe - ok

23:26:01.0473 5520 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

23:26:01.0473 5520 RasSstp - ok

23:26:01.0535 5520 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

23:26:01.0535 5520 rdbss - ok

23:26:01.0567 5520 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys

23:26:01.0567 5520 rdpbus - ok

23:26:01.0582 5520 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

23:26:01.0582 5520 RDPCDD - ok

23:26:01.0629 5520 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

23:26:01.0629 5520 RDPENCDD - ok

23:26:01.0660 5520 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

23:26:01.0660 5520 RDPREFMP - ok

23:26:01.0723 5520 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

23:26:01.0723 5520 RDPWD - ok

23:26:01.0785 5520 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

23:26:01.0785 5520 rdyboost - ok

23:26:01.0832 5520 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

23:26:01.0832 5520 RemoteAccess - ok

23:26:01.0863 5520 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

23:26:01.0879 5520 RemoteRegistry - ok

23:26:01.0894 5520 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

23:26:01.0894 5520 RpcEptMapper - ok

23:26:01.0925 5520 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

23:26:01.0941 5520 RpcLocator - ok

23:26:01.0988 5520 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

23:26:02.0003 5520 RpcSs - ok

23:26:02.0050 5520 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

23:26:02.0050 5520 rspndr - ok

23:26:02.0113 5520 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

23:26:02.0113 5520 RSUSBSTOR - ok

23:26:02.0128 5520 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

23:26:02.0128 5520 SamSs - ok

23:26:02.0175 5520 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

23:26:02.0175 5520 sbp2port - ok

23:26:02.0206 5520 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

23:26:02.0222 5520 SCardSvr - ok

23:26:02.0269 5520 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

23:26:02.0269 5520 scfilter - ok

23:26:02.0347 5520 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

23:26:02.0362 5520 Schedule - ok

23:26:02.0409 5520 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

23:26:02.0409 5520 SCPolicySvc - ok

23:26:02.0440 5520 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

23:26:02.0440 5520 SDRSVC - ok

23:26:02.0487 5520 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

23:26:02.0487 5520 secdrv - ok

23:26:02.0518 5520 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

23:26:02.0534 5520 seclogon - ok

23:26:02.0565 5520 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

23:26:02.0565 5520 SENS - ok

23:26:02.0581 5520 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

23:26:02.0581 5520 SensrSvc - ok

23:26:02.0612 5520 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys

23:26:02.0612 5520 Serenum - ok

23:26:02.0643 5520 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys

23:26:02.0643 5520 Serial - ok

23:26:02.0705 5520 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys

23:26:02.0705 5520 sermouse - ok

23:26:02.0752 5520 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

23:26:02.0768 5520 SessionEnv - ok

23:26:02.0799 5520 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

23:26:02.0799 5520 sffdisk - ok

23:26:02.0815 5520 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

23:26:02.0815 5520 sffp_mmc - ok

23:26:02.0846 5520 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

23:26:02.0846 5520 sffp_sd - ok

23:26:02.0877 5520 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys

23:26:02.0877 5520 sfloppy - ok

23:26:02.0908 5520 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

23:26:02.0924 5520 SharedAccess - ok

23:26:02.0971 5520 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

23:26:02.0986 5520 ShellHWDetection - ok

23:26:03.0017 5520 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys

23:26:03.0017 5520 SiSRaid2 - ok

23:26:03.0049 5520 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys

23:26:03.0049 5520 SiSRaid4 - ok

23:26:03.0080 5520 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

23:26:03.0080 5520 Smb - ok

23:26:03.0142 5520 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

23:26:03.0142 5520 SNMPTRAP - ok

23:26:03.0173 5520 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

23:26:03.0173 5520 spldr - ok

23:26:03.0236 5520 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

23:26:03.0251 5520 Spooler - ok

23:26:03.0392 5520 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

23:26:03.0501 5520 sppsvc - ok

23:26:03.0532 5520 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

23:26:03.0532 5520 sppuinotify - ok

23:26:03.0626 5520 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS

23:26:03.0641 5520 SRTSP - ok

23:26:03.0673 5520 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS

23:26:03.0673 5520 SRTSPX - ok

23:26:03.0735 5520 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

23:26:03.0751 5520 srv - ok

23:26:03.0782 5520 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

23:26:03.0782 5520 srv2 - ok

23:26:03.0829 5520 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

23:26:03.0829 5520 srvnet - ok

23:26:03.0875 5520 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\windows\system32\DRIVERS\ssadbus.sys

