Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Links Redirect and Windows Security Updates Fail to Install


  • This topic is locked This topic is locked
29 replies to this topic

#1 ObsoleteSpoon

ObsoleteSpoon

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 28 March 2012 - 11:05 AM

I've been attempting to work on fixing this problem myself, but so far have been unable to get rid of the issue(s) on my own. I came here following a link on a Google Group forum that talked about Google links redirecting to the wrong sites. The following is a break down of what is going on:

My wife and I recently purchased a new laptop with Windows 7 Home Premium (presumably the 64-bit version). We have not had Internet access for it at home, and so have not been able to run updates for the anti-virus and OS straight out of the box. The laptop came with a 30-day trial of Norton preinstalled. It's been connected to the Internet once or twice, while my wife surfed the web at one of our family's houses.

A few weeks after that, we were able to get Internet access within our own home. The first time I noticed something was up was when I tried to run a search in Google and clicked on what appeared to be a legitimate link for a legitimate website in Internet Explorer. The link instead directed the browser to another search engine with link slightly related to my original search topic. At that point I knew something was up.

After doing some research on a different computer, I realized that we've managed to contract malware that I'm not able to get rid of on my own, as it appears to reset after rebooting. I've seen a few other posts with issues similar to mine, and so I believe someone here will be able to help me.

I have updated Norton to the most recent definitions, but in both Safe Mode and normal mode it only finds tracking cookies.

I used Windows Defender in normal mode and it was able to find "Trojan.Agent" with the file name "svchost.exe."

I downloaded and updated Malwarebytes Anti-Malware, and ran it in both modes. The last time I ran it in Safe Mode, it found "Trojan.Agent, File, C:\Windows\svchost.exe" and "Trojan.Agent, Memory Process, C:\Windows\svchost.exe, Other-1824."

Another symptom I did not realize may be related to this same issue is the fact that two Important Windows Updates will not install on my computer: Security Update for Windows 7 for x64-based systems (KB2556532), and Update for Windows 7 for x64-based systems (KB2639308). I kept getting and error, Code FFFFFFFE, which I eventually discovered is an error code related to "malicious software" on a computer.

Since downloading Malwarebytes, notifications have regularly popped up where it says it has blocked this program from sending out information. The most recent gave the IP address as 89.114.9.97, Port 49169. I believe that information changes from time to time, even if the program is the same.

Looking at IE's History, the sites I've been redirected to include: Happili, gypermarket-finds, click.cheapstuff, easycashfind, and easycashsearchers.

Upon attempting to use Google Chrome to conduct a search rather than IE and using the built-in search function for multiple searches, each link came back with a File 404 error.

I hope I haven't given too much information, but I know you request that we be detailed. At this point, I'm unaware of the security of the data being sent via this computer, and so I'm uncertain if I trust using it to surf the web for anything important. The last thing I want is for one or more of my passwords to get compromised and my online accounts get hacked. I should also admit that I've been able to read the information posted in these forums without being a member or logged in, and considering the amoung of information posted am a little concerned that malicious users couldn't use this same information to attack the very computers you are helping. I mean that not as a slight, but a potential security concern.

Without further ado, here is a copy of the DDS text log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by christgirl13 at 11:14:31 on 2012-03-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.891 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uDefault_Page_URL = hxxp://start.toshiba.com
mStart Page = hxxp://www.att.net
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{37DB3708-E06B-4E9C-87C7-1BA2D6D429D1} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D87332B8-B543-404E-91DC-4A5E11F0ADFA} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D87332B8-B543-404E-91DC-4A5E11F0ADFA}\D616E64697 : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB-X64: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-17 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120327.002\IDSviA64.sys [2012-3-28 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-25 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-3-23 138232]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-2-22 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-2-22 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-23 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-22 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-22 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2012-03-28 15:07:42 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EEC6FD20-BA6D-4A69-9EDA-C781000B27C9}\offreg.dll
2012-03-28 14:21:18 20480 ----a-w- C:\windows\svchost.exe
2012-03-28 12:55:25 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EEC6FD20-BA6D-4A69-9EDA-C781000B27C9}\mpengine.dll
2012-03-26 00:10:04 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\Malwarebytes
2012-03-26 00:09:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-26 00:09:38 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-26 00:09:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-25 20:49:11 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-24 12:59:13 -------- d-----w- C:\Users\christgirl13\AppData\Local\SoftGrid Client
2012-03-24 12:59:06 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\SoftGrid Client
2012-03-24 12:53:29 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-03-24 12:51:54 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\TP
2012-03-23 17:14:22 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-03-23 13:46:00 286720 ----a-w- C:\windows\iun506.exe
2012-03-23 12:06:54 451192 ----a-r- C:\windows\System32\drivers\NISx64\1306020.00A\symds64.sys
2012-03-23 12:06:54 405624 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\symnets.sys
2012-03-23 12:06:54 37496 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys
2012-03-23 12:06:54 1092728 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\symefa64.sys
2012-03-23 12:06:53 738936 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys
2012-03-23 12:06:53 190072 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\ironx64.sys
2012-03-23 12:06:53 167048 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys
2012-03-23 12:06:21 -------- d-----w- C:\windows\System32\drivers\NISx64\1306020.00A
2012-03-22 13:43:10 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6D84.tmp
2012-03-22 13:43:10 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6D83.tmp
2012-03-22 11:59:56 -------- d-----w- C:\Program Files (x86)\Learn to Play Bridge 2
2012-03-22 11:58:49 -------- d-----w- C:\Program Files (x86)\Learn to Play Bridge
2012-03-22 02:07:26 -------- d-----w- C:\ProgramData\ATTYToolbar
2012-03-22 02:07:11 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-03-22 01:02:30 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2012-03-21 21:30:27 38912 ----a-w- C:\windows\System32\Spool\prtprocs\x64\EP0NPP01.DLL
2012-03-21 00:11:01 -------- d-----w- C:\Users\christgirl13\AppData\Local\Diagnostics
2012-03-20 23:58:33 -------- d-----w- C:\windows\SysWow64\Wat
2012-03-20 23:58:33 -------- d-----w- C:\windows\System32\Wat
2012-03-18 21:13:59 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-03-18 21:13:58 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-03-18 21:13:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-03-18 20:55:07 -------- d-----w- C:\Users\christgirl13\AppData\Local\Kjs.AppLife.Update
2012-03-18 17:58:38 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DB34.tmp
2012-03-18 17:58:38 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DB33.tmp
2012-03-18 16:56:54 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-03-18 16:55:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-18 16:44:38 77312 ----a-w- C:\windows\System32\packager.dll
2012-03-18 16:44:38 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-03-18 16:40:16 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-18 16:40:16 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-18 16:40:16 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-18 16:39:57 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-18 16:39:57 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-18 16:39:57 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-18 16:39:57 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-17 23:30:08 -------- d-----w- C:\Users\christgirl13\AppData\Local\Wild Tangent
2012-03-17 15:05:13 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\Tific
2012-03-16 12:04:10 -------- d-----w- C:\Users\christgirl13\AppData\Local\Microsoft Games
2012-03-16 11:51:54 -------- d-----w- C:\ProgramData\Toshiba Book Place
2012-03-16 11:51:10 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\Book Place
2012-03-16 11:24:27 -------- d-----w- C:\Users\christgirl13\AppData\Local\Google
2012-03-16 11:23:28 -------- d-----w- C:\Users\christgirl13\AppData\Local\ATI
2012-03-16 11:23:21 -------- d-----w- C:\Users\christgirl13\AppData\Local\TOSHIBA
2012-03-16 11:22:00 -------- d-----w- C:\Users\christgirl13\AppData\Local\VirtualStore
2012-03-16 11:21:22 13 --sha-r- C:\windows\System32\drivers\fbd.sys
.
==================== Find3M ====================
.
2012-03-28 13:14:11 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-02-23 13:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-22 22:26:10 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-22 21:18:37 0 ----a-w- C:\windows\ativpsrm.bin
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
.
============= FINISH: 11:19:18.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:36 AM

Posted 31 March 2012 - 04:33 AM

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 ObsoleteSpoon

ObsoleteSpoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 31 March 2012 - 11:03 AM

Rocker,

Thank you for your response. My wife and I will be going out of town this afternoon and will not be back until tomorrow afternoon. As a result, I will not be able to follow the instructions until either Sunday or Monday afternoon. I appreciate your patience and will do as instructed as soon as possible.

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:36 AM

Posted 01 April 2012 - 02:17 AM

Ok, thanks for the heads up :)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 ObsoleteSpoon

ObsoleteSpoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 02 April 2012 - 09:04 AM

I downloaded and tried to run Combofix last night, and thought I had followed all the proper instructions, but something didn't seem to turn out right. I may not have properly disabled all the anti-malware programs and the firewall. I thought I had. I turned off every option in Norton, not being able to find a way to turn the program off/exit it. I then turned off Malwarebytes by exiting the program after turning off all the protection options I could find. My Windows Firewall settings stated they were being managed by Norton, so I perhaps wrongly assumed that when I turned off the firewall in Norton it turned off any and all firewalls on the computer. I did these after manually disconnecting from the Internet myself, as I forgot Combofix would do that on its own and didn't want to leave my computer exposed to further infection when I turned off all the protection.

Combofix itself seemed to run slowly, but that could have simply been due to low RAM (running Windows 7 64-bit with only 3 Gig) or due to interference with the anti-malware programs. After double clicking on the Combofix icon it seemed to take almost a full minute before the program window showed up and the program began backing up the registry. Once Combofix started scanning, it seemed to hang up on the first four or five stages, run through the rest fairly quickly, and then almost permanently hang up after "Stage 49." I'm not sure how long (with all the current stages) Combofix is supposed to run, but it wasn't finished after three-and-a-half hours. At that point, I had to go to bed as it was midnight. By the time I woke up in the morning (six to seven hours later), the laptop had turned off and when I hit the power button to wake it up/turn it back on, I was given a screen saying Windows had not shut down properly and given the option to boot into Safe Mode. I tried doing that, and Window's System Recovery (?) attempted to work to no avail. Upon booting the computer one more time in normal mode, I found the Combofix icon missing from the desktop and no sign of a log left behind by the program.

I am considering going back through the process again tonight, ensuring completely that all anti-malware is turned off, the firewalls are all definitely turned off, and that the power saving features of the computer are set so that Windows does not automatically attempt to hibernate or sleep the computer while Combofix is running. I'm not sure if that would have interfered with the program, either. <_< I will not attempt this for another six to nine hours, so if I should do anything different or should avoid re-downloading and re-running Combofix please let me know.

Thank you for your patience.

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:36 AM

Posted 02 April 2012 - 01:11 PM

Hi,

Please try to run ComboFix again (disable Norton first). It shouldn't take 6 hours to run. If it gets stuck again for more than 90 minutes then reboot the system manually.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 ObsoleteSpoon

ObsoleteSpoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 04 April 2012 - 12:04 PM

Okay, I'm not sure what's going on exactly but Combofix still can't complete a scan and I've tried everything so far that I know how to do.

With full malware protection on, I downloaded Combofix from bleepingcomputer again.

After downloading the program, I disconnected from the Internet/wireless access point.

I rick-clicked on the Malwarebytes system tray icon and chose "Exit," presumably closing the program.

I tried following the instructions found elsewhere to disable the real-time protection Norton is providing, only to have Combofix tell me that it found part of Norton still running. I have Norton Internet Security version 19.6.2.10. I right-clicked on the Norton System Tray icon and clicked on "Disable Smart Firewall" and "Disable Antivirus Auto-Protect." Apparently, that was not enough, however, and I had to manually go into the Advanced view and disable all individual options: Insight Protection, Antivirus, Antispyware, SONAR Protection, Smart Firewall, Instrusion Prevention, Email Protection, Identity Safe, Browser Protection, Safe Surfing, and Download Intelligence. I had done that the first time I tried running Combofix and had not gotten a conflict message from the program. I then went into the Settings menu and tried to disable anything else that might interfere with Combofix. Amidst all this, however, I could not find a way to turn Norton off! I even tried to use the instructions for Internet Security 2008, which requires logging on with a Supervisor account, but that just tried taking me to the Internet. I later re-enabled protection and went to Norton's site, but could not easily find any information for how to turn the program off. Based on the information on the site, it appears I have Norton Internet Security 2012, which must have some changes from the 2008 version. :angry:

This second total time, after trying to ensure any real-time protection by Norton was turned off and clicking the OK button on Combofix's conflict message window, Combofix began running. I left it alone for several minutes to go do something else, only to find my laptop had gone into sleep mode while Combofix was running. I had to press the power button and log back in through the password screen to see the Combofix program was still running. After several minutes, but not before it could get through as many processes as it had the very first time I ran it, the computer forced a shutdown via blue screen with message of a memory dump.

When the computer rebooted, it gave me the screen saying that Windows had not shut down properly and gave me the options of booting in Safe Mode, Safe Mode with Networking, Safe Mode with Command Prompt, or Start Windows Normally. I tried booting in Safe Mode and after ensuring Norton and Malwarebytes were not on, tried running Combofix a third time. Combofix never seemed to start. I'm not sure if it can in Safe Mode, and I've been unable to find any information on the message boards so far. I gave the program about one or two minutes, but I couldn't even find a program or process for it in Task Manager while in Safe Mode.

At that point, I gave up and turned off the computer, restarting it normally. I went through the processes of double-checking that Malwarebytes (which opens on start-up) and Norton were properly turned off to the best of my knowledge, and this time turned off the power-saving timer on my laptop so that the computer would not go into Sleep Mode while Combofix is running. This time, with the Internet connection open in case Combofix needed it for some reason (and seeing in the instructions provided that it would automatically disconnect when needed) I let it run again for a fourth time.

Again, the laptop forced a reboot partway through the scan.

By now, Combofix cannot seem to complete a scan of my computer without the machine forcing a reboot (via bluescreen) no matter what options I have: with the wireless connection on or off, with the Power Saver features on or off, in Safe Mode or not.

I'm not sure at this point if I'm not being patient and understanding this may take multiple reboots and scans, if Norton isn't really turned off like it needs to be (as I've turned off everything but the program itself and can't find a way to do that), or if the malware is preventing Combofix from completing the scans necessary.

The one difference I can think of between this time and the last time is that before turning off all the protections and running Combofix, Malwarebytes and Norton both had updates. I don't see how that could have affected it if the programs are off, but if it has I'd love to know how to make this work. I'm presuming you need the Combofix log to understand what's going on, but if you can't get the log because Combofix can't finish, what should I do?

