Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

I have a virus that won't let me go to many sites

(In Progress)
(!)

mrepic13's Avatar
mrepic13 mrepic13 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Apr 2013
Experience: Beginner
12-Apr-2013, 12:00 AM #1
Angry I have a virus that won't let me go to many sites
i just want to say that i am a complete idiot
I know a scam when i see one, but i just like to see how big of a scam. I downloaded and ran a supposed "minecraft premium account generator" expecting Norton360 to pick up a virus, but nothing happened. So i deleted it and any trace of it and returned to my work. That is when it all started. I could not go to sites such as youtube, facebook, twitter, google, bing, or reddit. Malwarebytes is infinitly quarantining svchost.exe as a trojan.agent. I have no idea what to do.

Here is my HighJackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:54:28 PM, on 4/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\User\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 50.115.114.28 linkz.it
O1 - Hosts: 50.115.114.28 www.linkz.it
O1 - Hosts: 50.115.114.28 facebook.com
O1 - Hosts: 50.115.114.28 www.facebook.com
O1 - Hosts: 50.115.114.28 wikipedia.org
O1 - Hosts: 50.115.114.28 www.wikipedia.org
O1 - Hosts: 50.115.114.28 bing.com
O1 - Hosts: 50.115.114.28 www.bing.com
O1 - Hosts: 50.115.114.28 pinterest.com
O1 - Hosts: 50.115.114.28 www.pinterest.com
O1 - Hosts: 50.115.114.28 imdb.com
O1 - Hosts: 50.115.114.28 www.imdb.com
O1 - Hosts: 50.115.114.28 twitter.com
O1 - Hosts: 50.115.114.28 www.twitter.com
O1 - Hosts: 50.115.114.28 youtube.com
O1 - Hosts: 50.115.114.28 www.youtube.com
O1 - Hosts: 50.115.114.28 baidu.com
O1 - Hosts: 50.115.114.28 www.baidu.com
O1 - Hosts: 50.115.114.28 live.com
O1 - Hosts: 50.115.114.28 www.live.com
O1 - Hosts: 50.115.114.28 amazon.com
O1 - Hosts: 50.115.114.28 www.amazon.com
O1 - Hosts: 50.115.114.28 linkedin.com
O1 - Hosts: 50.115.114.28 www.linkedin.com
O1 - Hosts: 50.115.114.28 paypal.com
O1 - Hosts: 50.115.114.28 www.paypal.com
O1 - Hosts: 50.115.114.28 yahoo.com
O1 - Hosts: 50.115.114.28 www.yahoo.com
O1 - Hosts: 50.115.114.28 minecraft.com
O1 - Hosts: 50.115.114.28 www.minecraft.com
O1 - Hosts: 50.115.114.28 amazon.com
O1 - Hosts: 50.115.114.28 www.amazon.com
O1 - Hosts: 50.115.114.28 blogspot.com
O1 - Hosts: 50.115.114.28 www.blogspot.com
O1 - Hosts: 50.115.114.28 linkedin.com
O1 - Hosts: 50.115.114.28 www.linkedin.com
O1 - Hosts: 50.115.114.28 msn.com
O1 - Hosts: 50.115.114.28 www.msn.com
O1 - Hosts: 50.115.114.28 search.msn.com
O1 - Hosts: 50.115.114.28 www.search.msn.com
O1 - Hosts: 50.115.114.28 lycos.com
O1 - Hosts: 50.115.114.28 www.lycos.com
O1 - Hosts: 50.115.114.28 minecraftforum.net
O1 - Hosts: 50.115.114.28 www.minecraftforum.net
O1 - Hosts: 50.115.114.28 mojang.com
O1 - Hosts: 50.115.114.28 www.mojang.com
O1 - Hosts: 50.115.114.28 mediafire.com
O1 - Hosts: 50.115.114.28 www.mediafire.com
O1 - Hosts: 50.115.114.28 paypal.com
O1 - Hosts: 50.115.114.28 www.paypal.com
O1 - Hosts: 50.115.114.28 xvideos.com
O1 - Hosts: 50.115.114.28 www.xvideos.com
O1 - Hosts: 50.115.114.28 redtube.com
O1 - Hosts: 50.115.114.28 www.redtube.com
O1 - Hosts: 50.115.114.28 youporn.com
O1 - Hosts: 50.115.114.28 www.youporn.com
O1 - Hosts: 50.115.114.28 pornhub.com
O1 - Hosts: 50.115.114.28 www.pornhub.com
O1 - Hosts: 50.115.114.28 ebay.com
O1 - Hosts: 50.115.114.28 www.ebay.com
O1 - Hosts: 50.115.114.28 wordpress.com
O1 - Hosts: 50.115.114.28 www.wordpress.com
O1 - Hosts: 50.115.114.28 tumblr.com
O1 - Hosts: 50.115.114.28 www.tumblr.com
O1 - Hosts: 50.115.114.28 reddit.com
O1 - Hosts: 50.115.114.28 www.reddit.com
O1 - Hosts: 50.115.114.28 google.com
O1 - Hosts: 50.115.114.28 www.google.com
O1 - Hosts: 50.115.114.28 google.ae
O1 - Hosts: 50.115.114.28 www.google.ae
O1 - Hosts: 50.115.114.28 google.com.af
O1 - Hosts: 50.115.114.28 www.google.com.af
O1 - Hosts: 50.115.114.28 google.com.ag
O1 - Hosts: 50.115.114.28 www.google.com.ag
O1 - Hosts: 50.115.114.28 google.off.ai
O1 - Hosts: 50.115.114.28 www.google.off.ai
O1 - Hosts: 50.115.114.28 google.am
O1 - Hosts: 50.115.114.28 www.google.am
O1 - Hosts: 50.115.114.28 google.com.ar
O1 - Hosts: 50.115.114.28 www.google.com.ar
O1 - Hosts: 50.115.114.28 google.as
O1 - Hosts: 50.115.114.28 www.google.as
O1 - Hosts: 50.115.114.28 google.at
O1 - Hosts: 50.115.114.28 www.google.at
O1 - Hosts: 50.115.114.28 google.com.au
O1 - Hosts: 50.115.114.28 www.google.com.au
O1 - Hosts: 50.115.114.28 google.az
O1 - Hosts: 50.115.114.28 www.google.az
O1 - Hosts: 50.115.114.28 google.ba
O1 - Hosts: 50.115.114.28 www.google.ba
O1 - Hosts: 50.115.114.28 google.com.bd
O1 - Hosts: 50.115.114.28 www.google.com.bd
O1 - Hosts: 50.115.114.28 google.be
O1 - Hosts: 50.115.114.28 www.google.be
O1 - Hosts: 50.115.114.28 google.bg
O1 - Hosts: 50.115.114.28 www.google.bg
O1 - Hosts: 50.115.114.28 google.bi
O1 - Hosts: 50.115.114.28 www.google.bi
O1 - Hosts: 50.115.114.28 google.com.bo
O1 - Hosts: 50.115.114.28 www.google.com.bo
O1 - Hosts: 50.115.114.28 google.com.br
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll
O2 - BHO: visualbee Helper Object - {66F57190-01EB-45A6-8260-7895267209F7} - C:\Program Files (x86)\visualbee\visualbee\1.8.9.1\bh\visualbee.dll (file missing)
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll
O3 - Toolbar: visualbee Toolbar - {610AF794-9293-4129-9FAF-A81BBDFBFA14} - C:\Program Files (x86)\visualbee\visualbee\1.8.9.1\visualbeeTlbr.dll (file missing)
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SMessaging] C:\Users\User\AppData\Local\Strongvault Online Backup\SMessaging.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Wallpaper Changer] C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized
O4 - Startup: Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 18174 bytes

it said that i should delete my "hosts" file. Should i? Will that fix it? Please respond
mrepic13's Avatar
mrepic13 mrepic13 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Apr 2013
Experience: Beginner
17-Apr-2013, 07:44 PM #2
hello? can i get some help???
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
18-Apr-2013, 08:37 PM #3
Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


Having said that.... Let's get going!!
----------

Please download aswMBR to your desktop.
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


Click the image to enlarge it
----------

Could you also post the log that Malwarebytes created?
mrepic13's Avatar
mrepic13 mrepic13 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Apr 2013
Experience: Beginner
20-Apr-2013, 09:17 AM #4
here is the aswMBR log. Not sure if this is correct but here it is.