23:26:03.0891 5520 ssadbus - ok

23:26:03.0938 5520 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\windows\system32\DRIVERS\ssadmdfl.sys

23:26:03.0938 5520 ssadmdfl - ok

23:26:03.0969 5520 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\windows\system32\DRIVERS\ssadmdm.sys

23:26:03.0969 5520 ssadmdm - ok

23:26:04.0031 5520 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\windows\system32\DRIVERS\sscdbus.sys

23:26:04.0031 5520 sscdbus - ok

23:26:04.0047 5520 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\windows\system32\DRIVERS\sscdmdfl.sys

23:26:04.0047 5520 sscdmdfl - ok

23:26:04.0078 5520 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\windows\system32\DRIVERS\sscdmdm.sys

23:26:04.0078 5520 sscdmdm - ok

23:26:04.0125 5520 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

23:26:04.0141 5520 SSDPSRV - ok

23:26:04.0156 5520 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

23:26:04.0172 5520 SstpSvc - ok

23:26:04.0234 5520 [ 773940B8D50439391FFA619B3EEF01A3 ] StatusAgent4 C:\windows\SysWOW64\SAgent4.exe

23:26:04.0250 5520 StatusAgent4 - ok

23:26:04.0265 5520 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys

23:26:04.0281 5520 stexstor - ok

23:26:04.0343 5520 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

23:26:04.0359 5520 stisvc - ok

23:26:04.0390 5520 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys

23:26:04.0390 5520 swenum - ok

23:26:04.0437 5520 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

23:26:04.0453 5520 swprv - ok

23:26:04.0468 5520 sxuptp - ok

23:26:04.0593 5520 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe

23:26:04.0593 5520 Symantec RemoteAssist - ok

23:26:04.0640 5520 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS

23:26:04.0655 5520 SymDS - ok

23:26:04.0733 5520 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS

23:26:04.0749 5520 SymEFA - ok

23:26:04.0780 5520 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS

23:26:04.0796 5520 SymEvent - ok

23:26:04.0843 5520 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS

23:26:04.0843 5520 SymIRON - ok

23:26:04.0889 5520 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS

23:26:04.0889 5520 SymNetS - ok

23:26:04.0936 5520 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

23:26:04.0936 5520 SynTP - ok

23:26:05.0030 5520 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

23:26:05.0061 5520 SysMain - ok

23:26:05.0108 5520 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

23:26:05.0108 5520 TabletInputService - ok

23:26:05.0139 5520 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

23:26:05.0155 5520 TapiSrv - ok

23:26:05.0201 5520 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

23:26:05.0201 5520 TBS - ok

23:26:05.0279 5520 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys

23:26:05.0326 5520 Tcpip - ok

23:26:05.0404 5520 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

23:26:05.0420 5520 TCPIP6 - ok

23:26:05.0467 5520 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

23:26:05.0467 5520 tcpipreg - ok

23:26:05.0513 5520 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys

23:26:05.0513 5520 tdcmdpst - ok

23:26:05.0529 5520 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

23:26:05.0529 5520 TDPIPE - ok

23:26:05.0576 5520 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

23:26:05.0576 5520 TDTCP - ok

23:26:05.0607 5520 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

23:26:05.0623 5520 tdx - ok

23:26:05.0654 5520 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys

23:26:05.0654 5520 TermDD - ok

23:26:05.0701 5520 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

23:26:05.0716 5520 TermService - ok

23:26:05.0747 5520 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

23:26:05.0747 5520 Themes - ok

23:26:05.0779 5520 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

23:26:05.0794 5520 THREADORDER - ok

23:26:05.0872 5520 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

23:26:05.0872 5520 TMachInfo - ok

23:26:05.0903 5520 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe

23:26:05.0919 5520 TODDSrv - ok

23:26:06.0013 5520 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

23:26:06.0028 5520 TosCoSrv - ok

23:26:06.0075 5520 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

23:26:06.0091 5520 TOSHIBA HDD SSD Alert Service - ok

23:26:06.0122 5520 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

23:26:06.0122 5520 TrkWks - ok

23:26:06.0184 5520 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

23:26:06.0184 5520 TrustedInstaller - ok

23:26:06.0231 5520 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

23:26:06.0231 5520 tssecsrv - ok