Forgive me if I'm being impatient with the software or not properly following instructions. As it stands with Norton, it almost looks like the company isn't giving you the option of turning their software off! <_<

Unless I get different instructions from you, I will keep trying to run Combofix to completion. If I do, I will post the log and a new DDS log when I get it. Thank you for your help.

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:36 AM

Posted 04 April 2012 - 12:45 PM

Hi,

Let's try something else.

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 ObsoleteSpoon

ObsoleteSpoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 04 April 2012 - 01:17 PM

I tried running Combofix one more time and this time it finally finished, complete with log. I did not see your reply until afterward. I will go ahead and post the new logs. As it stands, I had to reboot the machine to use DDS. After all that, Malwarebytes is still giving notices that it is blocking a program from outgoing from the computer.

Here's the Combofix Log:

ComboFix 12-04-04.02 - christgirl13 04/04/2012 13:12:24.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1627 [GMT -4:00]
Running from: c:\users\christgirl13\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 17:27 . 2012-04-04 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-04 14:18 . 2012-04-04 14:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CA00023-6617-4405-BC4E-97F9205A6F12}\offreg.dll
2012-04-04 14:06 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CA00023-6617-4405-BC4E-97F9205A6F12}\mpengine.dll
2012-03-26 00:09 . 2012-03-26 00:09 -------- d-----w- c:\programdata\Malwarebytes
2012-03-26 00:09 . 2012-03-26 00:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 00:09 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 12:53 . 2012-03-26 00:08 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-03-23 17:14 . 2012-03-25 23:51 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-03-23 13:46 . 2012-03-23 13:48 286720 ----a-w- c:\windows\iun506.exe
2012-03-23 12:06 . 2012-03-28 13:24 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-22 13:43 . 2012-03-22 13:43 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\6D84.tmp
2012-03-22 13:43 . 2012-03-22 13:43 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\6D83.tmp
2012-03-22 11:59 . 2012-03-26 00:08 -------- d-----w- c:\program files (x86)\Learn to Play Bridge 2
2012-03-22 11:58 . 2012-03-26 00:08 -------- d-----w- c:\program files (x86)\Learn to Play Bridge
2012-03-22 02:07 . 2012-03-22 02:07 -------- d-----w- c:\programdata\Yahoo!
2012-03-22 02:07 . 2012-03-22 02:07 -------- d-----w- c:\programdata\ATTYToolbar
2012-03-22 02:07 . 2012-03-22 02:07 -------- d-----w- c:\programdata\Yahoo! Companion
2012-03-22 02:07 . 2012-03-22 02:07 -------- d-----w- c:\program files (x86)\Yahoo!
2012-03-22 01:02 . 2012-03-22 01:02 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-03-21 21:30 . 2009-07-14 01:40 38912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EP0NPP01.DLL
2012-03-21 13:51 . 2012-03-22 01:13 -------- d-----w- c:\users\Preachaman
2012-03-20 23:58 . 2012-03-20 23:58 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-20 23:58 . 2012-03-20 23:58 -------- d-----w- c:\windows\system32\Wat
2012-03-18 21:13 . 2011-12-14 07:04 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-18 21:13 . 2011-12-14 07:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-03-18 21:13 . 2011-12-14 02:59 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-03-18 21:00 . 2012-03-18 21:00 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-18 17:58 . 2012-03-18 17:58 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\DB34.tmp
2012-03-18 17:58 . 2012-03-18 17:58 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\DB33.tmp
2012-03-18 16:56 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-18 16:55 . 2011-07-16 05:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-03-18 16:44 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-18 16:44 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-18 16:40 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-18 16:40 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-18 16:40 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-18 16:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-18 16:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-18 16:39 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 16:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-16 11:51 . 2012-03-16 11:51 -------- d-----w- c:\programdata\Toshiba Book Place
2012-03-16 11:21 . 2012-03-16 11:21 13 --sha-r- c:\windows\system32\drivers\fbd.sys
2012-03-16 11:20 . 2012-04-02 15:07 -------- d-----w- c:\users\christgirl13
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 13:14 . 2012-02-22 22:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-18 18:02 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 13:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 22:26 . 2011-07-22 01:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-17 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120403.002\IDSvia64.sys [2012-03-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-23 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 22:17]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 22:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-06 2327952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.att.net
mStart Page = hxxp://www.att.net
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-04-04 13:42:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 17:42
.
Pre-Run: 259,050,409,984 bytes free
Post-Run: 259,862,343,680 bytes free
.
- - End Of File - - B17EBC1B76A825519BBA8B0DEE0C373C


And here's the new DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by christgirl13 at 13:52:08 on 2012-04-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1668 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
mStart Page = hxxp://www.att.net
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{37DB3708-E06B-4E9C-87C7-1BA2D6D429D1} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D87332B8-B543-404E-91DC-4A5E11F0ADFA} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D87332B8-B543-404E-91DC-4A5E11F0ADFA}\D616E64697 : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB-X64: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R?2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-25 652360]
R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-17 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120403.002\IDSviA64.sys [2012-4-4 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-3-23 138232]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-2-22 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-23 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-2-22 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S?2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-22 136176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-2-22 123320]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-22 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-04 17:50:31 20480 ----a-w- C:\windows\svchost.exe
2012-04-04 17:49:52 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-04 14:24:32 98816 ----a-w- C:\windows\sed.exe
2012-04-04 14:24:32 518144 ----a-w- C:\windows\SWREG.exe
2012-04-04 14:24:32 256000 ----a-w- C:\windows\PEV.exe
2012-04-04 14:24:32 208896 ----a-w- C:\windows\MBR.exe
2012-04-04 14:18:07 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CA00023-6617-4405-BC4E-97F9205A6F12}\offreg.dll
2012-04-04 14:06:04 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CA00023-6617-4405-BC4E-97F9205A6F12}\mpengine.dll
2012-03-26 00:10:04 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\Malwarebytes
2012-03-26 00:09:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-26 00:09:38 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-26 00:09:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-25 20:49:11 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-24 12:59:13 -------- d-----w- C:\Users\christgirl13\AppData\Local\SoftGrid Client
2012-03-24 12:59:06 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\SoftGrid Client
2012-03-24 12:53:29 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-03-24 12:51:54 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\TP
2012-03-23 17:14:22 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-03-23 13:46:00 286720 ----a-w- C:\windows\iun506.exe
2012-03-23 12:06:54 451192 ----a-r- C:\windows\System32\drivers\NISx64\1306020.00A\symds64.sys
2012-03-23 12:06:54 405624 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\symnets.sys
2012-03-23 12:06:54 37496 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys
2012-03-23 12:06:54 1092728 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\symefa64.sys
2012-03-23 12:06:53 738936 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys
2012-03-23 12:06:53 190072 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\ironx64.sys
2012-03-23 12:06:53 167048 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys
2012-03-23 12:06:21 -------- d-----w- C:\windows\System32\drivers\NISx64\1306020.00A
2012-03-22 13:43:10 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6D84.tmp
2012-03-22 13:43:10 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6D83.tmp
2012-03-22 11:59:56 -------- d-----w- C:\Program Files (x86)\Learn to Play Bridge 2
2012-03-22 11:58:49 -------- d-----w- C:\Program Files (x86)\Learn to Play Bridge
2012-03-22 02:07:26 -------- d-----w- C:\ProgramData\ATTYToolbar
2012-03-22 02:07:11 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-03-22 01:02:30 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2012-03-21 21:30:27 38912 ----a-w- C:\windows\System32\Spool\prtprocs\x64\EP0NPP01.DLL
2012-03-21 00:11:01 -------- d-----w- C:\Users\christgirl13\AppData\Local\Diagnostics
2012-03-20 23:58:33 -------- d-----w- C:\windows\SysWow64\Wat
2012-03-20 23:58:33 -------- d-----w- C:\windows\System32\Wat
2012-03-18 21:13:59 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-03-18 21:13:58 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-03-18 21:13:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-03-18 20:55:07 -------- d-----w- C:\Users\christgirl13\AppData\Local\Kjs.AppLife.Update
2012-03-18 17:58:38 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DB34.tmp
2012-03-18 17:58:38 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DB33.tmp
2012-03-18 16:56:54 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-03-18 16:55:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-18 16:44:38 77312 ----a-w- C:\windows\System32\packager.dll
2012-03-18 16:44:38 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-03-18 16:40:16 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-18 16:40:16 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-18 16:40:16 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-18 16:39:57 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-18 16:39:57 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-18 16:39:57 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-18 16:39:57 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-17 23:30:08 -------- d-----w- C:\Users\christgirl13\AppData\Local\Wild Tangent
2012-03-17 15:05:13 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\Tific
2012-03-16 12:04:10 -------- d-----w- C:\Users\christgirl13\AppData\Local\Microsoft Games
2012-03-16 11:51:54 -------- d-----w- C:\ProgramData\Toshiba Book Place
2012-03-16 11:51:10 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\Book Place
2012-03-16 11:24:27 -------- d-----w- C:\Users\christgirl13\AppData\Local\Google
2012-03-16 11:23:28 -------- d-----w- C:\Users\christgirl13\AppData\Local\ATI
2012-03-16 11:23:21 -------- d-----w- C:\Users\christgirl13\AppData\Local\TOSHIBA
2012-03-16 11:22:00 -------- d-----w- C:\Users\christgirl13\AppData\Local\VirtualStore
2012-03-16 11:21:22 13 --sha-r- C:\windows\System32\drivers\fbd.sys
.
==================== Find3M ====================
.
2012-03-28 13:14:11 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-02-23 13:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-22 22:26:10 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-22 21:18:37 0 ----a-w- C:\windows\ativpsrm.bin
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 13:59:31.04 ===============


If you need me to do anything else, let me know.

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:36 AM

Posted 04 April 2012 - 02:02 PM

Good. Let's take TDSSKiller steps too.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 ObsoleteSpoon

ObsoleteSpoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 05 April 2012 - 06:03 PM

Completed TDSSKiller and it found one object. Here is a copy of the log:

18:55:43.0812 5472 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
18:55:45.0812 5472 ============================================================
18:55:45.0812 5472 Current date / time: 2012/04/05 18:55:45.0812
18:55:45.0812 5472 SystemInfo:
18:55:45.0812 5472
18:55:45.0812 5472 OS Version: 6.1.7601 ServicePack: 1.0
18:55:45.0812 5472 Product type: Workstation
18:55:45.0812 5472 ComputerName: CHRISTGIRL13-PC
18:55:45.0812 5472 UserName: christgirl13
18:55:45.0812 5472 Windows directory: C:\windows
18:55:45.0812 5472 System windows directory: C:\windows
18:55:45.0812 5472 Running under WOW64
18:55:45.0812 5472 Processor architecture: Intel x64
18:55:45.0812 5472 Number of processors: 2
18:55:45.0812 5472 Page size: 0x1000
18:55:45.0812 5472 Boot type: Normal boot
18:55:45.0812 5472 ============================================================
18:55:48.0542 5472 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:55:48.0552 5472 \Device\Harddisk0\DR0:
18:55:48.0552 5472 MBR used
18:55:48.0552 5472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238CE000
18:55:48.0582 5472 Initialize success
18:55:48.0582 5472 ============================================================
18:56:03.0232 6028 ============================================================
18:56:03.0232 6028 Scan started
18:56:03.0232 6028 Mode: Manual;
18:56:03.0232 6028 ============================================================
18:56:04.0962 6028 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
18:56:04.0972 6028 1394ohci - ok
18:56:05.0122 6028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
18:56:05.0132 6028 ACPI - ok
18:56:05.0252 6028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
18:56:05.0252 6028 AcpiPmi - ok
18:56:05.0462 6028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
18:56:05.0472 6028 adp94xx - ok
18:56:05.0612 6028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
18:56:05.0622 6028 adpahci - ok
18:56:05.0762 6028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
18:56:05.0762 6028 adpu320 - ok
18:56:06.0002 6028 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
18:56:06.0002 6028 AeLookupSvc - ok
18:56:06.0132 6028 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
18:56:06.0142 6028 AFD - ok
18:56:06.0262 6028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
18:56:06.0262 6028 agp440 - ok
18:56:06.0372 6028 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
18:56:06.0372 6028 ALG - ok
18:56:06.0522 6028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
18:56:06.0582 6028 aliide - ok
18:56:06.0782 6028 AMD External Events Utility (2f2e91fd092811353c3bc968bec274d8) C:\windows\system32\atiesrxx.exe
18:56:06.0782 6028 AMD External Events Utility - ok
18:56:06.0942 6028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
18:56:06.0942 6028 amdide - ok
18:56:07.0062 6028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
18:56:07.0072 6028 AmdK8 - ok
18:56:07.0622 6028 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys
18:56:07.0872 6028 amdkmdag - ok
18:56:08.0042 6028 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys
18:56:08.0052 6028 amdkmdap - ok
18:56:08.0182 6028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
18:56:08.0182 6028 AmdPPM - ok
18:56:08.0372 6028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
18:56:08.0382 6028 amdsata - ok
18:56:08.0642 6028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
18:56:08.0652 6028 amdsbs - ok
18:56:08.0872 6028 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
18:56:08.0882 6028 amdxata - ok
18:56:09.0102 6028 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
18:56:09.0102 6028 amd_sata - ok
18:56:09.0322 6028 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
18:56:09.0322 6028 amd_xata - ok
18:56:09.0522 6028 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
18:56:09.0532 6028 AppID - ok
18:56:09.0672 6028 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
18:56:09.0682 6028 AppIDSvc - ok
18:56:09.0902 6028 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
18:56:09.0912 6028 Appinfo - ok
18:56:10.0112 6028 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
18:56:10.0122 6028 arc - ok
18:56:10.0272 6028 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
18:56:10.0282 6028 arcsas - ok
18:56:10.0462 6028 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:56:10.0472 6028 aspnet_state - ok
18:56:10.0602 6028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:56:10.0612 6028 AsyncMac - ok
18:56:10.0742 6028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
18:56:10.0742 6028 atapi - ok
18:56:10.0952 6028 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:56:10.0962 6028 AudioEndpointBuilder - ok
18:56:10.0982 6028 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:56:10.0992 6028 AudioSrv - ok
18:56:11.0122 6028 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
18:56:11.0122 6028 AxInstSV - ok
18:56:11.0272 6028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
18:56:11.0292 6028 b06bdrv - ok
18:56:11.0442 6028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:56:11.0452 6028 b57nd60a - ok
18:56:11.0562 6028 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
18:56:11.0562 6028 BDESVC - ok
18:56:11.0632 6028 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:56:11.0632 6028 Beep - ok
18:56:11.0842 6028 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
18:56:11.0852 6028 BFE - ok
18:56:12.0262 6028 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
18:56:12.0342 6028 BHDrvx64 - ok
18:56:12.0502 6028 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
18:56:12.0522 6028 BITS - ok
18:56:12.0672 6028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:56:12.0682 6028 blbdrive - ok
18:56:12.0812 6028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
18:56:12.0822 6028 bowser - ok
18:56:12.0962 6028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
18:56:12.0972 6028 BrFiltLo - ok
18:56:13.0092 6028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
18:56:13.0092 6028 BrFiltUp - ok
18:56:13.0272 6028 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
18:56:13.0282 6028 BridgeMP - ok
18:56:13.0412 6028 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
18:56:13.0422 6028 Browser - ok
18:56:13.0572 6028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:56:13.0572 6028 Brserid - ok
18:56:13.0792 6028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:56:13.0792 6028 BrSerWdm - ok
18:56:13.0932 6028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:56:13.0942 6028 BrUsbMdm - ok
18:56:14.0082 6028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:56:14.0082 6028 BrUsbSer - ok
18:56:14.0222 6028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
18:56:14.0232 6028 BTHMODEM - ok
18:56:14.0382 6028 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
18:56:14.0392 6028 bthserv - ok
18:56:14.0452 6028 catchme - ok
18:56:14.0632 6028 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys
18:56:14.0642 6028 ccSet_NIS - ok
18:56:14.0762 6028 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:56:14.0772 6028 cdfs - ok
18:56:15.0022 6028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
18:56:15.0032 6028 cdrom - ok
18:56:15.0392 6028 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:56:15.0402 6028 CertPropSvc - ok
18:56:15.0492 6028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
18:56:15.0492 6028 circlass - ok
18:56:15.0642 6028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:56:15.0652 6028 CLFS - ok
18:56:15.0842 6028 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:56:15.0852 6028 clr_optimization_v2.0.50727_32 - ok
18:56:16.0032 6028 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:56:16.0052 6028 clr_optimization_v2.0.50727_64 - ok
18:56:16.0192 6028 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:56:16.0202 6028 clr_optimization_v4.0.30319_32 - ok
18:56:16.0342 6028 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:56:16.0342 6028 clr_optimization_v4.0.30319_64 - ok
18:56:16.0482 6028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:56:16.0492 6028 CmBatt - ok
18:56:16.0602 6028 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
18:56:16.0612 6028 cmdide - ok
18:56:16.0732 6028 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
18:56:16.0742 6028 CNG - ok
18:56:17.0042 6028 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
18:56:17.0062 6028 CnxtHdAudService - ok
18:56:17.0222 6028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
18:56:17.0222 6028 Compbatt - ok
18:56:17.0352 6028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
18:56:17.0362 6028 CompositeBus - ok
18:56:17.0472 6028 COMSysApp - ok
18:56:17.0522 6028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
18:56:17.0532 6028 crcdisk - ok
18:56:17.0672 6028 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
18:56:17.0672 6028 CryptSvc - ok
18:56:17.0952 6028 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:56:17.0962 6028 cvhsvc - ok
18:56:18.0132 6028 dc3d (76e02db615a03801d698199a2bc4a06a) C:\windows\system32\DRIVERS\dc3d.sys
18:56:18.0132 6028 dc3d - ok
18:56:18.0272 6028 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:56:18.0282 6028 DcomLaunch - ok
18:56:18.0402 6028 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
18:56:18.0412 6028 defragsvc - ok
18:56:18.0572 6028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
18:56:18.0572 6028 DfsC - ok
18:56:18.0742 6028 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
18:56:18.0742 6028 Dhcp - ok
18:56:18.0832 6028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:56:18.0832 6028 discache - ok
18:56:19.0002 6028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
18:56:19.0012 6028 Disk - ok
18:56:19.0132 6028 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
18:56:19.0142 6028 Dnscache - ok
18:56:19.0272 6028 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
18:56:19.0272 6028 dot3svc - ok
18:56:19.0382 6028 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
18:56:19.0382 6028 DPS - ok
18:56:19.0532 6028 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:56:19.0532 6028 drmkaud - ok
18:56:19.0762 6028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
18:56:19.0782 6028 DXGKrnl - ok
18:56:19.0922 6028 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
18:56:19.0932 6028 EapHost - ok
18:56:20.0132 6028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
18:56:20.0182 6028 ebdrv - ok
18:56:20.0342 6028 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:56:20.0372 6028 eeCtrl - ok
18:56:20.0462 6028 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
18:56:20.0462 6028 EFS - ok
18:56:20.0522 6028 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
18:56:20.0542 6028 ehRecvr - ok
18:56:20.0642 6028 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
18:56:20.0652 6028 ehSched - ok
18:56:20.0782 6028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
18:56:20.0792 6028 elxstor - ok
18:56:20.0952 6028 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:56:20.0962 6028 EraserUtilRebootDrv - ok
18:56:21.0052 6028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
18:56:21.0052 6028 ErrDev - ok
18:56:21.0202 6028 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
18:56:21.0202 6028 ETD - ok
18:56:21.0302 6028 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
18:56:21.0312 6028 EventSystem - ok
18:56:21.0352 6028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:56:21.0362 6028 exfat - ok
18:56:21.0482 6028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:56:21.0492 6028 fastfat - ok
18:56:21.0662 6028 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
18:56:21.0682 6028 Fax - ok
18:56:21.0792 6028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
18:56:21.0802 6028 fdc - ok
18:56:21.0892 6028 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
18:56:21.0892 6028 fdPHost - ok
18:56:21.0922 6028 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
18:56:21.0922 6028 FDResPub - ok
18:56:21.0982 6028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:56:21.0992 6028 FileInfo - ok
18:56:22.0042 6028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:56:22.0042 6028 Filetrace - ok
18:56:22.0132 6028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
18:56:22.0132 6028 flpydisk - ok
18:56:22.0262 6028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
18:56:22.0272 6028 FltMgr - ok
18:56:22.0392 6028 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
18:56:22.0412 6028 FontCache - ok
18:56:22.0492 6028 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:56:22.0492 6028 FontCache3.0.0.0 - ok
18:56:22.0552 6028 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:56:22.0552 6028 FsDepends - ok
18:56:22.0602 6028 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
18:56:22.0602 6028 Fs_Rec - ok
18:56:22.0702 6028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
18:56:22.0702 6028 fvevol - ok
18:56:22.0832 6028 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
18:56:22.0832 6028 FwLnk - ok
18:56:23.0002 6028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
18:56:23.0002 6028 gagp30kx - ok
18:56:23.0122 6028 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:56:23.0132 6028 GamesAppService - ok
18:56:23.0242 6028 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
18:56:23.0252 6028 gpsvc - ok
18:56:23.0382 6028 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:56:23.0382 6028 gupdate - ok
18:56:23.0412 6028 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:56:23.0412 6028 gupdatem - ok
18:56:23.0422 6028 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:56:23.0422 6028 gusvc - ok
18:56:23.0532 6028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:56:23.0542 6028 hcw85cir - ok
18:56:23.0722 6028 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
18:56:23.0732 6028 HdAudAddService - ok
18:56:23.0872 6028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
18:56:23.0872 6028 HDAudBus - ok
18:56:23.0972 6028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
18:56:23.0972 6028 HidBatt - ok
18:56:23.0992 6028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
18:56:23.0992 6028 HidBth - ok
18:56:24.0102 6028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
18:56:24.0102 6028 HidIr - ok
18:56:24.0202 6028 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
18:56:24.0212 6028 hidserv - ok
18:56:24.0362 6028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
18:56:24.0362 6028 HidUsb - ok
18:56:24.0452 6028 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
18:56:24.0462 6028 hkmsvc - ok
18:56:24.0482 6028 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
18:56:24.0492 6028 HomeGroupListener - ok
18:56:24.0592 6028 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
18:56:24.0602 6028 HomeGroupProvider - ok
18:56:24.0732 6028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
18:56:24.0732 6028 HpSAMD - ok
18:56:24.0882 6028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
18:56:24.0892 6028 HTTP - ok
18:56:25.0052 6028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
18:56:25.0052 6028 hwpolicy - ok
18:56:25.0222 6028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
18:56:25.0222 6028 i8042prt - ok
18:56:25.0372 6028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
18:56:25.0372 6028 iaStorV - ok
18:56:25.0482 6028 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:56:25.0502 6028 idsvc - ok
18:56:25.0752 6028 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120404.002\IDSvia64.sys
18:56:25.0762 6028 IDSVia64 - ok
18:56:25.0922 6028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
18:56:25.0922 6028 iirsp - ok
18:56:26.0032 6028 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
18:56:26.0062 6028 IKEEXT - ok
18:56:26.0162 6028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
18:56:26.0172 6028 intelide - ok
18:56:26.0302 6028 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
18:56:26.0302 6028 intelppm - ok
18:56:26.0402 6028 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
18:56:26.0412 6028 IPBusEnum - ok
18:56:26.0472 6028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:56:26.0472 6028 IpFilterDriver - ok
18:56:26.0582 6028 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
18:56:26.0592 6028 iphlpsvc - ok
18:56:26.0702 6028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
18:56:26.0712 6028 IPMIDRV - ok
18:56:26.0822 6028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:56:26.0822 6028 IPNAT - ok
18:56:27.0032 6028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:56:27.0042 6028 IRENUM - ok
18:56:27.0282 6028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
18:56:27.0282 6028 isapnp - ok
18:56:27.0422 6028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
18:56:27.0432 6028 iScsiPrt - ok
18:56:27.0662 6028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:56:27.0662 6028 kbdclass - ok
18:56:27.0852 6028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
18:56:27.0852 6028 kbdhid - ok
18:56:27.0952 6028 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:56:27.0952 6028 KeyIso - ok
18:56:28.0002 6028 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
18:56:28.0012 6028 KSecDD - ok
18:56:28.0092 6028 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
18:56:28.0102 6028 KSecPkg - ok
18:56:28.0252 6028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:56:28.0252 6028 ksthunk - ok
18:56:28.0342 6028 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
18:56:28.0352 6028 KtmRm - ok
18:56:28.0452 6028 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
18:56:28.0452 6028 L1C - ok
18:56:28.0622 6028 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
18:56:28.0622 6028 LanmanServer - ok
18:56:28.0772 6028 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
18:56:28.0782 6028 LanmanWorkstation - ok
18:56:28.0922 6028 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:56:28.0922 6028 lltdio - ok
18:56:29.0042 6028 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
18:56:29.0052 6028 lltdsvc - ok
18:56:29.0062 6028 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
18:56:29.0062 6028 lmhosts - ok
18:56:29.0212 6028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
18:56:29.0222 6028 LSI_FC - ok
18:56:29.0352 6028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
18:56:29.0362 6028 LSI_SAS - ok
18:56:29.0492 6028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
18:56:29.0492 6028 LSI_SAS2 - ok
18:56:29.0682 6028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
18:56:29.0692 6028 LSI_SCSI - ok
18:56:29.0802 6028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:56:29.0802 6028 luafv - ok
18:56:29.0942 6028 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
18:56:29.0942 6028 MBAMProtector - ok
18:56:30.0062 6028 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:56:30.0072 6028 MBAMService - ok
18:56:30.0172 6028 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
18:56:30.0172 6028 Mcx2Svc - ok
18:56:30.0222 6028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
18:56:30.0232 6028 megasas - ok
18:56:30.0342 6028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
18:56:30.0352 6028 MegaSR - ok
18:56:30.0452 6028 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:56:30.0462 6028 MMCSS - ok
18:56:30.0522 6028 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:56:30.0522 6028 Modem - ok
18:56:30.0652 6028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:56:30.0652 6028 monitor - ok
18:56:30.0892 6028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:56:30.0892 6028 mouclass - ok
18:56:31.0032 6028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:56:31.0032 6028 mouhid - ok
18:56:31.0052 6028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
18:56:31.0052 6028 mountmgr - ok
18:56:31.0162 6028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
18:56:31.0172 6028 mpio - ok
18:56:31.0282 6028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:56:31.0292 6028 mpsdrv - ok
18:56:31.0392 6028 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
18:56:31.0412 6028 MpsSvc - ok
18:56:31.0522 6028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
18:56:31.0532 6028 MRxDAV - ok
18:56:31.0652 6028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
18:56:31.0652 6028 mrxsmb - ok
18:56:31.0762 6028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:56:31.0772 6028 mrxsmb10 - ok
18:56:31.0842 6028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:56:31.0842 6028 mrxsmb20 - ok
18:56:31.0952 6028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
18:56:31.0952 6028 msahci - ok
18:56:32.0062 6028 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
18:56:32.0062 6028 msdsm - ok
18:56:32.0152 6028 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
18:56:32.0152 6028 MSDTC - ok
18:56:32.0302 6028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:56:32.0302 6028 Msfs - ok
18:56:32.0432 6028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:56:32.0442 6028 mshidkmdf - ok
18:56:32.0542 6028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
18:56:32.0552 6028 msisadrv - ok
18:56:32.0662 6028 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
18:56:32.0672 6028 MSiSCSI - ok
18:56:32.0682 6028 msiserver - ok
18:56:32.0822 6028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:56:32.0822 6028 MSKSSRV - ok
18:56:32.0942 6028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:56:32.0942 6028 MSPCLOCK - ok
18:56:33.0132 6028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:56:33.0132 6028 MSPQM - ok
18:56:33.0242 6028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
18:56:33.0252 6028 MsRPC - ok
18:56:33.0372 6028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
18:56:33.0372 6028 mssmbios - ok
18:56:33.0512 6028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:56:33.0512 6028 MSTEE - ok
18:56:33.0642 6028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
18:56:33.0642 6028 MTConfig - ok
18:56:33.0782 6028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:56:33.0782 6028 Mup - ok
18:56:33.0842 6028 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
18:56:33.0852 6028 napagent - ok
18:56:34.0012 6028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:56:34.0022 6028 NativeWifiP - ok
18:56:34.0192 6028 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120405.002\ENG64.SYS
18:56:34.0192 6028 NAVENG - ok
18:56:34.0412 6028 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120405.002\EX64.SYS
18:56:34.0442 6028 NAVEX15 - ok
18:56:34.0602 6028 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
18:56:34.0612 6028 NDIS - ok
18:56:34.0742 6028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:56:34.0752 6028 NdisCap - ok
18:56:34.0882 6028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:56:34.0882 6028 NdisTapi - ok
18:56:35.0022 6028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
18:56:35.0032 6028 Ndisuio - ok
18:56:35.0142 6028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
18:56:35.0152 6028 NdisWan - ok
18:56:35.0242 6028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
18:56:35.0242 6028 NDProxy - ok
18:56:35.0402 6028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:56:35.0402 6028 NetBIOS - ok
18:56:35.0432 6028 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
18:56:35.0442 6028 NetBT - ok
18:56:35.0472 6028 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:56:35.0482 6028 Netlogon - ok
18:56:35.0612 6028 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
18:56:35.0622 6028 Netman - ok
18:56:35.0912 6028 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:56:35.0922 6028 NetMsmqActivator - ok