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-19 17:47:04
-----------------------------
17:47:04.589 OS Version: Windows x64 6.1.7601 Service Pack 1
17:47:04.589 Number of processors: 2 586 0x2A07
17:47:04.590 ComputerName: AUSTINS-LAPTOP UserName: User
17:47:08.578 Initialize success
17:47:23.497 AVAST engine defs: 13041900
17:47:30.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:47:30.669 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
17:47:30.671 Device \Driver\iaStor -> MajorFunction fffffa8007d7a5e8
17:47:30.674 Disk 0 MBR read successfully
17:47:30.676 Disk 0 MBR scan
17:47:30.680 Disk 0 Windows VISTA default MBR code
17:47:30.689 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
17:47:30.704 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288988 MB offset 3074048
17:47:30.745 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14756 MB offset 594921472
17:47:30.864 Disk 0 scanning C:\windows\system32\drivers
17:47:53.867 Service scanning
17:48:42.515 Modules scanning
17:48:42.515 Disk 0 trace - called modules:
17:48:42.518 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007d7a5e8]<<
17:48:42.519 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005eff060]
17:48:42.519 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa80059d5e40]
17:48:42.520 5 ACPI.sys[fffff88000fb07a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80059d9050]
17:48:42.520 \Driver\iaStor[0xfffffa8007d02c00] -> IRP_MJ_CREATE -> 0xfffffa8007d7a5e8
17:48:46.415 AVAST engine scan C:\windows
17:48:59.421 AVAST engine scan C:\windows\system32
17:53:23.119 AVAST engine scan C:\windows\system32\drivers
17:53:42.862 AVAST engine scan C:\Users\User
17:54:54.713 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
17:54:54.725 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-19 17:47:04
-----------------------------
17:47:04.589 OS Version: Windows x64 6.1.7601 Service Pack 1
17:47:04.589 Number of processors: 2 586 0x2A07
17:47:04.590 ComputerName: AUSTINS-LAPTOP UserName: User
17:47:08.578 Initialize success
17:47:23.497 AVAST engine defs: 13041900
17:47:30.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:47:30.669 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
17:47:30.671 Device \Driver\iaStor -> MajorFunction fffffa8007d7a5e8
17:47:30.674 Disk 0 MBR read successfully
17:47:30.676 Disk 0 MBR scan
17:47:30.680 Disk 0 Windows VISTA default MBR code
17:47:30.689 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
17:47:30.704 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288988 MB offset 3074048
17:47:30.745 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14756 MB offset 594921472
17:47:30.864 Disk 0 scanning C:\windows\system32\drivers
17:47:53.867 Service scanning
17:48:42.515 Modules scanning
17:48:42.515 Disk 0 trace - called modules:
17:48:42.518 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007d7a5e8]<<
17:48:42.519 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005eff060]
17:48:42.519 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa80059d5e40]
17:48:42.520 5 ACPI.sys[fffff88000fb07a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80059d9050]
17:48:42.520 \Driver\iaStor[0xfffffa8007d02c00] -> IRP_MJ_CREATE -> 0xfffffa8007d7a5e8
17:48:46.415 AVAST engine scan C:\windows
17:48:59.421 AVAST engine scan C:\windows\system32
17:53:23.119 AVAST engine scan C:\windows\system32\drivers
17:53:42.862 AVAST engine scan C:\Users\User
17:54:54.713 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
17:54:54.725 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
20:45:28.095 AVAST engine scan C:\ProgramData
20:59:58.414 Scan finished successfully
21:23:52.025 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
21:23:52.077 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

here is the Malwarebytes log

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.10.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: AUSTINS-LAPTOP [administrator]
Protection: Enabled
4/9/2013 11:13:05 PM
mbam-log-2013-04-09 (23-13-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237700
Time elapsed: 6 minute(s), 57 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3616 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 52
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\powstak (Trojan.Symmi) -> Quarantined and deleted successfully.
HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclm lieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 7
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|powstak (Trojan.Symmi) -> Data: rundll32 "C:\windows\system32\config\systemprofile\AppData\Local\powstak.dll",powsta k -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
HKCR\ah|Content Type (Rogue.MultipleAV) -> Data: application/x-msdownload -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow|playbryte.com (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte|Publishe r (PUP.PlayBryte) -> Data: Playbryte -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_Show Search (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 12
C:\Users\User\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\User\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\User\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\User\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\User\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\User\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> Quarantined and deleted successfully.
Files Detected: 10
C:\Windows\System32\config\systemprofile\AppData\Local\powstak.dll (Trojan.Symmi) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\User\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\User\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\User\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.FunMoods) -> Quarantined and deleted successfully.
(end)

i'm getting all excited from knowing that this virus will soon be gone.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
20-Apr-2013, 10:10 AM #5
Hi,

Please download TDSSKiller
  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
mrepic13's Avatar
mrepic13 mrepic13 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Apr 2013
Experience: Beginner
20-Apr-2013, 04:20 PM #6
here is the TDSSKiller log