23:26:06.0293 5520 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

23:26:06.0293 5520 TsUsbFlt - ok

23:26:06.0356 5520 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

23:26:06.0356 5520 tunnel - ok

23:26:06.0403 5520 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS

23:26:06.0403 5520 TVALZ - ok

23:26:06.0449 5520 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys

23:26:06.0449 5520 uagp35 - ok

23:26:06.0496 5520 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

23:26:06.0496 5520 udfs - ok

23:26:06.0543 5520 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

23:26:06.0559 5520 UI0Detect - ok

23:26:06.0590 5520 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

23:26:06.0605 5520 uliagpkx - ok

23:26:06.0621 5520 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys

23:26:06.0637 5520 umbus - ok

23:26:06.0668 5520 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys

23:26:06.0668 5520 UmPass - ok

23:26:06.0715 5520 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

23:26:06.0730 5520 upnphost - ok

23:26:06.0777 5520 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

23:26:06.0777 5520 usbccgp - ok

23:26:06.0824 5520 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

23:26:06.0824 5520 usbcir - ok

23:26:06.0855 5520 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

23:26:06.0855 5520 usbehci - ok

23:26:06.0886 5520 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

23:26:06.0902 5520 usbhub - ok

23:26:06.0949 5520 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys

23:26:06.0949 5520 usbohci - ok

23:26:06.0980 5520 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

23:26:06.0995 5520 usbprint - ok

23:26:07.0027 5520 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

23:26:07.0027 5520 usbscan - ok

23:26:07.0058 5520 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

23:26:07.0058 5520 USBSTOR - ok

23:26:07.0073 5520 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

23:26:07.0089 5520 usbuhci - ok

23:26:07.0151 5520 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys

23:26:07.0167 5520 usbvideo - ok

23:26:07.0198 5520 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

23:26:07.0198 5520 UxSms - ok

23:26:07.0214 5520 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

23:26:07.0229 5520 VaultSvc - ok

23:26:07.0276 5520 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

23:26:07.0276 5520 vdrvroot - ok

23:26:07.0339 5520 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

23:26:07.0354 5520 vds - ok

23:26:07.0385 5520 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

23:26:07.0385 5520 vga - ok

23:26:07.0401 5520 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

23:26:07.0401 5520 VgaSave - ok

23:26:07.0463 5520 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

23:26:07.0463 5520 vhdmp - ok

23:26:07.0495 5520 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

23:26:07.0495 5520 viaide - ok

23:26:07.0510 5520 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

23:26:07.0510 5520 volmgr - ok

23:26:07.0573 5520 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

23:26:07.0573 5520 volmgrx - ok

23:26:07.0619 5520 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

23:26:07.0635 5520 volsnap - ok

23:26:07.0666 5520 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys

23:26:07.0666 5520 vsmraid - ok

23:26:07.0760 5520 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

23:26:07.0791 5520 VSS - ok

23:26:07.0822 5520 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

23:26:07.0822 5520 vwifibus - ok

23:26:07.0853 5520 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

23:26:07.0853 5520 vwififlt - ok

23:26:07.0900 5520 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

23:26:07.0916 5520 W32Time - ok

23:26:07.0963 5520 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys

23:26:07.0963 5520 WacomPen - ok

23:26:08.0025 5520 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

23:26:08.0025 5520 WANARP - ok

23:26:08.0025 5520 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

23:26:08.0041 5520 Wanarpv6 - ok

23:26:08.0134 5520 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

23:26:08.0165 5520 WatAdminSvc - ok

23:26:08.0259 5520 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

23:26:08.0290 5520 wbengine - ok

23:26:08.0321 5520 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

23:26:08.0337 5520 WbioSrvc - ok

23:26:08.0384 5520 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

23:26:08.0399 5520 wcncsvc - ok

23:26:08.0431 5520 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

23:26:08.0431 5520 WcsPlugInService - ok