18:56:35.0942 6028 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:56:35.0952 6028 NetPipeActivator - ok
18:56:36.0042 6028 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
18:56:36.0062 6028 netprofm - ok
18:56:36.0192 6028 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:56:36.0192 6028 NetTcpActivator - ok
18:56:36.0202 6028 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:56:36.0212 6028 NetTcpPortSharing - ok
18:56:36.0372 6028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
18:56:36.0382 6028 nfrd960 - ok
18:56:36.0642 6028 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
18:56:36.0652 6028 NIS - ok
18:56:36.0782 6028 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
18:56:36.0792 6028 NlaSvc - ok
18:56:36.0902 6028 Norton PC Checkup Application Launcher - ok
18:56:37.0052 6028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:56:37.0052 6028 Npfs - ok
18:56:37.0152 6028 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
18:56:37.0152 6028 nsi - ok
18:56:37.0222 6028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:56:37.0222 6028 nsiproxy - ok
18:56:37.0402 6028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
18:56:37.0432 6028 Ntfs - ok
18:56:37.0562 6028 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:56:37.0562 6028 Null - ok
18:56:37.0712 6028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
18:56:37.0722 6028 nvraid - ok
18:56:37.0872 6028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
18:56:37.0882 6028 nvstor - ok
18:56:38.0002 6028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
18:56:38.0012 6028 nv_agp - ok
18:56:38.0122 6028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
18:56:38.0132 6028 ohci1394 - ok
18:56:38.0312 6028 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:56:38.0312 6028 ose - ok
18:56:38.0872 6028 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:56:39.0022 6028 osppsvc - ok
18:56:39.0172 6028 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:56:39.0182 6028 p2pimsvc - ok
18:56:39.0402 6028 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
18:56:39.0412 6028 p2psvc - ok
18:56:39.0632 6028 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
18:56:39.0632 6028 Parport - ok
18:56:39.0812 6028 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
18:56:39.0842 6028 partmgr - ok
18:56:39.0992 6028 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
18:56:40.0002 6028 PcaSvc - ok
18:56:40.0142 6028 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
18:56:40.0142 6028 PCCUJobMgr - ok
18:56:40.0222 6028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
18:56:40.0232 6028 pci - ok
18:56:40.0252 6028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
18:56:40.0262 6028 pciide - ok
18:56:40.0342 6028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
18:56:40.0352 6028 pcmcia - ok
18:56:40.0392 6028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:56:40.0392 6028 pcw - ok
18:56:40.0522 6028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:56:40.0542 6028 PEAUTH - ok
18:56:40.0712 6028 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
18:56:40.0712 6028 PerfHost - ok
18:56:40.0932 6028 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
18:56:40.0942 6028 PGEffect - ok
18:56:41.0052 6028 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
18:56:41.0082 6028 pla - ok
18:56:41.0302 6028 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
18:56:41.0312 6028 PlugPlay - ok
18:56:41.0432 6028 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
18:56:41.0432 6028 PNRPAutoReg - ok
18:56:41.0452 6028 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:56:41.0462 6028 PNRPsvc - ok
18:56:41.0602 6028 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\windows\system32\DRIVERS\point64.sys
18:56:41.0602 6028 Point64 - ok
18:56:41.0882 6028 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
18:56:41.0892 6028 PolicyAgent - ok
18:56:42.0092 6028 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
18:56:42.0102 6028 Power - ok
18:56:42.0232 6028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
18:56:42.0242 6028 PptpMiniport - ok
18:56:42.0312 6028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
18:56:42.0322 6028 Processor - ok
18:56:42.0442 6028 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
18:56:42.0452 6028 ProfSvc - ok
18:56:42.0512 6028 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:56:42.0512 6028 ProtectedStorage - ok
18:56:42.0662 6028 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
18:56:42.0662 6028 Psched - ok
18:56:42.0802 6028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
18:56:42.0832 6028 ql2300 - ok
18:56:42.0922 6028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
18:56:42.0932 6028 ql40xx - ok
18:56:42.0972 6028 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
18:56:42.0982 6028 QWAVE - ok
18:56:43.0082 6028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:56:43.0082 6028 QWAVEdrv - ok
18:56:43.0182 6028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:56:43.0182 6028 RasAcd - ok
18:56:43.0312 6028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:56:43.0312 6028 RasAgileVpn - ok
18:56:43.0412 6028 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
18:56:43.0422 6028 RasAuto - ok
18:56:43.0562 6028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
18:56:43.0572 6028 Rasl2tp - ok
18:56:43.0622 6028 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
18:56:43.0632 6028 RasMan - ok
18:56:43.0762 6028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:56:43.0772 6028 RasPppoe - ok
18:56:43.0812 6028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:56:43.0822 6028 RasSstp - ok
18:56:43.0922 6028 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
18:56:43.0932 6028 rdbss - ok
18:56:44.0012 6028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
18:56:44.0022 6028 rdpbus - ok
18:56:44.0032 6028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:56:44.0032 6028 RDPCDD - ok
18:56:44.0122 6028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:56:44.0122 6028 RDPENCDD - ok
18:56:44.0192 6028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:56:44.0192 6028 RDPREFMP - ok
18:56:44.0252 6028 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
18:56:44.0252 6028 RDPWD - ok
18:56:44.0352 6028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
18:56:44.0362 6028 rdyboost - ok
18:56:44.0442 6028 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
18:56:44.0442 6028 RemoteAccess - ok
18:56:44.0512 6028 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
18:56:44.0512 6028 RemoteRegistry - ok
18:56:44.0642 6028 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
18:56:44.0652 6028 RpcEptMapper - ok
18:56:44.0692 6028 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
18:56:44.0702 6028 RpcLocator - ok
18:56:44.0792 6028 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:56:44.0812 6028 RpcSs - ok
18:56:44.0932 6028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:56:44.0932 6028 rspndr - ok
18:56:45.0072 6028 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
18:56:45.0082 6028 RSUSBSTOR - ok
18:56:45.0242 6028 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
18:56:45.0262 6028 RTL8192Ce - ok
18:56:45.0382 6028 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:56:45.0392 6028 SamSs - ok
18:56:45.0742 6028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
18:56:45.0752 6028 sbp2port - ok
18:56:45.0962 6028 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
18:56:45.0972 6028 SCardSvr - ok
18:56:46.0242 6028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
18:56:46.0242 6028 scfilter - ok
18:56:46.0382 6028 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
18:56:46.0402 6028 Schedule - ok
18:56:46.0522 6028 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:56:46.0522 6028 SCPolicySvc - ok
18:56:46.0612 6028 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
18:56:46.0622 6028 SDRSVC - ok
18:56:46.0772 6028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:56:46.0782 6028 secdrv - ok
18:56:46.0862 6028 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
18:56:46.0862 6028 seclogon - ok
18:56:46.0912 6028 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
18:56:46.0912 6028 SENS - ok
18:56:46.0982 6028 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
18:56:46.0982 6028 SensrSvc - ok
18:56:47.0072 6028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
18:56:47.0082 6028 Serenum - ok
18:56:47.0162 6028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
18:56:47.0172 6028 Serial - ok
18:56:47.0362 6028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
18:56:47.0362 6028 sermouse - ok
18:56:47.0432 6028 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
18:56:47.0432 6028 SessionEnv - ok
18:56:47.0662 6028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
18:56:47.0662 6028 sffdisk - ok
18:56:47.0822 6028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
18:56:47.0832 6028 sffp_mmc - ok
18:56:48.0042 6028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
18:56:48.0062 6028 sffp_sd - ok
18:56:48.0222 6028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
18:56:48.0242 6028 sfloppy - ok
18:56:48.0562 6028 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\windows\system32\DRIVERS\Sftfslh.sys
18:56:48.0572 6028 Sftfs - ok
18:56:48.0742 6028 sftlist (bfdb58616ff5ea540a5f58301d50641e) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:56:48.0752 6028 sftlist - ok
18:56:48.0992 6028 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\windows\system32\DRIVERS\Sftplaylh.sys
18:56:49.0002 6028 Sftplay - ok
18:56:49.0122 6028 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\windows\system32\DRIVERS\Sftredirlh.sys
18:56:49.0132 6028 Sftredir - ok
18:56:49.0252 6028 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\windows\system32\DRIVERS\Sftvollh.sys
18:56:49.0252 6028 Sftvol - ok
18:56:49.0552 6028 sftvsa (b94c3c4dca2093243c76ca218ede2a97) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:56:49.0562 6028 sftvsa - ok
18:56:50.0072 6028 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
18:56:50.0082 6028 SharedAccess - ok
18:56:50.0342 6028 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
18:56:50.0352 6028 ShellHWDetection - ok
18:56:50.0872 6028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
18:56:50.0962 6028 SiSRaid2 - ok
18:56:51.0222 6028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
18:56:51.0242 6028 SiSRaid4 - ok
18:56:51.0602 6028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:56:51.0632 6028 Smb - ok
18:56:51.0962 6028 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
18:56:51.0972 6028 SNMPTRAP - ok
18:56:52.0222 6028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:56:52.0232 6028 spldr - ok
18:56:52.0422 6028 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
18:56:52.0442 6028 Spooler - ok
18:56:52.0662 6028 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
18:56:52.0732 6028 sppsvc - ok
18:56:53.0092 6028 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
18:56:53.0102 6028 sppuinotify - ok
18:56:53.0622 6028 SRTSP (4d56f175f76c685a06471800a03219b2) C:\windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS
18:56:53.0682 6028 SRTSP - ok
18:56:53.0982 6028 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS
18:56:53.0982 6028 SRTSPX - ok
18:56:54.0162 6028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
18:56:54.0172 6028 srv - ok
18:56:54.0362 6028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
18:56:54.0372 6028 srv2 - ok
18:56:54.0552 6028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
18:56:54.0552 6028 srvnet - ok
18:56:54.0832 6028 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
18:56:54.0842 6028 SSDPSRV - ok
18:56:54.0942 6028 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
18:56:54.0952 6028 SstpSvc - ok
18:56:54.0992 6028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
18:56:54.0992 6028 stexstor - ok
18:56:55.0132 6028 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
18:56:55.0152 6028 stisvc - ok
18:56:55.0252 6028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
18:56:55.0252 6028 swenum - ok
18:56:55.0432 6028 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
18:56:55.0442 6028 swprv - ok
18:56:55.0692 6028 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS
18:56:55.0702 6028 SymDS - ok
18:56:55.0942 6028 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS
18:56:55.0962 6028 SymEFA - ok
18:56:56.0162 6028 SymEvent (894579207e39c465737e850a252ce4f2) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
18:56:56.0242 6028 SymEvent - ok
18:56:56.0602 6028 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS
18:56:56.0602 6028 SymIRON - ok
18:56:56.0782 6028 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS
18:56:56.0792 6028 SymNetS - ok
18:56:56.0992 6028 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
18:56:57.0022 6028 SysMain - ok
18:56:57.0112 6028 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
18:56:57.0122 6028 TabletInputService - ok
18:56:57.0242 6028 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
18:56:57.0252 6028 TapiSrv - ok
18:56:57.0492 6028 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
18:56:57.0492 6028 TBS - ok
18:56:57.0712 6028 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
18:56:57.0752 6028 Tcpip - ok
18:56:58.0022 6028 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
18:56:58.0052 6028 TCPIP6 - ok
18:56:58.0342 6028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
18:56:58.0402 6028 tcpipreg - ok
18:56:58.0652 6028 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
18:56:58.0652 6028 tdcmdpst - ok
18:56:58.0862 6028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:56:58.0882 6028 TDPIPE - ok
18:56:59.0102 6028 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
18:56:59.0112 6028 TDTCP - ok
18:56:59.0362 6028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
18:56:59.0362 6028 tdx - ok
18:56:59.0772 6028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
18:56:59.0782 6028 TermDD - ok
18:56:59.0992 6028 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
18:57:00.0002 6028 TermService - ok
18:57:00.0182 6028 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
18:57:00.0182 6028 Themes - ok
18:57:00.0312 6028 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:57:00.0352 6028 THREADORDER - ok
18:57:00.0532 6028 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:57:00.0552 6028 TMachInfo - ok
18:57:00.0722 6028 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
18:57:00.0732 6028 TODDSrv - ok
18:57:00.0882 6028 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:57:00.0922 6028 TosCoSrv - ok
18:57:01.0142 6028 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
18:57:01.0142 6028 TOSHIBA HDD SSD Alert Service - ok
18:57:01.0252 6028 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
18:57:01.0262 6028 TrkWks - ok
18:57:01.0342 6028 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
18:57:01.0342 6028 TrustedInstaller - ok
18:57:01.0422 6028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
18:57:01.0422 6028 tssecsrv - ok
18:57:01.0772 6028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
18:57:01.0782 6028 TsUsbFlt - ok
18:57:01.0892 6028 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
18:57:01.0892 6028 TsUsbGD - ok
18:57:02.0062 6028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
18:57:02.0062 6028 tunnel - ok
18:57:02.0192 6028 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
18:57:02.0192 6028 TVALZ - ok
18:57:02.0292 6028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
18:57:02.0292 6028 uagp35 - ok
18:57:02.0322 6028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
18:57:02.0332 6028 udfs - ok
18:57:02.0432 6028 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
18:57:02.0442 6028 UI0Detect - ok
18:57:02.0492 6028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
18:57:02.0492 6028 uliagpkx - ok
18:57:02.0612 6028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
18:57:02.0622 6028 umbus - ok
18:57:02.0632 6028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
18:57:02.0632 6028 UmPass - ok
18:57:02.0692 6028 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
18:57:02.0702 6028 upnphost - ok
18:57:02.0792 6028 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
18:57:02.0802 6028 usbccgp - ok
18:57:02.0932 6028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
18:57:02.0942 6028 usbcir - ok
18:57:03.0042 6028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
18:57:03.0052 6028 usbehci - ok
18:57:03.0182 6028 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
18:57:03.0192 6028 usbhub - ok
18:57:03.0292 6028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
18:57:03.0292 6028 usbohci - ok
18:57:03.0422 6028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
18:57:03.0422 6028 usbprint - ok
18:57:03.0602 6028 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
18:57:03.0602 6028 usbscan - ok
18:57:03.0662 6028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:57:03.0662 6028 USBSTOR - ok
18:57:03.0762 6028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
18:57:03.0762 6028 usbuhci - ok
18:57:03.0892 6028 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
18:57:03.0892 6028 usbvideo - ok
18:57:03.0992 6028 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
18:57:04.0002 6028 UxSms - ok
18:57:04.0042 6028 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:57:04.0042 6028 VaultSvc - ok
18:57:04.0182 6028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
18:57:04.0182 6028 vdrvroot - ok
18:57:04.0282 6028 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
18:57:04.0292 6028 vds - ok
18:57:04.0422 6028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:57:04.0432 6028 vga - ok
18:57:04.0532 6028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:57:04.0532 6028 VgaSave - ok
18:57:04.0632 6028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
18:57:04.0642 6028 vhdmp - ok
18:57:04.0662 6028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
18:57:04.0672 6028 viaide - ok
18:57:04.0702 6028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
18:57:04.0702 6028 volmgr - ok
18:57:04.0862 6028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
18:57:04.0862 6028 volmgrx - ok
18:57:05.0002 6028 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
18:57:05.0002 6028 volsnap - ok
18:57:05.0142 6028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
18:57:05.0152 6028 vsmraid - ok
18:57:05.0272 6028 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
18:57:05.0302 6028 VSS - ok
18:57:05.0402 6028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:57:05.0402 6028 vwifibus - ok
18:57:05.0632 6028 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:57:05.0642 6028 vwififlt - ok
18:57:05.0772 6028 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
18:57:05.0772 6028 vwifimp - ok
18:57:05.0872 6028 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
18:57:05.0882 6028 W32Time - ok
18:57:06.0112 6028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
18:57:06.0112 6028 WacomPen - ok
18:57:06.0342 6028 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:57:06.0342 6028 WANARP - ok
18:57:06.0372 6028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:57:06.0372 6028 Wanarpv6 - ok
18:57:06.0522 6028 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
18:57:06.0542 6028 WatAdminSvc - ok
18:57:07.0132 6028 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
18:57:07.0192 6028 wbengine - ok
18:57:07.0612 6028 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
18:57:07.0622 6028 WbioSrvc - ok
18:57:07.0702 6028 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
18:57:07.0722 6028 wcncsvc - ok
18:57:07.0752 6028 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
18:57:07.0762 6028 WcsPlugInService - ok
18:57:07.0822 6028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
18:57:07.0822 6028 Wd - ok
18:57:07.0992 6028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:57:08.0012 6028 Wdf01000 - ok
18:57:08.0132 6028 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:57:08.0132 6028 WdiServiceHost - ok
18:57:08.0142 6028 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:57:08.0152 6028 WdiSystemHost - ok
18:57:08.0202 6028 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
18:57:08.0212 6028 WebClient - ok
18:57:08.0272 6028 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
18:57:08.0282 6028 Wecsvc - ok
18:57:08.0352 6028 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
18:57:08.0352 6028 wercplsupport - ok
18:57:08.0482 6028 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
18:57:08.0482 6028 WerSvc - ok
18:57:08.0562 6028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:57:08.0562 6028 WfpLwf - ok
18:57:08.0612 6028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:57:08.0612 6028 WIMMount - ok
18:57:08.0662 6028 WinDefend - ok
18:57:08.0722 6028 WinHttpAutoProxySvc - ok
18:57:08.0842 6028 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
18:57:08.0852 6028 Winmgmt - ok
18:57:08.0992 6028 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
18:57:09.0022 6028 WinRM - ok
18:57:09.0172 6028 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
18:57:09.0192 6028 Wlansvc - ok
18:57:09.0302 6028 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:57:09.0302 6028 wlcrasvc - ok
18:57:09.0432 6028 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:57:09.0472 6028 wlidsvc - ok
18:57:09.0582 6028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
18:57:09.0582 6028 WmiAcpi - ok
18:57:09.0722 6028 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
18:57:09.0732 6028 wmiApSrv - ok
18:57:09.0832 6028 WMPNetworkSvc - ok
18:57:09.0932 6028 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
18:57:09.0932 6028 WPCSvc - ok
18:57:09.0952 6028 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
18:57:09.0962 6028 WPDBusEnum - ok
18:57:10.0022 6028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:57:10.0022 6028 ws2ifsl - ok
18:57:10.0162 6028 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
18:57:10.0162 6028 wscsvc - ok
18:57:10.0182 6028 WSearch - ok
18:57:10.0292 6028 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
18:57:10.0332 6028 wuauserv - ok
18:57:10.0432 6028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
18:57:10.0432 6028 WudfPf - ok
18:57:10.0542 6028 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
18:57:10.0552 6028 WUDFRd - ok
18:57:10.0652 6028 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
18:57:10.0662 6028 wudfsvc - ok
18:57:10.0692 6028 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
18:57:10.0712 6028 WwanSvc - ok
18:57:10.0952 6028 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:57:10.0962 6028 YahooAUService - ok
18:57:11.0022 6028 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0
18:57:11.0082 6028 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:57:11.0082 6028 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:57:11.0102 6028 Boot (0x1200) (d35c9208c5e13d2aff2de93101550b67) \Device\Harddisk0\DR0\Partition0
18:57:11.0102 6028 \Device\Harddisk0\DR0\Partition0 - ok
18:57:11.0102 6028 ============================================================
18:57:11.0102 6028 Scan finished
18:57:11.0102 6028 ============================================================
18:57:11.0142 5540 Detected object count: 1
18:57:11.0142 5540 Actual detected object count: 1
18:58:59.0057 5540 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
18:58:59.0057 5540 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
19:00:18.0167 6064 Deinitialize success