16:18:38.0437 11168 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:18:38.0916 11168 ============================================================
16:18:38.0916 11168 Current date / time: 2013/04/20 16:18:38.0916
16:18:38.0916 11168 SystemInfo:
16:18:38.0916 11168
16:18:38.0916 11168 OS Version: 6.1.7601 ServicePack: 1.0
16:18:38.0916 11168 Product type: Workstation
16:18:38.0916 11168 ComputerName: AUSTINS-LAPTOP
16:18:38.0916 11168 UserName: User
16:18:38.0916 11168 Windows directory: C:\windows
16:18:38.0916 11168 System windows directory: C:\windows
16:18:38.0916 11168 Running under WOW64
16:18:38.0916 11168 Processor architecture: Intel x64
16:18:38.0916 11168 Number of processors: 2
16:18:38.0916 11168 Page size: 0x1000
16:18:38.0916 11168 Boot type: Normal boot
16:18:38.0916 11168 ============================================================
16:18:40.0807 11168 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:18:41.0036 11168 ============================================================
16:18:41.0036 11168 \Device\Harddisk0\DR0:
16:18:41.0074 11168 MBR partitions:
16:18:41.0074 11168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2346E000
16:18:41.0074 11168 ============================================================
16:18:41.0115 11168 C: <-> \Device\Harddisk0\DR0\Partition1
16:18:41.0115 11168 ============================================================
16:18:41.0115 11168 Initialize success
16:18:41.0115 11168 ============================================================
16:18:43.0993 0964 ============================================================
16:18:43.0993 0964 Scan started
16:18:43.0993 0964 Mode: Manual;
16:18:43.0993 0964 ============================================================
16:18:50.0247 0964 ================ Scan system memory ========================
16:18:50.0247 0964 System memory - ok
16:18:50.0251 0964 ================ Scan services =============================
16:18:50.0823 0964 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
16:18:50.0902 0964 1394ohci - ok
16:18:50.0961 0964 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
16:18:50.0966 0964 ACPI - ok
16:18:51.0022 0964 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
16:18:51.0112 0964 AcpiPmi - ok
16:18:51.0327 0964 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:18:51.0364 0964 AdobeARMservice - ok
16:18:51.0513 0964 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:18:51.0516 0964 AdobeFlashPlayerUpdateSvc - ok
16:18:51.0571 0964 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
16:18:51.0578 0964 adp94xx - ok
16:18:51.0632 0964 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
16:18:51.0638 0964 adpahci - ok
16:18:51.0684 0964 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
16:18:51.0687 0964 adpu320 - ok
16:18:51.0718 0964 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
16:18:51.0719 0964 AeLookupSvc - ok
16:18:51.0797 0964 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
16:18:51.0806 0964 AFD - ok
16:18:51.0844 0964 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
16:18:51.0845 0964 agp440 - ok
16:18:51.0879 0964 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
16:18:51.0881 0964 ALG - ok
16:18:51.0901 0964 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
16:18:51.0903 0964 aliide - ok
16:18:51.0927 0964 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
16:18:51.0929 0964 amdide - ok
16:18:52.0002 0964 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
16:18:52.0004 0964 AmdK8 - ok
16:18:52.0025 0964 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
16:18:52.0027 0964 AmdPPM - ok
16:18:52.0097 0964 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
16:18:52.0104 0964 amdsata - ok
16:18:52.0110 0964 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
16:18:52.0113 0964 amdsbs - ok
16:18:52.0146 0964 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
16:18:52.0147 0964 amdxata - ok
16:18:52.0227 0964 [ 1B7D1F0A0DFADBC797C16364792A7AA5 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
16:18:52.0232 0964 Amsp - ok
16:18:52.0259 0964 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
16:18:52.0260 0964 AppID - ok
16:18:52.0292 0964 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
16:18:52.0294 0964 AppIDSvc - ok
16:18:52.0314 0964 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
16:18:52.0315 0964 Appinfo - ok
16:18:52.0334 0964 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
16:18:52.0335 0964 arc - ok
16:18:52.0346 0964 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
16:18:52.0349 0964 arcsas - ok
16:18:52.0387 0964 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
16:18:52.0388 0964 AsyncMac - ok
16:18:52.0422 0964 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
16:18:52.0424 0964 atapi - ok
16:18:52.0476 0964 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:18:52.0485 0964 AudioEndpointBuilder - ok
16:18:52.0496 0964 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
16:18:52.0500 0964 AudioSrv - ok
16:18:52.0542 0964 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
16:18:52.0544 0964 AxInstSV - ok
16:18:52.0589 0964 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
16:18:52.0595 0964 b06bdrv - ok
16:18:52.0638 0964 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
16:18:52.0648 0964 b57nd60a - ok
16:18:52.0686 0964 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
16:18:52.0688 0964 BDESVC - ok
16:18:52.0704 0964 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
16:18:52.0705 0964 Beep - ok
16:18:52.0979 0964 [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130412.001\BHDrvx64.sys
16:18:52.0995 0964 BHDrvx64 - ok
16:18:53.0035 0964 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
16:18:53.0036 0964 blbdrive - ok
16:18:53.0076 0964 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
16:18:53.0078 0964 bowser - ok
16:18:53.0105 0964 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
16:18:53.0106 0964 BrFiltLo - ok
16:18:53.0122 0964 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
16:18:53.0123 0964 BrFiltUp - ok
16:18:53.0145 0964 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
16:18:53.0148 0964 Browser - ok
16:18:53.0172 0964 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
16:18:53.0178 0964 Brserid - ok
16:18:53.0186 0964 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
16:18:53.0187 0964 BrSerWdm - ok
16:18:53.0239 0964 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
16:18:53.0241 0964 BrUsbMdm - ok
16:18:53.0248 0964 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
16:18:53.0250 0964 BrUsbSer - ok
16:18:53.0264 0964 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
16:18:53.0266 0964 BTHMODEM - ok
16:18:53.0314 0964 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
16:18:53.0316 0964 bthserv - ok
16:18:53.0413 0964 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys
16:18:53.0418 0964 ccSet_N360 - ok
16:18:53.0459 0964 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
16:18:53.0463 0964 cdfs - ok
16:18:53.0494 0964 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
16:18:53.0496 0964 cdrom - ok
16:18:53.0531 0964 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
16:18:53.0533 0964 CertPropSvc - ok
16:18:53.0573 0964 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
16:18:53.0575 0964 circlass - ok
16:18:53.0607 0964 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
16:18:53.0612 0964 CLFS - ok
16:18:53.0680 0964 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:18:53.0684 0964 clr_optimization_v2.0.50727_32 - ok
16:18:53.0732 0964 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:18:53.0746 0964 clr_optimization_v2.0.50727_64 - ok
16:18:53.0805 0964 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:18:53.0823 0964 clr_optimization_v4.0.30319_32 - ok
16:18:53.0859 0964 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:18:53.0862 0964 clr_optimization_v4.0.30319_64 - ok
16:18:53.0878 0964 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
16:18:53.0879 0964 CmBatt - ok
16:18:53.0898 0964 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
16:18:53.0899 0964 cmdide - ok
16:18:53.0963 0964 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
16:18:53.0969 0964 CNG - ok
16:18:54.0039 0964 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
16:18:54.0040 0964 Compbatt - ok
16:18:54.0072 0964 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
16:18:54.0075 0964 CompositeBus - ok
16:18:54.0089 0964 COMSysApp - ok
16:18:54.0113 0964 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
16:18:54.0115 0964 crcdisk - ok
16:18:54.0191 0964 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
16:18:54.0195 0964 CryptSvc - ok
16:18:54.0230 0964 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
16:18:54.0331 0964 DcomLaunch - ok
16:18:54.0364 0964 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
16:18:54.0369 0964 defragsvc - ok
16:18:54.0399 0964 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
16:18:54.0401 0964 DfsC - ok
16:18:54.0452 0964 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
16:18:54.0456 0964 Dhcp - ok
16:18:54.0493 0964 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
16:18:54.0495 0964 discache - ok
16:18:54.0521 0964 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
16:18:54.0523 0964 Disk - ok
16:18:54.0539 0964 DLPortIO - ok
16:18:54.0584 0964 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
16:18:54.0586 0964 Dnscache - ok
16:18:54.0613 0964 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
16:18:54.0617 0964 dot3svc - ok
16:18:54.0625 0964 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
16:18:54.0628 0964 DPS - ok
16:18:54.0667 0964 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
16:18:54.0668 0964 drmkaud - ok
16:18:54.0716 0964 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
16:18:54.0729 0964 DXGKrnl - ok