23:26:08.0462 5520 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys

23:26:08.0462 5520 Wd - ok

23:26:08.0524 5520 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

23:26:08.0540 5520 Wdf01000 - ok

23:26:08.0571 5520 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

23:26:08.0587 5520 WdiServiceHost - ok

23:26:08.0587 5520 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

23:26:08.0602 5520 WdiSystemHost - ok

23:26:08.0649 5520 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

23:26:08.0649 5520 WebClient - ok

23:26:08.0680 5520 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

23:26:08.0696 5520 Wecsvc - ok

23:26:08.0711 5520 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

23:26:08.0711 5520 wercplsupport - ok

23:26:08.0774 5520 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

23:26:08.0774 5520 WerSvc - ok

23:26:08.0805 5520 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

23:26:08.0805 5520 WfpLwf - ok

23:26:08.0821 5520 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

23:26:08.0821 5520 WIMMount - ok

23:26:08.0852 5520 WinDefend - ok

23:26:08.0867 5520 WinHttpAutoProxySvc - ok

23:26:08.0930 5520 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

23:26:08.0930 5520 Winmgmt - ok

23:26:09.0023 5520 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

23:26:09.0070 5520 WinRM - ok

23:26:09.0133 5520 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

23:26:09.0133 5520 WinUsb - ok

23:26:09.0195 5520 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

23:26:09.0211 5520 Wlansvc - ok

23:26:09.0367 5520 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:26:09.0382 5520 wlidsvc - ok

23:26:09.0429 5520 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

23:26:09.0429 5520 WmiAcpi - ok

23:26:09.0476 5520 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

23:26:09.0491 5520 wmiApSrv - ok

23:26:09.0538 5520 WMPNetworkSvc - ok

23:26:09.0569 5520 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

23:26:09.0569 5520 WPCSvc - ok

23:26:09.0616 5520 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

23:26:09.0616 5520 WPDBusEnum - ok

23:26:09.0647 5520 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

23:26:09.0647 5520 ws2ifsl - ok

23:26:09.0694 5520 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll

23:26:09.0694 5520 wscsvc - ok

23:26:09.0710 5520 WSearch - ok

23:26:09.0819 5520 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

23:26:09.0881 5520 wuauserv - ok

23:26:09.0897 5520 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys

23:26:09.0897 5520 WudfPf - ok

23:26:09.0944 5520 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

23:26:09.0944 5520 WUDFRd - ok

23:26:09.0991 5520 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll

23:26:09.0991 5520 wudfsvc - ok

23:26:10.0022 5520 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

23:26:10.0037 5520 WwanSvc - ok

23:26:10.0069 5520 ================ Scan global ===============================

23:26:10.0100 5520 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

23:26:10.0147 5520 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll

23:26:10.0162 5520 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll

23:26:10.0209 5520 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

23:26:10.0240 5520 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

23:26:10.0240 5520 [Global] - ok

23:26:10.0256 5520 ================ Scan MBR ==================================

23:26:10.0271 5520 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0

23:26:10.0583 5520 \Device\Harddisk0\DR0 - ok

23:26:10.0583 5520 ================ Scan VBR ==================================

23:26:10.0599 5520 [ E2F96C4322052ACB3E8E486DDD3B8F77 ] \Device\Harddisk0\DR0\Partition1

23:26:10.0599 5520 \Device\Harddisk0\DR0\Partition1 - ok

23:26:10.0599 5520 ============================================================

23:26:10.0599 5520 Scan finished

23:26:10.0599 5520 ============================================================

23:26:10.0630 3688 Detected object count: 0

23:26:10.0630 3688 Actual detected object count: 0

Step 5: RogueKiller

RogueKiller V8.4.1 [Dec 27 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Stoeffler [Admin rights]

Mode : Scan -- Date : 12/27/2012 23:33:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Artisan 830(Network) (C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE /FU "C:\windows\TEMP\E_SCDCA.tmp" /EF "HKCU") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-645547694-1297501120-130025777-1001[...]\Run : Artisan 830(Network) (C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE /FU "C:\windows\TEMP\E_SCDCA.tmp" /EF "HKCU") -> FOUND

[TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\STOEFF~1\AppData\Local\Temp\IHU2A3F.tmp.exe -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2565GSX ATA Device +++++

--- User ---

[MBR] 51cc899eba79fbdca15608b8dafe61e2

[bSP] f857a2e22280eb00b8488b0844a16fb0 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227762 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469530624 | Size: 9212 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12272012_02d2333.txt >>

RKreport[1]_S_12272012_02d2333.txt

Link to post
Share on other sites

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 2

  • Close any open documents/programs & all internet browsers you have running.
  • Please start AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  • Note: You can find the logfile at C:\AdwCleaner[s1]

Step 3

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [RUN][sUSP PATH] HKCU\[...]\Run : Artisan 830(Network) (C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE /FU "C:\windows\TEMP\E_SCDCA.tmp" /EF "HKCU")
    [RUN][sUSP PATH] HKUS\S-1-5-21-645547694-1297501120-130025777-1001[...]\Run : Artisan 830(Network) (C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE /FU "C:\windows\TEMP\E_SCDCA.tmp" /EF "HKCU")
    [TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\STOEFF~1\AppData\Local\Temp\IHU2A3F.tmp.exe
  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

NEXT:

  • Press Windows-key+R key to get RUN option. Type in
    explorer.exe

    and press Enter-key to start Windows Explorer.

  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

P.S. When starting a reply, always press the More Reply Options button, and on next page

look at the toolbar and IF it is on, then Click 1 time on the "light-switch" icon to turn it OFF

and only then

put your reply inline.

Otherwise, we will get a "funky" format like in your last reply.

Edited by Maurice Naggar
Link to post
Share on other sites

Step 1 - RKILL

Rkill 2.4.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/29/2012 11:11:01 AM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\windows\SysWOW64\SAgent4.exe (PID: 2004) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:

C:\Users\Stoeffler\Desktop\rkill\rkill-12-29-2012-11-11-09.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.

* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

20 out of 15303 HOSTS entries shown.

Please review HOSTS file for further entries.

Program finished at: 12/29/2012 11:11:25 AM

Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)

Step 2 - AdwCleaner

# AdwCleaner v2.103 - Logfile created 12/29/2012 at 11:16:59

# Updated 25/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Stoeffler - STOEFFLER-LT1

# Boot Mode : Normal

# Running from : C:\Users\Stoeffler\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Searchqu Toolbar

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\Users\Branden\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Branden\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Kayla\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Kayla\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Sandy\AppData\Local\Conduit

Folder Deleted : C:\Users\Sandy\AppData\Local\Ilivid Player

Folder Deleted : C:\Users\Sandy\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Sandy\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Sandy\AppData\LocalLow\Searchqutoolbar

Folder Deleted : C:\Users\Stoeffler\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3061355

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Software

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

File : C:\Users\Stoeffler\AppData\Roaming\Mozilla\Firefox\Profiles\3qk9v51x.default\prefs.js

[OK] File is clean.

File : C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\5em2ydsq.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://www.searchnu.com/406",

Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://www.google.com" ]

Deleted [l.35] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=418&systemid=406&sr=0&q={searchT[...]

Deleted [l.140] : homepage = "hxxp://www.searchnu.com/406",

Deleted [l.345] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://www.google.com" ]

*************************

AdwCleaner[R1].txt - [4002 octets] - [27/12/2012 23:20:11]

AdwCleaner[s1].txt - [3867 octets] - [29/12/2012 11:16:59]

########## EOF - C:\AdwCleaner[s1].txt - [3927 octets] ##########

Step 3 - RogueKiller

RogueKiller V8.4.1 [Dec 27 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Stoeffler [Admin rights]

Mode : Remove -- Date : 12/29/2012 11:30:28

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Artisan 830(Network) (C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE /FU "C:\windows\TEMP\E_SCDCA.tmp" /EF "HKCU") -> DELETED

[TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\STOEFF~1\AppData\Local\Temp\IHU2A3F.tmp.exe -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2565GSX ATA Device +++++

--- User ---

[MBR] 51cc899eba79fbdca15608b8dafe61e2

[bSP] f857a2e22280eb00b8488b0844a16fb0 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227762 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469530624 | Size: 9212 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_12292012_02d1130.txt >>

RKreport[1]_S_12272012_02d2333.txt ; RKreport[2]_S_12292012_02d1125.txt ; RKreport[3]_D_12292012_02d1130.txt

Link to post
Share on other sites

Good results. Your system had several adwares & a few search-hijackers.