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:36 AM

Posted 06 April 2012 - 04:44 AM

Hi,

Run TDSSKiller again and let it cure the finding. Reboot and post fresh TDSSKiller log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 ObsoleteSpoon

ObsoleteSpoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 06 April 2012 - 05:14 PM

Done and Done.

17:58:03.0964 0804 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
17:58:05.0742 0804 ============================================================
17:58:05.0742 0804 Current date / time: 2012/04/06 17:58:05.0742
17:58:05.0742 0804 SystemInfo:
17:58:05.0742 0804
17:58:05.0742 0804 OS Version: 6.1.7601 ServicePack: 1.0
17:58:05.0742 0804 Product type: Workstation
17:58:05.0742 0804 ComputerName: CHRISTGIRL13-PC
17:58:05.0742 0804 UserName: christgirl13
17:58:05.0742 0804 Windows directory: C:\windows
17:58:05.0742 0804 System windows directory: C:\windows
17:58:05.0742 0804 Running under WOW64
17:58:05.0742 0804 Processor architecture: Intel x64
17:58:05.0742 0804 Number of processors: 2
17:58:05.0742 0804 Page size: 0x1000
17:58:05.0742 0804 Boot type: Normal boot
17:58:05.0742 0804 ============================================================
17:58:09.0081 0804 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:58:09.0096 0804 \Device\Harddisk0\DR0:
17:58:09.0096 0804 MBR used
17:58:09.0096 0804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238CE000
17:58:09.0143 0804 Initialize success
17:58:09.0143 0804 ============================================================
17:59:32.0946 6108 ============================================================
17:59:32.0946 6108 Scan started
17:59:32.0946 6108 Mode: Manual;
17:59:32.0946 6108 ============================================================
17:59:46.0160 6108 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
17:59:46.0238 6108 1394ohci - ok
17:59:47.0454 6108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
17:59:47.0517 6108 ACPI - ok
17:59:48.0359 6108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
17:59:48.0390 6108 AcpiPmi - ok
17:59:49.0514 6108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
17:59:49.0732 6108 adp94xx - ok
17:59:50.0434 6108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
17:59:50.0465 6108 adpahci - ok
17:59:51.0479 6108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
17:59:51.0651 6108 adpu320 - ok
17:59:52.0790 6108 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
17:59:52.0790 6108 AeLookupSvc - ok
17:59:53.0039 6108 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
17:59:53.0055 6108 AFD - ok
17:59:53.0273 6108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
17:59:53.0273 6108 agp440 - ok
17:59:53.0804 6108 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
17:59:53.0804 6108 ALG - ok
17:59:54.0116 6108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
17:59:54.0116 6108 aliide - ok
17:59:54.0459 6108 AMD External Events Utility (2f2e91fd092811353c3bc968bec274d8) C:\windows\system32\atiesrxx.exe
17:59:54.0459 6108 AMD External Events Utility - ok
17:59:54.0864 6108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
17:59:54.0864 6108 amdide - ok
17:59:55.0208 6108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
17:59:55.0208 6108 AmdK8 - ok
17:59:56.0861 6108 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys
17:59:57.0126 6108 amdkmdag - ok
17:59:57.0719 6108 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys
17:59:57.0719 6108 amdkmdap - ok
17:59:58.0640 6108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
17:59:58.0640 6108 AmdPPM - ok
17:59:59.0513 6108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
17:59:59.0607 6108 amdsata - ok
18:00:00.0340 6108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
18:00:00.0340 6108 amdsbs - ok
18:00:00.0621 6108 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
18:00:00.0621 6108 amdxata - ok
18:00:01.0307 6108 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
18:00:01.0307 6108 amd_sata - ok
18:00:01.0713 6108 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
18:00:01.0713 6108 amd_xata - ok
18:00:02.0524 6108 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
18:00:02.0540 6108 AppID - ok
18:00:02.0992 6108 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
18:00:03.0132 6108 AppIDSvc - ok
18:00:03.0507 6108 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
18:00:03.0522 6108 Appinfo - ok
18:00:04.0880 6108 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
18:00:04.0880 6108 arc - ok
18:00:05.0972 6108 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
18:00:06.0237 6108 arcsas - ok
18:00:07.0407 6108 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:00:07.0438 6108 aspnet_state - ok
18:00:08.0436 6108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:00:08.0436 6108 AsyncMac - ok
18:00:08.0858 6108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
18:00:08.0873 6108 atapi - ok
18:00:09.0747 6108 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:00:09.0778 6108 AudioEndpointBuilder - ok
18:00:10.0012 6108 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:00:10.0012 6108 AudioSrv - ok
18:00:10.0464 6108 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
18:00:10.0464 6108 AxInstSV - ok
18:00:10.0683 6108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
18:00:10.0683 6108 b06bdrv - ok
18:00:11.0042 6108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:00:11.0057 6108 b57nd60a - ok
18:00:11.0416 6108 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
18:00:11.0588 6108 BDESVC - ok
18:00:12.0555 6108 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:00:12.0570 6108 Beep - ok
18:00:13.0803 6108 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
18:00:13.0974 6108 BFE - ok
18:00:15.0410 6108 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
18:00:15.0441 6108 BHDrvx64 - ok
18:00:15.0971 6108 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
18:00:16.0143 6108 BITS - ok
18:00:16.0767 6108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:00:16.0767 6108 blbdrive - ok
18:00:18.0155 6108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
18:00:18.0155 6108 bowser - ok
18:00:18.0483 6108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
18:00:18.0483 6108 BrFiltLo - ok
18:00:19.0044 6108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
18:00:19.0122 6108 BrFiltUp - ok
18:00:19.0980 6108 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
18:00:19.0996 6108 BridgeMP - ok
18:00:20.0168 6108 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
18:00:20.0183 6108 Browser - ok
18:00:20.0745 6108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:00:20.0792 6108 Brserid - ok
18:00:21.0478 6108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:00:21.0525 6108 BrSerWdm - ok
18:00:22.0164 6108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:00:22.0305 6108 BrUsbMdm - ok
18:00:22.0835 6108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:00:22.0851 6108 BrUsbSer - ok
18:00:23.0100 6108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
18:00:23.0116 6108 BTHMODEM - ok
18:00:23.0506 6108 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
18:00:23.0522 6108 bthserv - ok
18:00:23.0834 6108 catchme - ok
18:00:24.0582 6108 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys
18:00:24.0582 6108 ccSet_NIS - ok
18:00:25.0050 6108 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:00:25.0082 6108 cdfs - ok
18:00:25.0971 6108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
18:00:26.0018 6108 cdrom - ok
18:00:26.0922 6108 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:00:27.0110 6108 CertPropSvc - ok
18:00:27.0827 6108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
18:00:27.0827 6108 circlass - ok
18:00:29.0169 6108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:00:29.0184 6108 CLFS - ok
18:00:29.0574 6108 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:00:29.0652 6108 clr_optimization_v2.0.50727_32 - ok
18:00:30.0167 6108 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:00:30.0198 6108 clr_optimization_v2.0.50727_64 - ok
18:00:31.0072 6108 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:00:31.0134 6108 clr_optimization_v4.0.30319_32 - ok
18:00:31.0774 6108 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:00:32.0055 6108 clr_optimization_v4.0.30319_64 - ok
18:00:33.0069 6108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:00:33.0069 6108 CmBatt - ok
18:00:33.0428 6108 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
18:00:34.0052 6108 cmdide - ok
18:00:35.0159 6108 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
18:00:35.0206 6108 CNG - ok
18:00:36.0797 6108 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
18:00:36.0828 6108 CnxtHdAudService - ok
18:00:37.0530 6108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
18:00:37.0530 6108 Compbatt - ok
18:00:38.0420 6108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
18:00:38.0420 6108 CompositeBus - ok
18:00:38.0732 6108 COMSysApp - ok
18:00:39.0387 6108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
18:00:39.0387 6108 crcdisk - ok
18:00:40.0292 6108 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
18:00:40.0292 6108 CryptSvc - ok
18:00:41.0306 6108 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:00:41.0384 6108 cvhsvc - ok
18:00:42.0132 6108 dc3d (76e02db615a03801d698199a2bc4a06a) C:\windows\system32\DRIVERS\dc3d.sys
18:00:42.0132 6108 dc3d - ok
18:00:42.0772 6108 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:00:42.0788 6108 DcomLaunch - ok
18:00:43.0318 6108 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
18:00:43.0318 6108 defragsvc - ok
18:00:44.0002 6108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
18:00:44.0032 6108 DfsC - ok
18:00:44.0542 6108 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
18:00:44.0822 6108 Dhcp - ok
18:00:45.0222 6108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:00:45.0222 6108 discache - ok
18:00:45.0692 6108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
18:00:45.0712 6108 Disk - ok
18:00:46.0412 6108 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
18:00:46.0422 6108 Dnscache - ok
18:00:46.0823 6108 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
18:00:46.0833 6108 dot3svc - ok
18:00:47.0423 6108 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
18:00:47.0433 6108 DPS - ok
18:00:48.0223 6108 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:00:48.0263 6108 drmkaud - ok
18:00:49.0228 6108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
18:00:49.0228 6108 DXGKrnl - ok
18:00:49.0805 6108 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
18:00:49.0820 6108 EapHost - ok
18:00:51.0349 6108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
18:00:51.0474 6108 ebdrv - ok
18:00:52.0018 6108 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:00:52.0028 6108 eeCtrl - ok
18:00:52.0368 6108 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
18:00:52.0378 6108 EFS - ok
18:00:52.0778 6108 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
18:00:52.0808 6108 ehRecvr - ok
18:00:52.0918 6108 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
18:00:52.0928 6108 ehSched - ok
18:00:53.0478 6108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
18:00:53.0488 6108 elxstor - ok
18:00:54.0028 6108 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:00:54.0038 6108 EraserUtilRebootDrv - ok
18:00:54.0778 6108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
18:00:54.0788 6108 ErrDev - ok
18:00:55.0468 6108 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
18:00:55.0478 6108 ETD - ok
18:00:55.0998 6108 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
18:00:56.0008 6108 EventSystem - ok
18:00:56.0498 6108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:00:56.0588 6108 exfat - ok
18:00:56.0938 6108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:00:56.0958 6108 fastfat - ok
18:00:57.0608 6108 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
18:00:57.0628 6108 Fax - ok
18:00:58.0148 6108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
18:00:58.0148 6108 fdc - ok
18:00:58.0529 6108 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
18:00:58.0529 6108 fdPHost - ok
18:00:58.0841 6108 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
18:00:58.0841 6108 FDResPub - ok
18:00:59.0091 6108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:00:59.0122 6108 FileInfo - ok
18:00:59.0434 6108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:00:59.0434 6108 Filetrace - ok
18:00:59.0949 6108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
18:00:59.0949 6108 flpydisk - ok
18:01:00.0339 6108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
18:01:00.0355 6108 FltMgr - ok
18:01:01.0009 6108 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
18:01:01.0029 6108 FontCache - ok
18:01:01.0419 6108 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:01:01.0419 6108 FontCache3.0.0.0 - ok
18:01:01.0709 6108 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:01:01.0759 6108 FsDepends - ok
18:01:02.0159 6108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
18:01:02.0159 6108 Fs_Rec - ok
18:01:02.0529 6108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
18:01:02.0529 6108 fvevol - ok
18:01:02.0889 6108 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
18:01:02.0905 6108 FwLnk - ok
18:01:03.0123 6108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
18:01:03.0170 6108 gagp30kx - ok
18:01:03.0451 6108 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:01:03.0467 6108 GamesAppService - ok
18:01:04.0621 6108 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
18:01:04.0668 6108 gpsvc - ok
18:01:05.0276 6108 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:01:05.0292 6108 gupdate - ok
18:01:05.0463 6108 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:01:05.0463 6108 gupdatem - ok
18:01:05.0838 6108 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:01:05.0916 6108 gusvc - ok
18:01:06.0150 6108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:01:06.0150 6108 hcw85cir - ok
18:01:06.0821 6108 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
18:01:06.0867 6108 HdAudAddService - ok
18:01:07.0367 6108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
18:01:07.0382 6108 HDAudBus - ok
18:01:08.0037 6108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
18:01:08.0037 6108 HidBatt - ok
18:01:08.0412 6108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
18:01:08.0459 6108 HidBth - ok
18:01:08.0724 6108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
18:01:08.0771 6108 HidIr - ok
18:01:09.0051 6108 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
18:01:09.0051 6108 hidserv - ok
18:01:09.0359 6108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
18:01:09.0389 6108 HidUsb - ok
18:01:10.0189 6108 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
18:01:10.0209 6108 hkmsvc - ok
18:01:10.0709 6108 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
18:01:10.0729 6108 HomeGroupListener - ok
18:01:11.0232 6108 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
18:01:11.0263 6108 HomeGroupProvider - ok
18:01:11.0871 6108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
18:01:11.0871 6108 HpSAMD - ok
18:01:12.0823 6108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
18:01:12.0854 6108 HTTP - ok
18:01:13.0440 6108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
18:01:13.0440 6108 hwpolicy - ok
18:01:14.0100 6108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
18:01:14.0110 6108 i8042prt - ok
18:01:14.0910 6108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
18:01:15.0030 6108 iaStorV - ok
18:01:15.0410 6108 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:01:15.0460 6108 idsvc - ok
18:01:16.0070 6108 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120404.002\IDSvia64.sys
18:01:16.0080 6108 IDSVia64 - ok
18:01:16.0379 6108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
18:01:16.0379 6108 iirsp - ok
18:01:16.0815 6108 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
18:01:16.0831 6108 IKEEXT - ok
18:01:17.0221 6108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
18:01:17.0237 6108 intelide - ok