16:18:54.0758 0964 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
16:18:54.0763 0964 EapHost - ok
16:18:54.0857 0964 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
16:18:54.0962 0964 ebdrv - ok
16:18:55.0105 0964 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:18:55.0112 0964 eeCtrl - ok
16:18:55.0148 0964 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
16:18:55.0150 0964 EFS - ok
16:18:55.0216 0964 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
16:18:55.0226 0964 ehRecvr - ok
16:18:55.0238 0964 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
16:18:55.0244 0964 ehSched - ok
16:18:55.0342 0964 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
16:18:55.0354 0964 elxstor - ok
16:18:55.0417 0964 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:18:55.0420 0964 EraserUtilRebootDrv - ok
16:18:55.0439 0964 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
16:18:55.0441 0964 ErrDev - ok
16:18:55.0486 0964 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
16:18:55.0492 0964 EventSystem - ok
16:18:55.0518 0964 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
16:18:55.0521 0964 exfat - ok
16:18:55.0547 0964 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
16:18:55.0552 0964 fastfat - ok
16:18:55.0601 0964 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
16:18:55.0612 0964 Fax - ok
16:18:55.0644 0964 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
16:18:55.0646 0964 fdc - ok
16:18:55.0675 0964 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
16:18:55.0676 0964 fdPHost - ok
16:18:55.0697 0964 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
16:18:55.0698 0964 FDResPub - ok
16:18:55.0720 0964 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
16:18:55.0723 0964 FileInfo - ok
16:18:55.0737 0964 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
16:18:55.0739 0964 Filetrace - ok
16:18:55.0791 0964 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
16:18:55.0793 0964 flpydisk - ok
16:18:55.0813 0964 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
16:18:55.0818 0964 FltMgr - ok
16:18:55.0864 0964 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
16:18:55.0879 0964 FontCache - ok
16:18:55.0923 0964 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:18:55.0925 0964 FontCache3.0.0.0 - ok
16:18:55.0984 0964 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
16:18:55.0987 0964 FsDepends - ok
16:18:56.0014 0964 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
16:18:56.0016 0964 Fs_Rec - ok
16:18:56.0054 0964 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
16:18:56.0067 0964 fvevol - ok
16:18:56.0104 0964 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
16:18:56.0106 0964 gagp30kx - ok
16:18:56.0171 0964 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:18:56.0179 0964 GamesAppService - ok
16:18:56.0220 0964 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:18:56.0223 0964 GEARAspiWDM - ok
16:18:56.0307 0964 [ ABF716B0F257D71D499F2DFEA8E6FD7A ] gfiark C:\windows\system32\drivers\gfiark.sys
16:18:56.0309 0964 gfiark - ok
16:18:56.0382 0964 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\windows\system32\drivers\gfibto.sys
16:18:56.0385 0964 gfibto - ok
16:18:56.0424 0964 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
16:18:56.0427 0964 GFNEXSrv - ok
16:18:56.0467 0964 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
16:18:56.0479 0964 gpsvc - ok
16:18:56.0518 0964 gupdate - ok
16:18:56.0549 0964 gupdatem - ok
16:18:56.0582 0964 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
16:18:56.0584 0964 hcw85cir - ok
16:18:56.0641 0964 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:18:56.0646 0964 HdAudAddService - ok
16:18:56.0685 0964 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
16:18:56.0687 0964 HDAudBus - ok
16:18:56.0695 0964 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
16:18:56.0698 0964 HidBatt - ok
16:18:56.0731 0964 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
16:18:56.0735 0964 HidBth - ok
16:18:56.0744 0964 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
16:18:56.0746 0964 HidIr - ok
16:18:56.0785 0964 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
16:18:56.0788 0964 hidserv - ok
16:18:56.0829 0964 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
16:18:56.0832 0964 HidUsb - ok
16:18:56.0855 0964 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
16:18:56.0859 0964 hkmsvc - ok
16:18:56.0868 0964 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:18:56.0872 0964 HomeGroupListener - ok
16:18:56.0909 0964 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:18:56.0913 0964 HomeGroupProvider - ok
16:18:56.0939 0964 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
16:18:56.0941 0964 HpSAMD - ok
16:18:56.0990 0964 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
16:18:57.0001 0964 HTTP - ok
16:18:57.0018 0964 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
16:18:57.0020 0964 hwpolicy - ok
16:18:57.0103 0964 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
16:18:57.0119 0964 i8042prt - ok
16:18:57.0188 0964 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
16:18:57.0192 0964 iaStor - ok
16:18:57.0244 0964 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
16:18:57.0252 0964 iaStorV - ok
16:18:57.0326 0964 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:18:57.0339 0964 idsvc - ok
16:18:57.0485 0964 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130419.001\IDSvia64.sys
16:18:57.0493 0964 IDSVia64 - ok
16:18:58.0840 0964 [ 370C2A8629B30F910F740387795DDC6F ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
16:18:59.0222 0964 igfx - ok
16:18:59.0279 0964 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
16:18:59.0346 0964 iirsp - ok
16:18:59.0506 0964 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
16:18:59.0520 0964 IKEEXT - ok
16:18:59.0802 0964 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
16:19:00.0044 0964 IntcAzAudAddService - ok
16:19:00.0196 0964 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
16:19:00.0237 0964 IntcDAud - ok
16:19:00.0276 0964 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
16:19:00.0279 0964 intelide - ok
16:19:00.0360 0964 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
16:19:00.0410 0964 intelppm - ok
16:19:00.0520 0964 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
16:19:00.0620 0964 IPBusEnum - ok
16:19:00.0679 0964 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
16:19:00.0681 0964 IpFilterDriver - ok
16:19:00.0712 0964 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
16:19:00.0723 0964 IPMIDRV - ok
16:19:00.0973 0964 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
16:19:01.0013 0964 IPNAT - ok
16:19:01.0094 0964 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
16:19:01.0096 0964 IRENUM - ok
16:19:01.0219 0964 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
16:19:01.0271 0964 isapnp - ok
16:19:01.0297 0964 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
16:19:01.0302 0964 iScsiPrt - ok
16:19:01.0333 0964 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
16:19:01.0335 0964 kbdclass - ok
16:19:01.0394 0964 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
16:19:01.0402 0964 kbdhid - ok
16:19:01.0426 0964 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
16:19:01.0428 0964 KeyIso - ok
16:19:01.0493 0964 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
16:19:01.0497 0964 KSecDD - ok
16:19:01.0527 0964 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
16:19:01.0530 0964 KSecPkg - ok
16:19:01.0595 0964 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
16:19:01.0597 0964 ksthunk - ok
16:19:01.0702 0964 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
16:19:01.0709 0964 KtmRm - ok
16:19:01.0843 0964 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
16:19:01.0899 0964 LanmanServer - ok
16:19:01.0946 0964 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:19:01.0948 0964 LanmanWorkstation - ok
16:19:02.0011 0964 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
16:19:02.0013 0964 lltdio - ok
16:19:02.0083 0964 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
16:19:02.0088 0964 lltdsvc - ok
16:19:02.0110 0964 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
16:19:02.0112 0964 lmhosts - ok
16:19:02.0442 0964 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:19:02.0446 0964 LMS - ok
16:19:02.0516 0964 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
16:19:02.0518 0964 LSI_FC - ok
16:19:02.0586 0964 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
16:19:02.0593 0964 LSI_SAS - ok
16:19:02.0601 0964 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
16:19:02.0602 0964 LSI_SAS2 - ok
16:19:02.0610 0964 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
16:19:02.0613 0964 LSI_SCSI - ok
16:19:02.0649 0964 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
16:19:02.0652 0964 luafv - ok
16:19:02.0824 0964 [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam C:\windows\system32\DRIVERS\mcvidrv_x64.sys
16:19:02.0825 0964 ManyCam - ok
16:19:02.0864 0964 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
16:19:02.0866 0964 MBAMProtector - ok
16:19:02.0938 0964 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:19:02.0945 0964 MBAMScheduler - ok
16:19:03.0008 0964 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:19:03.0016 0964 MBAMService - ok
16:19:03.0064 0964 [ 5858C4ABE87D0A842A941D6BD08038F1 ] mcaudrv_simple C:\windows\system32\drivers\mcaudrv_x64.sys
16:19:03.0066 0964 mcaudrv_simple - ok
16:19:03.0101 0964 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
16:19:03.0104 0964 Mcx2Svc - ok
16:19:03.0140 0964 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
16:19:03.0141 0964 megasas - ok
16:19:03.0208 0964 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
16:19:03.0213 0964 MegaSR - ok
16:19:03.0277 0964 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