NEXT

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member ScottS only. If you are a casual viewer, do NOT try this on your system!

If you are not ScottS and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

Here is the combofix log. I'm not sure if it worked correctly since it kept telling me my Norton was still running but I did disable it. Once you have given me the all clear I will begin using the system again. Is there a free AV/FW product out there I should be using that is better than Norton?

ComboFix 12-12-30.01 - Stoeffler 12/30/2012 13:19:18.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2519 [GMT -5:00]

Running from: c:\users\Stoeffler\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Branden\Documents\~WRL0005.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))

.

.

2012-12-28 03:51 . 2012-12-28 03:51 -------- d-----w- c:\program files (x86)\ERUNT

2012-12-28 03:19 . 2012-12-28 03:19 -------- d-----w- c:\users\Stoeffler\AppData\Roaming\Motive

2012-12-28 03:19 . 2012-12-28 03:19 -------- d-----w- c:\program files\Comcast

2012-12-28 03:18 . 2012-12-28 03:19 -------- d-----w- c:\program files (x86)\Comcast

2012-12-28 03:16 . 2012-12-28 03:18 -------- d-----w- c:\program files (x86)\Common Files\Motive

2012-12-28 03:15 . 2012-12-28 03:19 -------- d-----w- c:\program files\Common Files\Motive

2012-12-28 03:15 . 2012-12-28 03:25 -------- d-----w- c:\programdata\Motive

2012-12-27 18:05 . 2012-12-27 18:05 -------- d-----w- c:\users\Branden\AppData\Roaming\LastPass

2012-12-24 03:00 . 2012-12-24 03:00 -------- d-----w- c:\users\Stoeffler\AppData\Roaming\SUPERAntiSpyware.com

2012-12-22 17:45 . 2006-12-20 00:14 131072 ----a-w- c:\windows\SysWow64\SAgent4.exe

2012-12-21 23:54 . 2012-12-21 23:54 -------- d-----w- c:\users\Stoeffler\AppData\Roaming\LastPass

2012-12-21 22:54 . 2012-12-21 22:54 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe

2012-12-21 22:54 . 2012-12-21 22:54 -------- d-----w- c:\program files (x86)\LastPass

2012-12-21 22:47 . 2012-12-21 22:47 14690376 ----a-w- c:\users\Guest\AppData\Roaming\lpuninstall.exe

2012-12-21 22:47 . 2012-12-21 22:47 14690376 ----a-w- c:\users\Kayla\AppData\Roaming\lpuninstall.exe

2012-12-21 22:47 . 2012-12-21 22:47 14690376 ----a-w- c:\users\Stoeffler\AppData\Roaming\lpuninstall.exe

2012-12-21 22:47 . 2012-12-21 22:47 14690376 ----a-w- c:\users\Branden\AppData\Roaming\lpuninstall.exe

2012-12-21 13:22 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 13:22 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 13:22 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 13:22 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-20 14:51 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 12:30 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 12:30 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-13 08:05 . 2010-07-03 02:58 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-12 03:13 . 2012-04-08 06:38 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 03:13 . 2011-06-30 22:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-18 23:52 . 2012-07-24 14:00 3718144 ----a-w- c:\windows\system32\drivers\athrx.sys

2012-10-16 08:38 . 2012-11-27 20:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 20:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-27 20:31 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-15 09:35 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-15 09:35 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-15 09:35 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-15 09:35 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-12 12:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-15 09:35 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-15 09:35 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-15 09:35 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-15 09:35 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-15 09:35 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-15 09:35 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-15 09:35 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-15 09:35 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-15 09:35 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-15 09:35 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-15 09:35 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

.

c:\users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

SharePort Utility.lnk - c:\program files\D-Link\SharePort Utility\Connect.exe [N/A]