18:01:17.0845 6108 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
18:01:17.0861 6108 intelppm - ok
18:01:18.0157 6108 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
18:01:18.0157 6108 IPBusEnum - ok
18:01:18.0607 6108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:01:18.0687 6108 IpFilterDriver - ok
18:01:18.0987 6108 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
18:01:18.0997 6108 iphlpsvc - ok
18:01:19.0277 6108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
18:01:19.0287 6108 IPMIDRV - ok
18:01:19.0697 6108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:01:19.0717 6108 IPNAT - ok
18:01:20.0307 6108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:01:20.0377 6108 IRENUM - ok
18:01:20.0777 6108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
18:01:20.0797 6108 isapnp - ok
18:01:21.0257 6108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
18:01:21.0287 6108 iScsiPrt - ok
18:01:21.0937 6108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:01:21.0937 6108 kbdclass - ok
18:01:22.0427 6108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
18:01:22.0437 6108 kbdhid - ok
18:01:22.0827 6108 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:01:22.0827 6108 KeyIso - ok
18:01:23.0107 6108 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
18:01:23.0117 6108 KSecDD - ok
18:01:23.0437 6108 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
18:01:23.0437 6108 KSecPkg - ok
18:01:24.0097 6108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:01:24.0097 6108 ksthunk - ok
18:01:24.0427 6108 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
18:01:24.0457 6108 KtmRm - ok
18:01:24.0947 6108 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
18:01:24.0957 6108 L1C - ok
18:01:25.0467 6108 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
18:01:25.0507 6108 LanmanServer - ok
18:01:25.0997 6108 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
18:01:26.0007 6108 LanmanWorkstation - ok
18:01:26.0427 6108 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:01:26.0427 6108 lltdio - ok
18:01:26.0817 6108 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
18:01:26.0827 6108 lltdsvc - ok
18:01:27.0217 6108 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
18:01:27.0217 6108 lmhosts - ok
18:01:27.0787 6108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
18:01:27.0797 6108 LSI_FC - ok
18:01:28.0203 6108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
18:01:28.0219 6108 LSI_SAS - ok
18:01:28.0656 6108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
18:01:28.0718 6108 LSI_SAS2 - ok
18:01:29.0108 6108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
18:01:29.0108 6108 LSI_SCSI - ok
18:01:29.0498 6108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:01:29.0529 6108 luafv - ok
18:01:30.0232 6108 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
18:01:30.0232 6108 MBAMProtector - ok
18:01:30.0532 6108 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:01:30.0632 6108 MBAMService - ok
18:01:31.0292 6108 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
18:01:31.0352 6108 Mcx2Svc - ok
18:01:31.0932 6108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
18:01:31.0932 6108 megasas - ok
18:01:32.0459 6108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
18:01:32.0474 6108 MegaSR - ok
18:01:32.0693 6108 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:01:32.0708 6108 MMCSS - ok
18:01:32.0942 6108 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:01:32.0942 6108 Modem - ok
18:01:33.0332 6108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:01:33.0348 6108 monitor - ok
18:01:33.0956 6108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:01:33.0956 6108 mouclass - ok
18:01:34.0362 6108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:01:34.0362 6108 mouhid - ok
18:01:34.0845 6108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
18:01:34.0845 6108 mountmgr - ok
18:01:35.0329 6108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
18:01:35.0329 6108 mpio - ok
18:01:35.0781 6108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:01:35.0781 6108 mpsdrv - ok
18:01:36.0031 6108 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
18:01:36.0047 6108 MpsSvc - ok
18:01:36.0327 6108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
18:01:36.0327 6108 MRxDAV - ok
18:01:36.0910 6108 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
18:01:36.0915 6108 mrxsmb - ok
18:01:37.0438 6108 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:01:37.0501 6108 mrxsmb10 - ok
18:01:38.0200 6108 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:01:38.0226 6108 mrxsmb20 - ok
18:01:38.0599 6108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
18:01:38.0602 6108 msahci - ok
18:01:39.0070 6108 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
18:01:39.0075 6108 msdsm - ok
18:01:39.0439 6108 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
18:01:39.0449 6108 MSDTC - ok
18:01:39.0917 6108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:01:39.0921 6108 Msfs - ok
18:01:40.0150 6108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:01:40.0302 6108 mshidkmdf - ok
18:01:40.0851 6108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
18:01:40.0853 6108 msisadrv - ok
18:01:41.0148 6108 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
18:01:41.0220 6108 MSiSCSI - ok
18:01:41.0415 6108 msiserver - ok
18:01:41.0733 6108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:01:41.0799 6108 MSKSSRV - ok
18:01:42.0302 6108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:01:42.0306 6108 MSPCLOCK - ok
18:01:42.0668 6108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:01:42.0674 6108 MSPQM - ok
18:01:43.0070 6108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
18:01:43.0079 6108 MsRPC - ok
18:01:43.0367 6108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
18:01:43.0370 6108 mssmbios - ok
18:01:43.0745 6108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:01:43.0748 6108 MSTEE - ok
18:01:43.0954 6108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
18:01:43.0958 6108 MTConfig - ok
18:01:44.0271 6108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:01:44.0274 6108 Mup - ok
18:01:44.0435 6108 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
18:01:44.0449 6108 napagent - ok
18:01:44.0795 6108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:01:44.0805 6108 NativeWifiP - ok
18:01:45.0149 6108 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120405.002\ENG64.SYS
18:01:45.0161 6108 NAVENG - ok
18:01:45.0773 6108 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120405.002\EX64.SYS
18:01:45.0788 6108 NAVEX15 - ok
18:01:46.0038 6108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
18:01:46.0054 6108 NDIS - ok
18:01:46.0334 6108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:01:46.0334 6108 NdisCap - ok
18:01:46.0662 6108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:01:46.0662 6108 NdisTapi - ok
18:01:46.0896 6108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
18:01:46.0896 6108 Ndisuio - ok
18:01:47.0114 6108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
18:01:47.0114 6108 NdisWan - ok
18:01:47.0411 6108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
18:01:47.0411 6108 NDProxy - ok
18:01:47.0816 6108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:01:47.0816 6108 NetBIOS - ok
18:01:48.0066 6108 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
18:01:48.0082 6108 NetBT - ok
18:01:48.0269 6108 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:01:48.0269 6108 Netlogon - ok
18:01:48.0565 6108 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
18:01:48.0565 6108 Netman - ok
18:01:48.0893 6108 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:48.0908 6108 NetMsmqActivator - ok
18:01:48.0924 6108 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:48.0940 6108 NetPipeActivator - ok
18:01:49.0158 6108 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
18:01:49.0158 6108 netprofm - ok
18:01:49.0642 6108 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:49.0642 6108 NetTcpActivator - ok
18:01:49.0673 6108 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:49.0673 6108 NetTcpPortSharing - ok
18:01:50.0125 6108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
18:01:50.0172 6108 nfrd960 - ok
18:01:51.0061 6108 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
18:01:51.0092 6108 NIS - ok
18:01:51.0442 6108 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
18:01:51.0452 6108 NlaSvc - ok
18:01:51.0772 6108 Norton PC Checkup Application Launcher - ok
18:01:52.0342 6108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:01:52.0352 6108 Npfs - ok
18:01:52.0652 6108 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
18:01:52.0662 6108 nsi - ok
18:01:53.0102 6108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:01:53.0112 6108 nsiproxy - ok
18:01:53.0872 6108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
18:01:53.0942 6108 Ntfs - ok
18:01:54.0452 6108 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:01:54.0462 6108 Null - ok
18:01:54.0942 6108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
18:01:54.0952 6108 nvraid - ok
18:01:55.0382 6108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
18:01:55.0522 6108 nvstor - ok
18:01:56.0222 6108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
18:01:56.0232 6108 nv_agp - ok
18:01:56.0912 6108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
18:01:57.0002 6108 ohci1394 - ok
18:01:57.0522 6108 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:01:57.0562 6108 ose - ok
18:01:58.0782 6108 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:01:59.0082 6108 osppsvc - ok
18:01:59.0462 6108 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:01:59.0512 6108 p2pimsvc - ok
18:01:59.0792 6108 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
18:01:59.0802 6108 p2psvc - ok
18:02:00.0132 6108 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
18:02:00.0132 6108 Parport - ok
18:02:00.0412 6108 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
18:02:00.0452 6108 partmgr - ok
18:02:00.0792 6108 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
18:02:00.0802 6108 PcaSvc - ok
18:02:01.0192 6108 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
18:02:01.0192 6108 PCCUJobMgr - ok
18:02:01.0392 6108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
18:02:01.0402 6108 pci - ok
18:02:02.0042 6108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
18:02:02.0042 6108 pciide - ok
18:02:02.0392 6108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
18:02:02.0392 6108 pcmcia - ok
18:02:03.0302 6108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:02:03.0312 6108 pcw - ok
18:02:04.0052 6108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:02:04.0072 6108 PEAUTH - ok
18:02:04.0502 6108 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
18:02:04.0502 6108 PerfHost - ok
18:02:04.0992 6108 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
18:02:04.0992 6108 PGEffect - ok
18:02:05.0482 6108 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
18:02:05.0542 6108 pla - ok
18:02:06.0372 6108 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
18:02:06.0382 6108 PlugPlay - ok
18:02:06.0552 6108 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
18:02:06.0562 6108 PNRPAutoReg - ok
18:02:06.0822 6108 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:02:06.0832 6108 PNRPsvc - ok
18:02:07.0122 6108 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\windows\system32\DRIVERS\point64.sys
18:02:07.0132 6108 Point64 - ok
18:02:07.0572 6108 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
18:02:07.0582 6108 PolicyAgent - ok
18:02:08.0322 6108 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
18:02:08.0342 6108 Power - ok
18:02:11.0472 6108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
18:02:11.0477 6108 PptpMiniport - ok
18:02:12.0300 6108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
18:02:12.0321 6108 Processor - ok
18:02:12.0493 6108 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
18:02:12.0514 6108 ProfSvc - ok
18:02:12.0668 6108 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:02:12.0672 6108 ProtectedStorage - ok
18:02:12.0978 6108 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
18:02:12.0982 6108 Psched - ok
18:02:13.0323 6108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
18:02:13.0450 6108 ql2300 - ok
18:02:13.0776 6108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
18:02:13.0780 6108 ql40xx - ok
18:02:14.0001 6108 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
18:02:14.0010 6108 QWAVE - ok
18:02:14.0375 6108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:02:14.0385 6108 QWAVEdrv - ok
18:02:14.0931 6108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:02:14.0933 6108 RasAcd - ok
18:02:15.0316 6108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:02:15.0320 6108 RasAgileVpn - ok
18:02:15.0565 6108 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
18:02:15.0595 6108 RasAuto - ok
18:02:16.0024 6108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
18:02:16.0085 6108 Rasl2tp - ok
18:02:16.0354 6108 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
18:02:16.0389 6108 RasMan - ok
18:02:16.0892 6108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:02:16.0896 6108 RasPppoe - ok
18:02:17.0243 6108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:02:17.0248 6108 RasSstp - ok
18:02:17.0708 6108 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
18:02:17.0715 6108 rdbss - ok
18:02:18.0260 6108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
18:02:18.0268 6108 rdpbus - ok
18:02:18.0738 6108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:02:18.0739 6108 RDPCDD - ok
18:02:19.0071 6108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:02:19.0072 6108 RDPENCDD - ok
18:02:19.0694 6108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:02:19.0696 6108 RDPREFMP - ok
18:02:20.0232 6108 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
18:02:20.0239 6108 RDPWD - ok
18:02:20.0738 6108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
18:02:20.0772 6108 rdyboost - ok
18:02:20.0923 6108 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
18:02:20.0929 6108 RemoteAccess - ok
18:02:21.0183 6108 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
18:02:21.0190 6108 RemoteRegistry - ok
18:02:21.0552 6108 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
18:02:21.0558 6108 RpcEptMapper - ok
18:02:22.0233 6108 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
18:02:22.0250 6108 RpcLocator - ok
18:02:22.0514 6108 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:02:22.0527 6108 RpcSs - ok
18:02:22.0840 6108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:02:22.0844 6108 rspndr - ok
18:02:23.0102 6108 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
18:02:23.0109 6108 RSUSBSTOR - ok
18:02:24.0100 6108 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
18:02:24.0393 6108 RTL8192Ce - ok
18:02:25.0025 6108 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:02:25.0029 6108 SamSs - ok
18:02:25.0248 6108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
18:02:25.0252 6108 sbp2port - ok
18:02:25.0501 6108 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
18:02:25.0510 6108 SCardSvr - ok
18:02:25.0789 6108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
18:02:25.0792 6108 scfilter - ok
18:02:25.0973 6108 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
18:02:25.0997 6108 Schedule - ok
18:02:26.0458 6108 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:02:26.0461 6108 SCPolicySvc - ok
18:02:26.0633 6108 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
18:02:26.0642 6108 SDRSVC - ok
18:02:27.0048 6108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:02:27.0051 6108 secdrv - ok
18:02:27.0252 6108 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
18:02:27.0258 6108 seclogon - ok
18:02:27.0339 6108 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
18:02:27.0344 6108 SENS - ok
18:02:27.0541 6108 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
18:02:27.0548 6108 SensrSvc - ok
18:02:28.0071 6108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
18:02:28.0150 6108 Serenum - ok