16:19:03.0279 0964 MEIx64 - ok
16:19:03.0350 0964 Microsoft SharePoint Workspace Audit Service - ok
16:19:03.0377 0964 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
16:19:03.0379 0964 MMCSS - ok
16:19:03.0404 0964 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
16:19:03.0406 0964 Modem - ok
16:19:03.0444 0964 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
16:19:03.0447 0964 monitor - ok
16:19:03.0473 0964 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
16:19:03.0474 0964 mouclass - ok
16:19:03.0494 0964 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
16:19:03.0496 0964 mouhid - ok
16:19:03.0513 0964 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
16:19:03.0515 0964 mountmgr - ok
16:19:03.0607 0964 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:19:03.0610 0964 MozillaMaintenance - ok
16:19:03.0659 0964 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
16:19:03.0662 0964 mpio - ok
16:19:03.0690 0964 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
16:19:03.0692 0964 mpsdrv - ok
16:19:03.0701 0964 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:19:03.0703 0964 MRxDAV - ok
16:19:03.0726 0964 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:19:03.0729 0964 mrxsmb - ok
16:19:03.0768 0964 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:19:03.0773 0964 mrxsmb10 - ok
16:19:03.0792 0964 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:19:03.0795 0964 mrxsmb20 - ok
16:19:03.0832 0964 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
16:19:03.0834 0964 msahci - ok
16:19:03.0855 0964 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
16:19:03.0858 0964 msdsm - ok
16:19:03.0900 0964 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
16:19:03.0903 0964 MSDTC - ok
16:19:03.0936 0964 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
16:19:03.0941 0964 Msfs - ok
16:19:04.0023 0964 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:19:04.0024 0964 mshidkmdf - ok
16:19:04.0034 0964 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
16:19:04.0035 0964 msisadrv - ok
16:19:04.0079 0964 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:19:04.0083 0964 MSiSCSI - ok
16:19:04.0089 0964 msiserver - ok
16:19:04.0141 0964 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:19:04.0143 0964 MSKSSRV - ok
16:19:04.0162 0964 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:19:04.0163 0964 MSPCLOCK - ok
16:19:04.0171 0964 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:19:04.0172 0964 MSPQM - ok
16:19:04.0194 0964 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:19:04.0200 0964 MsRPC - ok
16:19:04.0214 0964 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
16:19:04.0215 0964 mssmbios - ok
16:19:04.0241 0964 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:19:04.0243 0964 MSTEE - ok
16:19:04.0254 0964 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
16:19:04.0256 0964 MTConfig - ok
16:19:04.0277 0964 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
16:19:04.0279 0964 Mup - ok
16:19:04.0402 0964 [ 241BD3019FB31E812A51B31B06906335 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
16:19:04.0404 0964 N360 - ok
16:19:04.0444 0964 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
16:19:04.0454 0964 napagent - ok
16:19:04.0509 0964 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:19:04.0514 0964 NativeWifiP - ok
16:19:04.0639 0964 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130419.020\ENG64.SYS
16:19:04.0657 0964 NAVENG - ok
16:19:04.0744 0964 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130419.020\EX64.SYS
16:19:04.0768 0964 NAVEX15 - ok
16:19:04.0859 0964 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
16:19:04.0871 0964 NDIS - ok
16:19:04.0902 0964 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:19:04.0903 0964 NdisCap - ok
16:19:04.0945 0964 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:19:04.0947 0964 NdisTapi - ok
16:19:04.0965 0964 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:19:04.0967 0964 Ndisuio - ok
16:19:04.0988 0964 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:19:04.0991 0964 NdisWan - ok
16:19:05.0007 0964 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:19:05.0015 0964 NDProxy - ok
16:19:05.0049 0964 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:19:05.0050 0964 NetBIOS - ok
16:19:05.0069 0964 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:19:05.0073 0964 NetBT - ok
16:19:05.0094 0964 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
16:19:05.0095 0964 Netlogon - ok
16:19:05.0130 0964 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
16:19:05.0135 0964 Netman - ok
16:19:05.0171 0964 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
16:19:05.0178 0964 netprofm - ok
16:19:05.0214 0964 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:19:05.0216 0964 NetTcpPortSharing - ok
16:19:05.0251 0964 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
16:19:05.0258 0964 nfrd960 - ok
16:19:05.0352 0964 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
16:19:05.0357 0964 NlaSvc - ok
16:19:05.0490 0964 Norton PC Checkup Application Launcher - ok
16:19:05.0528 0964 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
16:19:05.0533 0964 Npfs - ok
16:19:05.0581 0964 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
16:19:05.0583 0964 nsi - ok
16:19:05.0617 0964 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:19:05.0619 0964 nsiproxy - ok
16:19:05.0689 0964 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:19:05.0708 0964 Ntfs - ok
16:19:05.0739 0964 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
16:19:05.0740 0964 Null - ok
16:19:05.0768 0964 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
16:19:05.0770 0964 nvraid - ok
16:19:05.0781 0964 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
16:19:05.0785 0964 nvstor - ok
16:19:05.0791 0964 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
16:19:05.0794 0964 nv_agp - ok
16:19:05.0801 0964 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
16:19:05.0803 0964 ohci1394 - ok
16:19:05.0877 0964 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:19:05.0881 0964 ose - ok
16:19:06.0089 0964 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:19:06.0244 0964 osppsvc - ok
16:19:06.0312 0964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:19:06.0321 0964 p2pimsvc - ok
16:19:06.0341 0964 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
16:19:06.0349 0964 p2psvc - ok
16:19:06.0419 0964 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
16:19:06.0421 0964 Parport - ok
16:19:06.0453 0964 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
16:19:06.0456 0964 partmgr - ok
16:19:06.0501 0964 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
16:19:06.0504 0964 PcaSvc - ok
16:19:06.0581 0964 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
16:19:06.0583 0964 PCCUJobMgr - ok
16:19:06.0619 0964 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
16:19:06.0622 0964 pci - ok
16:19:06.0634 0964 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
16:19:06.0635 0964 pciide - ok
16:19:06.0656 0964 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
16:19:06.0660 0964 pcmcia - ok
16:19:06.0687 0964 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
16:19:06.0689 0964 pcw - ok
16:19:06.0721 0964 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:19:06.0731 0964 PEAUTH - ok
16:19:06.0826 0964 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
16:19:06.0905 0964 PerfHost - ok
16:19:06.0959 0964 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
16:19:06.0961 0964 PGEffect - ok
16:19:07.0023 0964 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
16:19:07.0044 0964 pla - ok
16:19:07.0090 0964 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:19:07.0096 0964 PlugPlay - ok
16:19:07.0116 0964 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:19:07.0119 0964 PNRPAutoReg - ok
16:19:07.0145 0964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:19:07.0148 0964 PNRPsvc - ok
16:19:07.0189 0964 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:19:07.0196 0964 PolicyAgent - ok
16:19:07.0236 0964 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
16:19:07.0239 0964 Power - ok
16:19:07.0286 0964 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:19:07.0290 0964 PptpMiniport - ok
16:19:07.0352 0964 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
16:19:07.0354 0964 Processor - ok
16:19:07.0397 0964 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
16:19:07.0401 0964 ProfSvc - ok
16:19:07.0416 0964 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
16:19:07.0417 0964 ProtectedStorage - ok
16:19:07.0449 0964 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:19:07.0452 0964 Psched - ok
16:19:07.0511 0964 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
16:19:07.0530 0964 ql2300 - ok
16:19:07.0537 0964 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
16:19:07.0539 0964 ql40xx - ok
16:19:07.0583 0964 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
16:19:07.0588 0964 QWAVE - ok
16:19:07.0611 0964 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:19:07.0612 0964 QWAVEdrv - ok
16:19:07.0629 0964 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:19:07.0631 0964 RasAcd - ok
16:19:07.0658 0964 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:19:07.0659 0964 RasAgileVpn - ok
16:19:07.0689 0964 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
16:19:07.0693 0964 RasAuto - ok
16:19:07.0730 0964 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:19:07.0733 0964 Rasl2tp - ok
16:19:07.0752 0964 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
16:19:07.0759 0964 RasMan - ok
16:19:07.0785 0964 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:19:07.0787 0964 RasPppoe - ok
16:19:07.0811 0964 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:19:07.0816 0964 RasSstp - ok