.

c:\users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

.

c:\users\Stoeffler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-12-21 14794312]

Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-12-21 14794312]

Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-02 1255736]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121228.001\IDSvia64.sys [2012-09-06 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]

S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-12-10 369152]

S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-12-10 460288]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 03:13]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-12-10 2792448]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://my.yahoo.com/

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: LastPass - file://c:\users\Stoeffler\AppData\LocalLow\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\users\Stoeffler\AppData\LocalLow\LastPass\context.html?cmd=fillforms

Trusted Zone: lastpass.com

TCP: DhcpNameServer = 192.168.0.1

DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://registration.hsesports.org/Reserved.ReportViewerWebControl.axd?ReportSession=33dgeu55ipeih4455qwxin45&ControlID=6374fc3be7b84dcabcab388f03718220&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab

FF - ProfilePath - c:\users\Stoeffler\AppData\Roaming\Mozilla\Firefox\Profiles\3qk9v51x.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - ExtSQL: 2012-11-16 03:41; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2

FF - ExtSQL: 2012-11-20 19:30; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn

FF - ExtSQL: 2012-12-27 22:18; mcciwbch@motive.com; c:\program files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-30 13:33:28

ComboFix-quarantined-files.txt 2012-12-30 18:33

.

Pre-Run: 178,467,852,288 bytes free

Post-Run: 178,236,284,928 bytes free

.

- - End Of File - - 927E45D66CEBA8F636B56002DBF52F42

Link to post
Share on other sites

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Step 2

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Step 1: Dr. Web Cureit

I was only given the option to perform the quick scan. I never got an option to run a complete scan in your 3rd bullet. So I couldn't do bullets 3 through 12. The quick scan came back with no findings however.

Step 2: Security Check

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Security Suite

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 17

Java version out of Date!

Adobe Flash Player 11.5.502.135

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox 16.0.1 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

About your earlier post.... Yes, Combofix did run ok. It only found 1 temp file to remove, of no great harm.

As to free antivirus, I recommend either of MS Security Essentials or Avira Free.

IF swicthing out from a current Norton to a another a-v, you must follow this sequence (since Norton/Symantec tends to leave traces behind after removal):

1. Download, SAVE, and set aside the setup -program for the "new" antivirus. For later use/setup.

Two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

2. Download and SAVE the Norton-Symantec Removal tool. Set aside for later use.

https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=kb20080710133834EN_EndUserProfile_en_us&product=home&pvid=f-home&version=1&lg=en&ct=us

3. Use Control Panel >> Programs and Features and

locate and Uninstall Norton Security Suite

4. When that is done, Logoff and Restart the system fresh :excl:

5. When system is ready, next, Right-click on the norton-symantec-removal-tool and select Run as Administrator.

6. When that is done, Logoff and Restart the system fresh :excl:

7. Now Right-click the setup-exe for your new antivirus and select Run as administrator.

Your system has 3 utilities that have old insecure versions. You gotta update them, and in future, keep apace with security updates for them.

Firefox

Start Firefox. Select Help >> About Firefox.

Next click on Check for Updates.

Allow the download and then allow the update and allow restart of Firefox.

Adobe Reader

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u10-windows-i586.exe to install the newest version.
    ( jre-7u10-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Now, Tell me, How is your system now question_zpsdb4b3dd4.gif

Link to post
Share on other sites

I've updated JAVA, Firefox, Adobe, so I think I'm good there.

I'm thinking about using Comodo Internet Security as my AV. I just thought that one sounded good because of the sandbox and the kiosk. I researched MSE and it sounded like it wasn't a very good product. I strongly considered Avira and Avast as well, but I just thought Comodo offered more. If I'm way off base please let me know.

Thank you for taking the time to help me with the issue I was having. I obviously need to change my web surfing habits to protect myself better.

Link to post
Share on other sites

I'm sure Comodo will do well for you.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\Stoeffler\Desktop\ComboFix.exe /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

DrWeb Cure-It

Adwcleaner.exe

TDSSKILLER.exe

RogueKiller.exe

RKILL

SecurityCheck.exe

Safer practices & malware prevention

We are finished here. Best regards and Happy New Year. cool.gif

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.