18:02:28.0351 6108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
18:02:28.0356 6108 Serial - ok
18:02:28.0629 6108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
18:02:28.0632 6108 sermouse - ok
18:02:28.0870 6108 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
18:02:28.0877 6108 SessionEnv - ok
18:02:28.0996 6108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
18:02:28.0999 6108 sffdisk - ok
18:02:29.0141 6108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
18:02:29.0144 6108 sffp_mmc - ok
18:02:29.0259 6108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
18:02:29.0262 6108 sffp_sd - ok
18:02:29.0320 6108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
18:02:29.0323 6108 sfloppy - ok
18:02:29.0565 6108 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\windows\system32\DRIVERS\Sftfslh.sys
18:02:29.0590 6108 Sftfs - ok
18:02:29.0876 6108 sftlist (bfdb58616ff5ea540a5f58301d50641e) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:02:29.0925 6108 sftlist - ok
18:02:30.0450 6108 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\windows\system32\DRIVERS\Sftplaylh.sys
18:02:30.0456 6108 Sftplay - ok
18:02:30.0909 6108 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\windows\system32\DRIVERS\Sftredirlh.sys
18:02:30.0912 6108 Sftredir - ok
18:02:31.0036 6108 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\windows\system32\DRIVERS\Sftvollh.sys
18:02:31.0040 6108 Sftvol - ok
18:02:31.0280 6108 sftvsa (b94c3c4dca2093243c76ca218ede2a97) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:02:31.0285 6108 sftvsa - ok
18:02:31.0943 6108 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
18:02:31.0953 6108 SharedAccess - ok
18:02:32.0472 6108 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
18:02:32.0547 6108 ShellHWDetection - ok
18:02:32.0888 6108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
18:02:32.0891 6108 SiSRaid2 - ok
18:02:33.0103 6108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
18:02:33.0141 6108 SiSRaid4 - ok
18:02:33.0595 6108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:02:33.0599 6108 Smb - ok
18:02:33.0792 6108 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
18:02:33.0826 6108 SNMPTRAP - ok
18:02:34.0716 6108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:02:34.0730 6108 spldr - ok
18:02:35.0354 6108 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
18:02:35.0368 6108 Spooler - ok
18:02:36.0685 6108 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
18:02:37.0345 6108 sppsvc - ok
18:02:37.0975 6108 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
18:02:38.0015 6108 sppuinotify - ok
18:02:39.0235 6108 SRTSP (4d56f175f76c685a06471800a03219b2) C:\windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS
18:02:39.0295 6108 SRTSP - ok
18:02:40.0076 6108 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS
18:02:40.0112 6108 SRTSPX - ok
18:02:40.0448 6108 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
18:02:40.0459 6108 srv - ok
18:02:40.0888 6108 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
18:02:40.0898 6108 srv2 - ok
18:02:41.0055 6108 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
18:02:41.0060 6108 srvnet - ok
18:02:41.0196 6108 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
18:02:41.0203 6108 SSDPSRV - ok
18:02:41.0273 6108 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
18:02:41.0279 6108 SstpSvc - ok
18:02:41.0376 6108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
18:02:41.0379 6108 stexstor - ok
18:02:41.0772 6108 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
18:02:41.0791 6108 stisvc - ok
18:02:41.0935 6108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
18:02:41.0938 6108 swenum - ok
18:02:42.0147 6108 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
18:02:42.0161 6108 swprv - ok
18:02:42.0449 6108 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS
18:02:42.0462 6108 SymDS - ok
18:02:42.0801 6108 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS
18:02:42.0835 6108 SymEFA - ok
18:02:43.0134 6108 SymEvent (894579207e39c465737e850a252ce4f2) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
18:02:43.0140 6108 SymEvent - ok
18:02:43.0571 6108 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS
18:02:43.0621 6108 SymIRON - ok
18:02:45.0000 6108 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS
18:02:45.0009 6108 SymNetS - ok
18:02:45.0273 6108 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
18:02:45.0413 6108 SysMain - ok
18:02:46.0179 6108 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
18:02:46.0202 6108 TabletInputService - ok
18:02:46.0516 6108 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
18:02:46.0528 6108 TapiSrv - ok
18:02:46.0794 6108 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
18:02:46.0800 6108 TBS - ok
18:02:48.0333 6108 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
18:02:48.0474 6108 Tcpip - ok
18:02:49.0801 6108 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
18:02:49.0853 6108 TCPIP6 - ok
18:02:50.0319 6108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
18:02:50.0328 6108 tcpipreg - ok
18:02:50.0732 6108 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
18:02:50.0735 6108 tdcmdpst - ok
18:02:50.0953 6108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:02:50.0956 6108 TDPIPE - ok
18:02:51.0267 6108 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
18:02:51.0271 6108 TDTCP - ok
18:02:51.0512 6108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
18:02:51.0518 6108 tdx - ok
18:02:52.0426 6108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
18:02:52.0449 6108 TermDD - ok
18:02:52.0999 6108 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
18:02:53.0072 6108 TermService - ok
18:02:53.0391 6108 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
18:02:53.0397 6108 Themes - ok
18:02:53.0655 6108 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:02:53.0660 6108 THREADORDER - ok
18:02:54.0139 6108 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:02:54.0141 6108 TMachInfo - ok
18:02:54.0567 6108 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
18:02:54.0576 6108 TODDSrv - ok
18:02:54.0882 6108 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:02:54.0900 6108 TosCoSrv - ok
18:02:55.0344 6108 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
18:02:55.0351 6108 TOSHIBA HDD SSD Alert Service - ok
18:02:55.0846 6108 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
18:02:55.0853 6108 TrkWks - ok
18:02:56.0029 6108 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
18:02:56.0039 6108 TrustedInstaller - ok
18:02:56.0479 6108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
18:02:56.0479 6108 tssecsrv - ok
18:02:57.0029 6108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
18:02:57.0039 6108 TsUsbFlt - ok
18:02:57.0319 6108 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
18:02:57.0349 6108 TsUsbGD - ok
18:02:57.0989 6108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
18:02:58.0029 6108 tunnel - ok
18:02:58.0429 6108 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
18:02:58.0469 6108 TVALZ - ok
18:02:58.0849 6108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
18:02:58.0859 6108 uagp35 - ok
18:02:59.0159 6108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
18:02:59.0209 6108 udfs - ok
18:02:59.0449 6108 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
18:02:59.0459 6108 UI0Detect - ok
18:03:00.0059 6108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
18:03:00.0059 6108 uliagpkx - ok
18:03:00.0539 6108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
18:03:00.0569 6108 umbus - ok
18:03:00.0919 6108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
18:03:00.0919 6108 UmPass - ok
18:03:01.0269 6108 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
18:03:01.0349 6108 upnphost - ok
18:03:01.0799 6108 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
18:03:01.0804 6108 usbccgp - ok
18:03:01.0914 6108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
18:03:01.0919 6108 usbcir - ok
18:03:02.0094 6108 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
18:03:02.0132 6108 usbehci - ok
18:03:02.0547 6108 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
18:03:02.0574 6108 usbhub - ok
18:03:02.0747 6108 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
18:03:02.0765 6108 usbohci - ok
18:03:03.0065 6108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
18:03:03.0097 6108 usbprint - ok
18:03:03.0332 6108 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
18:03:03.0351 6108 usbscan - ok
18:03:03.0836 6108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:03:03.0849 6108 USBSTOR - ok
18:03:04.0155 6108 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
18:03:04.0198 6108 usbuhci - ok
18:03:04.0705 6108 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
18:03:04.0714 6108 usbvideo - ok
18:03:04.0866 6108 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
18:03:04.0872 6108 UxSms - ok
18:03:04.0995 6108 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:03:05.0001 6108 VaultSvc - ok
18:03:05.0701 6108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
18:03:05.0704 6108 vdrvroot - ok
18:03:05.0950 6108 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
18:03:05.0980 6108 vds - ok
18:03:06.0338 6108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:03:06.0358 6108 vga - ok
18:03:06.0541 6108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:03:06.0549 6108 VgaSave - ok
18:03:06.0785 6108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
18:03:06.0794 6108 vhdmp - ok
18:03:06.0894 6108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
18:03:06.0897 6108 viaide - ok
18:03:07.0020 6108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
18:03:07.0024 6108 volmgr - ok
18:03:07.0192 6108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
18:03:07.0201 6108 volmgrx - ok
18:03:07.0362 6108 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
18:03:07.0378 6108 volsnap - ok
18:03:07.0857 6108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
18:03:07.0884 6108 vsmraid - ok
18:03:08.0193 6108 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
18:03:08.0257 6108 VSS - ok
18:03:08.0396 6108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:03:08.0399 6108 vwifibus - ok
18:03:08.0788 6108 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:03:08.0802 6108 vwififlt - ok
18:03:09.0332 6108 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
18:03:09.0352 6108 vwifimp - ok
18:03:09.0693 6108 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
18:03:09.0755 6108 W32Time - ok
18:03:10.0173 6108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
18:03:10.0177 6108 WacomPen - ok
18:03:10.0346 6108 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:03:10.0350 6108 WANARP - ok
18:03:10.0362 6108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:03:10.0365 6108 Wanarpv6 - ok
18:03:10.0744 6108 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
18:03:10.0770 6108 WatAdminSvc - ok
18:03:11.0096 6108 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
18:03:11.0236 6108 wbengine - ok
18:03:11.0563 6108 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
18:03:11.0573 6108 WbioSrvc - ok
18:03:12.0014 6108 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
18:03:12.0031 6108 wcncsvc - ok
18:03:12.0293 6108 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
18:03:12.0300 6108 WcsPlugInService - ok
18:03:12.0492 6108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
18:03:12.0496 6108 Wd - ok
18:03:12.0764 6108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:03:12.0841 6108 Wdf01000 - ok
18:03:12.0948 6108 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:03:12.0965 6108 WdiServiceHost - ok
18:03:12.0984 6108 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:03:12.0991 6108 WdiSystemHost - ok
18:03:13.0040 6108 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
18:03:13.0051 6108 WebClient - ok
18:03:13.0247 6108 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
18:03:13.0257 6108 Wecsvc - ok
18:03:13.0400 6108 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
18:03:13.0406 6108 wercplsupport - ok
18:03:13.0443 6108 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
18:03:13.0450 6108 WerSvc - ok
18:03:13.0824 6108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:03:13.0826 6108 WfpLwf - ok
18:03:14.0102 6108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:03:14.0108 6108 WIMMount - ok
18:03:14.0169 6108 WinDefend - ok
18:03:14.0319 6108 WinHttpAutoProxySvc - ok
18:03:14.0759 6108 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
18:03:14.0788 6108 Winmgmt - ok
18:03:15.0201 6108 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
18:03:15.0306 6108 WinRM - ok
18:03:15.0583 6108 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
18:03:15.0602 6108 Wlansvc - ok
18:03:15.0723 6108 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:03:15.0727 6108 wlcrasvc - ok
18:03:15.0963 6108 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:03:16.0015 6108 wlidsvc - ok
18:03:16.0348 6108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
18:03:16.0354 6108 WmiAcpi - ok
18:03:16.0600 6108 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
18:03:16.0606 6108 wmiApSrv - ok
18:03:16.0747 6108 WMPNetworkSvc - ok
18:03:17.0037 6108 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
18:03:17.0043 6108 WPCSvc - ok
18:03:17.0141 6108 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
18:03:17.0149 6108 WPDBusEnum - ok
18:03:17.0237 6108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:03:17.0242 6108 ws2ifsl - ok
18:03:17.0421 6108 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
18:03:17.0429 6108 wscsvc - ok
18:03:17.0616 6108 WSearch - ok
18:03:18.0463 6108 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
18:03:18.0565 6108 wuauserv - ok
18:03:18.0694 6108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
18:03:18.0698 6108 WudfPf - ok
18:03:18.0715 6108 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
18:03:18.0721 6108 WUDFRd - ok
18:03:18.0794 6108 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
18:03:18.0800 6108 wudfsvc - ok
18:03:18.0932 6108 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
18:03:18.0942 6108 WwanSvc - ok
18:03:19.0196 6108 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:03:19.0244 6108 YahooAUService - ok
18:03:19.0322 6108 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0
18:03:19.0377 6108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:03:19.0378 6108 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:03:19.0476 6108 Boot (0x1200) (d35c9208c5e13d2aff2de93101550b67) \Device\Harddisk0\DR0\Partition0
18:03:19.0526 6108 \Device\Harddisk0\DR0\Partition0 - ok
18:03:19.0712 6108 ============================================================
18:03:19.0712 6108 Scan finished
18:03:19.0712 6108 ============================================================
18:03:19.0743 6052 Detected object count: 1
18:03:19.0743 6052 Actual detected object count: 1
18:04:16.0570 6052 \Device\Harddisk0\DR0\# - copied to quarantine
18:04:16.0575 6052 \Device\Harddisk0\DR0 - copied to quarantine
18:04:16.0859 6052 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:04:16.0867 6052 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:04:16.0901 6052 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:04:16.0910 6052 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:04:16.0926 6052 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:04:16.0997 6052 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:04:17.0026 6052 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:04:17.0031 6052 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:04:17.0037 6052 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:04:17.0050 6052 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:04:17.0057 6052 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:04:17.0064 6052 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:04:17.0201 6052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:04:17.0203 6052 \Device\Harddisk0\DR0 - ok
18:04:18.0027 6052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:04:25.0096 4028 Deinitialize success