16:19:07.0841 0964 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:19:07.0846 0964 rdbss - ok
16:19:07.0871 0964 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
16:19:07.0873 0964 rdpbus - ok
16:19:07.0895 0964 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:19:07.0896 0964 RDPCDD - ok
16:19:07.0932 0964 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:19:07.0936 0964 RDPENCDD - ok
16:19:07.0953 0964 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:19:07.0960 0964 RDPREFMP - ok
16:19:08.0032 0964 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:19:08.0035 0964 RDPWD - ok
16:19:08.0106 0964 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:19:08.0109 0964 rdyboost - ok
16:19:08.0136 0964 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
16:19:08.0140 0964 RemoteAccess - ok
16:19:08.0174 0964 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:19:08.0185 0964 RemoteRegistry - ok
16:19:08.0292 0964 [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
16:19:08.0296 0964 RichVideo - ok
16:19:08.0319 0964 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:19:08.0332 0964 RpcEptMapper - ok
16:19:08.0365 0964 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
16:19:08.0367 0964 RpcLocator - ok
16:19:08.0397 0964 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
16:19:08.0402 0964 RpcSs - ok
16:19:08.0444 0964 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:19:08.0446 0964 rspndr - ok
16:19:08.0487 0964 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
16:19:08.0491 0964 RSUSBSTOR - ok
16:19:08.0519 0964 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
16:19:08.0525 0964 RTL8167 - ok
16:19:08.0587 0964 [ E7D79600575F755614DD5D79B044D588 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
16:19:08.0600 0964 RTL8192Ce - ok
16:19:08.0616 0964 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
16:19:08.0617 0964 SamSs - ok
16:19:08.0641 0964 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
16:19:08.0643 0964 sbp2port - ok
16:19:08.0720 0964 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
16:19:08.0724 0964 SCardSvr - ok
16:19:08.0745 0964 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
16:19:08.0747 0964 scfilter - ok
16:19:08.0791 0964 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
16:19:08.0804 0964 Schedule - ok
16:19:08.0832 0964 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
16:19:08.0834 0964 SCPolicySvc - ok
16:19:08.0861 0964 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
16:19:08.0865 0964 SDRSVC - ok
16:19:08.0897 0964 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
16:19:08.0899 0964 secdrv - ok
16:19:08.0917 0964 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
16:19:08.0925 0964 seclogon - ok
16:19:08.0953 0964 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
16:19:08.0955 0964 SENS - ok
16:19:08.0975 0964 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
16:19:08.0977 0964 SensrSvc - ok
16:19:09.0013 0964 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
16:19:09.0014 0964 Serenum - ok
16:19:09.0056 0964 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
16:19:09.0059 0964 Serial - ok
16:19:09.0066 0964 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
16:19:09.0068 0964 sermouse - ok
16:19:09.0105 0964 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
16:19:09.0108 0964 SessionEnv - ok
16:19:09.0140 0964 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
16:19:09.0143 0964 sffdisk - ok
16:19:09.0152 0964 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
16:19:09.0153 0964 sffp_mmc - ok
16:19:09.0160 0964 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
16:19:09.0163 0964 sffp_sd - ok
16:19:09.0188 0964 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
16:19:09.0189 0964 sfloppy - ok
16:19:09.0226 0964 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:19:09.0231 0964 ShellHWDetection - ok
16:19:09.0276 0964 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
16:19:09.0296 0964 SiSRaid2 - ok
16:19:09.0304 0964 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
16:19:09.0305 0964 SiSRaid4 - ok
16:19:09.0400 0964 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:19:09.0403 0964 SkypeUpdate - ok
16:19:09.0458 0964 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
16:19:09.0460 0964 Smb - ok
16:19:09.0508 0964 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
16:19:09.0519 0964 SNMPTRAP - ok
16:19:09.0541 0964 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
16:19:09.0542 0964 spldr - ok
16:19:09.0579 0964 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
16:19:09.0587 0964 Spooler - ok
16:19:09.0686 0964 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
16:19:09.0777 0964 sppsvc - ok
16:19:09.0796 0964 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
16:19:09.0799 0964 sppuinotify - ok
16:19:09.0905 0964 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\windows\System32\Drivers\N360x64\1403000.024\SRTSP64.SYS
16:19:09.0917 0964 SRTSP - ok
16:19:09.0968 0964 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\windows\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
16:19:09.0971 0964 SRTSPX - ok
16:19:10.0070 0964 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
16:19:10.0076 0964 srv - ok
16:19:10.0093 0964 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
16:19:10.0099 0964 srv2 - ok
16:19:10.0116 0964 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
16:19:10.0119 0964 srvnet - ok
16:19:10.0158 0964 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
16:19:10.0162 0964 SSDPSRV - ok
16:19:10.0178 0964 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
16:19:10.0181 0964 SstpSvc - ok
16:19:10.0221 0964 Steam Client Service - ok
16:19:10.0239 0964 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
16:19:10.0241 0964 stexstor - ok
16:19:10.0300 0964 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
16:19:10.0309 0964 stisvc - ok
16:19:10.0340 0964 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
16:19:10.0345 0964 swenum - ok
16:19:10.0399 0964 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
16:19:10.0407 0964 swprv - ok
16:19:10.0473 0964 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\windows\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
16:19:10.0480 0964 SymDS - ok
16:19:10.0544 0964 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\windows\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
16:19:10.0559 0964 SymEFA - ok
16:19:10.0606 0964 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
16:19:10.0611 0964 SymEvent - ok
16:19:10.0681 0964 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS
16:19:10.0684 0964 SymIRON - ok
16:19:10.0724 0964 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\windows\System32\Drivers\N360x64\1403000.024\SYMNETS.SYS
16:19:10.0730 0964 SymNetS - ok
16:19:10.0792 0964 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
16:19:10.0811 0964 SynTP - ok
16:19:10.0875 0964 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
16:19:10.0898 0964 SysMain - ok
16:19:10.0926 0964 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
16:19:10.0944 0964 TabletInputService - ok
16:19:10.0968 0964 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
16:19:10.0974 0964 TapiSrv - ok
16:19:10.0994 0964 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
16:19:10.0997 0964 TBS - ok
16:19:11.0068 0964 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
16:19:11.0093 0964 Tcpip - ok
16:19:11.0158 0964 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
16:19:11.0173 0964 TCPIP6 - ok
16:19:11.0208 0964 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
16:19:11.0209 0964 tcpipreg - ok
16:19:11.0236 0964 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
16:19:11.0238 0964 tdcmdpst - ok
16:19:11.0264 0964 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
16:19:11.0266 0964 TDPIPE - ok
16:19:11.0293 0964 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
16:19:11.0294 0964 TDTCP - ok
16:19:11.0322 0964 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
16:19:11.0324 0964 tdx - ok
16:19:11.0347 0964 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
16:19:11.0348 0964 TermDD - ok
16:19:11.0395 0964 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
16:19:11.0406 0964 TermService - ok
16:19:11.0417 0964 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
16:19:11.0419 0964 Themes - ok
16:19:11.0454 0964 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
16:19:11.0456 0964 THREADORDER - ok
16:19:11.0513 0964 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:19:11.0515 0964 TMachInfo - ok
16:19:11.0554 0964 [ E386DD8EC68C67CA3E2A3ABDC1DF5C56 ] tmactmon C:\windows\system32\DRIVERS\tmactmon.sys
16:19:11.0556 0964 tmactmon - ok
16:19:11.0585 0964 [ AB011C569487FD65C8944DDF8CBB2572 ] tmcomm C:\windows\system32\DRIVERS\tmcomm.sys
16:19:11.0595 0964 tmcomm - ok
16:19:11.0621 0964 [ 8870A3D7305455B47ADCCD226F8E51BC ] tmevtmgr C:\windows\system32\DRIVERS\tmevtmgr.sys
16:19:11.0623 0964 tmevtmgr - ok
16:19:11.0644 0964 [ 065CB7D9278D778FB9EF62CEAD01433F ] tmtdi C:\windows\system32\DRIVERS\tmtdi.sys
16:19:11.0646 0964 tmtdi - ok
16:19:11.0669 0964 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
16:19:11.0672 0964 TODDSrv - ok
16:19:11.0758 0964 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:19:11.0765 0964 TosCoSrv - ok
16:19:11.0807 0964 [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:19:11.0813 0964 TOSHIBA eco Utility Service - ok
16:19:11.0860 0964 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:19:11.0862 0964 TOSHIBA HDD SSD Alert Service - ok
16:19:11.0892 0964 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
16:19:11.0899 0964 tos_sps64 - ok
16:19:11.0943 0964 [ 098B8A408C17E125A3D9A8E1166780C8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:19:11.0954 0964 TPCHSrv - ok
16:19:12.0050 0964 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
16:19:12.0053 0964 TrkWks - ok
16:19:12.0113 0964 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:19:12.0117 0964 TrustedInstaller - ok
16:19:12.0153 0964 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
16:19:12.0155 0964 tssecsrv - ok
16:19:12.0181 0964 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
16:19:12.0182 0964 TsUsbFlt - ok
16:19:12.0206 0964 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
16:19:12.0208 0964 TsUsbGD - ok
16:19:12.0247 0964 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
16:19:12.0253 0964 tunnel - ok
16:19:12.0294 0964 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:19:12.0296 0964 TVALZ - ok
16:19:12.0322 0964 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
16:19:12.0323 0964 TVALZFL - ok
16:19:12.0343 0964 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
16:19:12.0345 0964 uagp35 - ok
16:19:12.0385 0964 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
16:19:12.0420 0964 udfs - ok
16:19:12.0458 0964 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
16:19:12.0461 0964 UI0Detect - ok
16:19:12.0468 0964 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
16:19:12.0470 0964 uliagpkx - ok
16:19:12.0502 0964 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
16:19:12.0505 0964 umbus - ok
16:19:12.0540 0964 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
16:19:12.0542 0964 UmPass - ok
16:19:12.0667 0964 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:19:12.0696 0964 UNS - ok
16:19:12.0727 0964 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
16:19:12.0733 0964 upnphost - ok
16:19:12.0780 0964 [ DD8064FF60ACB855552FF999CB6076CD ] USB28xxBGA C:\windows\system32\DRIVERS\emBDA64.sys
16:19:12.0791 0964 USB28xxBGA - ok
16:19:12.0846 0964 [ 19B65BEF83E549087633328C5EA338EE ] USB28xxOEM C:\windows\system32\DRIVERS\emOEM64.sys
16:19:12.0860 0964 USB28xxOEM - ok
16:19:12.0912 0964 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
16:19:12.0917 0964 usbaudio - ok
16:19:12.0956 0964 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
16:19:12.0959 0964 usbccgp - ok
16:19:12.0985 0964 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
16:19:12.0987 0964 usbcir - ok
16:19:13.0006 0964 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
16:19:13.0008 0964 usbehci - ok
16:19:13.0030 0964 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
16:19:13.0044 0964 usbhub - ok
16:19:13.0065 0964 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
16:19:13.0067 0964 usbohci - ok
16:19:13.0091 0964 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
16:19:13.0092 0964 usbprint - ok
16:19:13.0111 0964 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
16:19:13.0130 0964 USBSTOR - ok
16:19:13.0135 0964 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
16:19:13.0137 0964 usbuhci - ok
16:19:13.0175 0964 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
16:19:13.0179 0964 usbvideo - ok
16:19:13.0212 0964 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
16:19:13.0215 0964 UxSms - ok
16:19:13.0238 0964 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
16:19:13.0239 0964 VaultSvc - ok
16:19:13.0260 0964 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
16:19:13.0262 0964 vdrvroot - ok
16:19:13.0321 0964 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
16:19:13.0329 0964 vds - ok
16:19:13.0364 0964 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
16:19:13.0365 0964 vga - ok
16:19:13.0390 0964 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
16:19:13.0391 0964 VgaSave - ok
16:19:13.0398 0964 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
16:19:13.0413 0964 vhdmp - ok
16:19:13.0419 0964 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
16:19:13.0421 0964 viaide - ok
16:19:13.0440 0964 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
16:19:13.0453 0964 volmgr - ok
16:19:13.0484 0964 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
16:19:13.0489 0964 volmgrx - ok
16:19:13.0520 0964 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
16:19:13.0524 0964 volsnap - ok
16:19:13.0567 0964 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
16:19:13.0570 0964 vsmraid - ok
16:19:13.0633 0964 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
16:19:13.0655 0964 VSS - ok
16:19:13.0678 0964 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
16:19:13.0680 0964 vwifibus - ok
16:19:13.0708 0964 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
16:19:13.0709 0964 vwififlt - ok
16:19:13.0741 0964 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
16:19:13.0743 0964 vwifimp - ok
16:19:13.0768 0964 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
16:19:13.0774 0964 W32Time - ok
16:19:13.0796 0964 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
16:19:13.0798 0964 WacomPen - ok
16:19:13.0846 0964 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
16:19:13.0850 0964 WANARP - ok
16:19:13.0864 0964 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
16:19:13.0865 0964 Wanarpv6 - ok
16:19:13.0925 0964 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
16:19:13.0940 0964 WatAdminSvc - ok
16:19:14.0041 0964 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
16:19:14.0061 0964 wbengine - ok
16:19:14.0161 0964 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
16:19:14.0166 0964 WbioSrvc - ok
16:19:14.0193 0964 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
16:19:14.0199 0964 wcncsvc - ok
16:19:14.0216 0964 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:19:14.0219 0964 WcsPlugInService - ok
16:19:14.0258 0964 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
16:19:14.0261 0964 Wd - ok
16:19:14.0302 0964 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
16:19:14.0310 0964 Wdf01000 - ok
16:19:14.0334 0964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
16:19:14.0356 0964 WdiServiceHost - ok
16:19:14.0363 0964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
16:19:14.0365 0964 WdiSystemHost - ok
16:19:14.0433 0964 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
16:19:14.0438 0964 WebClient - ok
16:19:14.0473 0964 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
16:19:14.0477 0964 Wecsvc - ok
16:19:14.0494 0964 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
16:19:14.0498 0964 wercplsupport - ok
16:19:14.0540 0964 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
16:19:14.0543 0964 WerSvc - ok
16:19:14.0577 0964 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
16:19:14.0579 0964 WfpLwf - ok
16:19:14.0613 0964 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
16:19:14.0615 0964 WIMMount - ok
16:19:14.0624 0964 WinHttpAutoProxySvc - ok
16:19:14.0697 0964 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
16:19:14.0700 0964 Winmgmt - ok
16:19:14.0773 0964 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
16:19:14.0798 0964 WinRM - ok
16:19:14.0860 0964 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
16:19:14.0873 0964 Wlansvc - ok
16:19:14.0977 0964 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:19:15.0011 0964 wlcrasvc - ok
16:19:15.0118 0964 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:19:15.0143 0964 wlidsvc - ok
16:19:15.0173 0964 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
16:19:15.0174 0964 WmiAcpi - ok
16:19:15.0217 0964 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
16:19:15.0221 0964 wmiApSrv - ok
16:19:15.0257 0964 WMPNetworkSvc - ok
16:19:15.0294 0964 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
16:19:15.0296 0964 WPCSvc - ok
16:19:15.0318 0964 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
16:19:15.0322 0964 WPDBusEnum - ok
16:19:15.0355 0964 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
16:19:15.0356 0964 ws2ifsl - ok
16:19:15.0393 0964 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
16:19:15.0395 0964 WSDPrintDevice - ok
16:19:15.0399 0964 WSearch - ok
16:19:15.0424 0964 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
16:19:15.0427 0964 WudfPf - ok
16:19:15.0474 0964 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
16:19:15.0477 0964 WUDFRd - ok
16:19:15.0503 0964 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
16:19:15.0505 0964 wudfsvc - ok
16:19:15.0527 0964 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
16:19:15.0566 0964 WwanSvc - ok
16:19:15.0699 0964 X6va005 - ok
16:19:15.0726 0964 X6va007 - ok
16:19:15.0807 0964 X6va008 - ok
16:19:15.0828 0964 ================ Scan global ===============================
16:19:15.0858 0964 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
16:19:15.0884 0964 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
16:19:15.0892 0964 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
16:19:15.0915 0964 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
16:19:15.0940 0964 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
16:19:15.0951 0964 [Global] - ok
16:19:15.0951 0964 ================ Scan MBR ==================================
16:19:15.0965 0964 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
16:19:15.0965 0964 Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:19:16.0044 0964 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:19:16.0044 0964 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:19:16.0045 0964 ================ Scan VBR ==================================
16:19:16.0059 0964 [ EEBFFFE9D8094D6615FD4D9C9E467CDE ] \Device\Harddisk0\DR0\Partition1
16:19:16.0060 0964 \Device\Harddisk0\DR0\Partition1 - ok
16:19:16.0061 0964 ============================================================
16:19:16.0061 0964 Scan finished
16:19:16.0061 0964 ============================================================
16:19:16.0087 8708 Detected object count: 1
16:19:16.0087 8708 Actual detected object count: 1
16:19:40.0891 8708 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
16:19:40.0891 8708 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
20-Apr-2013, 05:05 PM #7
Hi,