As I was trying to type this message, Malwarebytes told me it sensed a potentially malicious program trying to do something on my computer. Don't know if it could be a false positive. What's our next step?

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:36 AM

Posted 06 April 2012 - 05:46 PM

Hi,

Run one more run with TDSSKiller to see if anything is found. If all comes back clean run ComboFix again and post back its log + fresh DDS logs.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 ObsoleteSpoon

ObsoleteSpoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 06 April 2012 - 06:55 PM

Here's the new Combofix log:

ComboFix 12-04-06.03 - christgirl13 04/06/2012 19:09:09.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1355 [GMT -4:00]
Running from: c:\users\christgirl13\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 23:22 . 2012-04-06 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 22:16 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-06 22:16 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-06 22:16 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-06 22:04 . 2012-04-06 22:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-06 22:02 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE47028C-9E28-4F79-BDEE-84B5DCCE8482}\mpengine.dll
2012-03-26 00:09 . 2012-03-26 00:09 -------- d-----w- c:\programdata\Malwarebytes
2012-03-26 00:09 . 2012-03-26 00:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 00:09 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 12:53 . 2012-03-26 00:08 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-03-23 17:14 . 2012-03-25 23:51 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-03-23 13:46 . 2012-03-23 13:48 286720 ----a-w- c:\windows\iun506.exe
2012-03-23 12:06 . 2012-03-28 13:24 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-22 13:43 . 2012-03-22 13:43 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\6D84.tmp
2012-03-22 13:43 . 2012-03-22 13:43 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\6D83.tmp
2012-03-22 11:59 . 2012-03-26 00:08 -------- d-----w- c:\program files (x86)\Learn to Play Bridge 2
2012-03-22 11:58 . 2012-03-26 00:08 -------- d-----w- c:\program files (x86)\Learn to Play Bridge
2012-03-22 02:07 . 2012-03-22 02:07 -------- d-----w- c:\programdata\Yahoo!
2012-03-22 02:07 . 2012-03-22 02:07 -------- d-----w- c:\programdata\ATTYToolbar
2012-03-22 02:07 . 2012-03-22 02:07 -------- d-----w- c:\programdata\Yahoo! Companion
2012-03-22 02:07 . 2012-03-22 02:07 -------- d-----w- c:\program files (x86)\Yahoo!
2012-03-22 01:02 . 2012-03-22 01:02 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-03-21 21:30 . 2009-07-14 01:40 38912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EP0NPP01.DLL
2012-03-21 13:51 . 2012-03-22 01:13 -------- d-----w- c:\users\Preachaman
2012-03-20 23:58 . 2012-03-20 23:58 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-20 23:58 . 2012-03-20 23:58 -------- d-----w- c:\windows\system32\Wat
2012-03-18 21:13 . 2011-12-14 07:04 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-18 21:13 . 2011-12-14 07:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-03-18 21:13 . 2011-12-14 02:59 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-03-18 21:00 . 2012-03-18 21:00 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-18 17:58 . 2012-03-18 17:58 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\DB34.tmp
2012-03-18 17:58 . 2012-03-18 17:58 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\DB33.tmp
2012-03-18 16:56 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-18 16:55 . 2011-07-16 05:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-03-18 16:44 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-18 16:44 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-18 16:40 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-18 16:40 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-18 16:40 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-18 16:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-18 16:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-18 16:39 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 16:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-16 11:51 . 2012-03-16 11:51 -------- d-----w- c:\programdata\Toshiba Book Place
2012-03-16 11:21 . 2012-03-16 11:21 13 --sha-r- c:\windows\system32\drivers\fbd.sys
2012-03-16 11:20 . 2012-04-02 15:07 -------- d-----w- c:\users\christgirl13
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 13:14 . 2012-02-22 22:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-18 18:02 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 13:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 22:26 . 2011-07-22 01:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_17.31.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-06 21:59 . 2012-04-06 21:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat
+ 2012-04-06 00:35 . 2012-04-06 00:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040520120406\index.dat
+ 2012-03-22 01:55 . 2012-04-06 21:55 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-22 01:55 . 2012-04-04 15:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-04-06 22:30 39464 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-06 22:30 53056 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-04-06 22:21 93024 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-16 11:22 . 2012-04-06 22:30 8026 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1423387433-3382833353-3214529290-1000_UserData.bin
- 2012-04-04 17:29 . 2012-04-04 17:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-06 23:24 . 2012-04-06 23:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-04 17:29 . 2012-04-04 17:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-06 23:24 . 2012-04-06 23:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-22 01:55 . 2012-04-04 17:08 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-22 01:55 . 2012-04-06 21:55 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-06 21:55 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-04 17:30 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-16 11:50 . 2012-04-06 01:25 232466 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-04-04 15:00 660770 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 22:01 660770 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-04 15:00 121408 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-06 22:01 121408 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-06 23:23 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-04 17:28 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-06 21:55 4046848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-04 17:30 4046848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:45 . 2012-03-21 00:05 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-04-06 22:21 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2012-02-22 21:21 . 2012-04-04 17:28 1788048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-22 21:21 . 2012-04-06 23:23 1788048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-16 12:33 . 2012-04-06 23:23 1659776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1423387433-3382833353-3214529290-1000-8192.dat
+ 2012-02-22 22:21 . 2012-04-06 22:05 4159344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-02-22 22:21 . 2012-04-04 17:28 4159344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-04-06 21:55 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-04 17:30 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-03-20 23:59 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-06 22:17 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-17 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120406.002\IDSvia64.sys [2012-03-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-23 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 22:17]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 22:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-06 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.att.net
mStart Page = hxxp://www.att.net
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-04-06 19:32:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 23:32
ComboFix2.txt 2012-04-04 17:43
.
Pre-Run: 258,899,542,016 bytes free
Post-Run: 258,797,600,768 bytes free
.
- - End Of File - - 60546C06DCCC8C2F01E789043C79039B


And the new DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by christgirl13 at 19:44:48 on 2012-04-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1512 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
mStart Page = hxxp://www.att.net
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{37DB3708-E06B-4E9C-87C7-1BA2D6D429D1} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D87332B8-B543-404E-91DC-4A5E11F0ADFA} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D87332B8-B543-404E-91DC-4A5E11F0ADFA}\D616E64697 : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB-X64: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-17 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120406.002\IDSviA64.sys [2012-4-6 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-25 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-3-23 138232]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-2-22 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-2-22 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-23 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-2-22 57216]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-22 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-22 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-06 23:43:05 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-06 22:16:29 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-06 22:16:26 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-06 22:16:25 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-06 22:04:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-06 22:02:23 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE47028C-9E28-4F79-BDEE-84B5DCCE8482}\mpengine.dll
2012-04-04 14:24:32 98816 ----a-w- C:\windows\sed.exe
2012-04-04 14:24:32 518144 ----a-w- C:\windows\SWREG.exe
2012-04-04 14:24:32 256000 ----a-w- C:\windows\PEV.exe
2012-04-04 14:24:32 208896 ----a-w- C:\windows\MBR.exe
2012-03-26 00:10:04 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\Malwarebytes
2012-03-26 00:09:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-26 00:09:38 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-26 00:09:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-25 20:49:11 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-24 12:59:13 -------- d-----w- C:\Users\christgirl13\AppData\Local\SoftGrid Client
2012-03-24 12:59:06 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\SoftGrid Client
2012-03-24 12:53:29 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-03-24 12:51:54 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\TP
2012-03-23 17:14:22 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-03-23 13:46:00 286720 ----a-w- C:\windows\iun506.exe
2012-03-23 12:06:54 451192 ----a-r- C:\windows\System32\drivers\NISx64\1306020.00A\symds64.sys
2012-03-23 12:06:54 405624 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\symnets.sys
2012-03-23 12:06:54 37496 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys
2012-03-23 12:06:54 1092728 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\symefa64.sys
2012-03-23 12:06:53 738936 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys
2012-03-23 12:06:53 190072 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\ironx64.sys
2012-03-23 12:06:53 167048 ----a-w- C:\windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys
2012-03-23 12:06:21 -------- d-----w- C:\windows\System32\drivers\NISx64\1306020.00A
2012-03-22 13:43:10 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6D84.tmp
2012-03-22 13:43:10 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6D83.tmp
2012-03-22 11:59:56 -------- d-----w- C:\Program Files (x86)\Learn to Play Bridge 2
2012-03-22 11:58:49 -------- d-----w- C:\Program Files (x86)\Learn to Play Bridge
2012-03-22 02:07:26 -------- d-----w- C:\ProgramData\ATTYToolbar
2012-03-22 02:07:11 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-03-22 01:02:30 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2012-03-21 21:30:27 38912 ----a-w- C:\windows\System32\Spool\prtprocs\x64\EP0NPP01.DLL
2012-03-21 00:11:01 -------- d-----w- C:\Users\christgirl13\AppData\Local\Diagnostics
2012-03-20 23:58:33 -------- d-----w- C:\windows\SysWow64\Wat
2012-03-20 23:58:33 -------- d-----w- C:\windows\System32\Wat
2012-03-18 21:13:59 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-03-18 21:13:58 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-03-18 21:13:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-03-18 20:55:07 -------- d-----w- C:\Users\christgirl13\AppData\Local\Kjs.AppLife.Update
2012-03-18 17:58:38 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DB34.tmp
2012-03-18 17:58:38 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DB33.tmp
2012-03-18 16:56:54 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-03-18 16:55:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-18 16:44:38 77312 ----a-w- C:\windows\System32\packager.dll
2012-03-18 16:44:38 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-03-18 16:40:16 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-18 16:40:16 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-18 16:40:16 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-18 16:39:57 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-18 16:39:57 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-18 16:39:57 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-18 16:39:57 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-17 23:30:08 -------- d-----w- C:\Users\christgirl13\AppData\Local\Wild Tangent
2012-03-17 15:05:13 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\Tific
2012-03-16 12:04:10 -------- d-----w- C:\Users\christgirl13\AppData\Local\Microsoft Games
2012-03-16 11:51:54 -------- d-----w- C:\ProgramData\Toshiba Book Place
2012-03-16 11:51:10 -------- d-----w- C:\Users\christgirl13\AppData\Roaming\Book Place
2012-03-16 11:24:27 -------- d-----w- C:\Users\christgirl13\AppData\Local\Google
2012-03-16 11:23:28 -------- d-----w- C:\Users\christgirl13\AppData\Local\ATI
2012-03-16 11:23:21 -------- d-----w- C:\Users\christgirl13\AppData\Local\TOSHIBA
2012-03-16 11:22:00 -------- d-----w- C:\Users\christgirl13\AppData\Local\VirtualStore
2012-03-16 11:21:22 13 --sha-r- C:\windows\System32\drivers\fbd.sys
.
==================== Find3M ====================
.
2012-03-28 13:14:11 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-02-23 13:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-22 22:26:10 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-22 21:18:37 0 ----a-w- C:\windows\ativpsrm.bin
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 19:47:39.44 ===============


There you go. One quick question, which you may or may not be able to answer. After Combofix finished running both times, I immediately tried to run DDS and turn Malwarebytes back on before rebooting. Each time, both programs came back with an error message stating something along the lines of "trying to access a registry key marked for deletion." After rebooting, the programs worked like normal. Is that a normal Combofix thing or is it an indicator of further problems?

Edited by ObsoleteSpoon, 06 April 2012 - 06:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users