Go ahead and run TDSSKiller again and this time when you see \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) select Cure and then post the new log that is made.
mrepic13's Avatar
mrepic13 mrepic13 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Apr 2013
Experience: Beginner
20-Apr-2013, 06:03 PM #8
ok so i did that and it told me to reboot my computer. I did so. i did not see any change so there must be something else. Here is the new log.

17:51:11.0299 9160 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:51:11.0940 9160 ============================================================
17:51:11.0940 9160 Current date / time: 2013/04/20 17:51:11.0940
17:51:11.0940 9160 SystemInfo:
17:51:11.0940 9160
17:51:11.0940 9160 OS Version: 6.1.7601 ServicePack: 1.0
17:51:11.0940 9160 Product type: Workstation
17:51:11.0940 9160 ComputerName: AUSTINS-LAPTOP
17:51:11.0941 9160 UserName: User
17:51:11.0941 9160 Windows directory: C:\windows
17:51:11.0941 9160 System windows directory: C:\windows
17:51:11.0941 9160 Running under WOW64
17:51:11.0941 9160 Processor architecture: Intel x64
17:51:11.0941 9160 Number of processors: 2
17:51:11.0941 9160 Page size: 0x1000
17:51:11.0941 9160 Boot type: Normal boot
17:51:11.0941 9160 ============================================================
17:51:12.0799 9160 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:51:12.0811 9160 ============================================================
17:51:12.0811 9160 \Device\Harddisk0\DR0:
17:51:12.0811 9160 MBR partitions:
17:51:12.0811 9160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2346E000
17:51:12.0811 9160 ============================================================
17:51:12.0850 9160 C: <-> \Device\Harddisk0\DR0\Partition1
17:51:12.0878 9160 ============================================================
17:51:12.0878 9160 Initialize success
17:51:12.0878 9160 ============================================================
17:51:14.0103 2948 ============================================================
17:51:14.0103 2948 Scan started
17:51:14.0103 2948 Mode: Manual;
17:51:14.0103 2948 ============================================================
17:51:15.0343 2948 ================ Scan system memory ========================
17:51:15.0343 2948 System memory - ok
17:51:15.0343 2948 ================ Scan services =============================
17:51:15.0625 2948 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:51:15.0629 2948 1394ohci - ok
17:51:15.0676 2948 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:51:15.0681 2948 ACPI - ok
17:51:15.0712 2948 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:51:15.0714 2948 AcpiPmi - ok
17:51:15.0906 2948 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:51:15.0909 2948 AdobeARMservice - ok
17:51:16.0181 2948 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:51:16.0183 2948 AdobeFlashPlayerUpdateSvc - ok
17:51:16.0239 2948 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
17:51:16.0246 2948 adp94xx - ok
17:51:16.0300 2948 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
17:51:16.0305 2948 adpahci - ok
17:51:16.0356 2948 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
17:51:16.0359 2948 adpu320 - ok
17:51:16.0386 2948 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:51:16.0388 2948 AeLookupSvc - ok
17:51:16.0432 2948 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
17:51:16.0438 2948 AFD - ok
17:51:16.0468 2948 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
17:51:16.0469 2948 agp440 - ok
17:51:16.0514 2948 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
17:51:16.0516 2948 ALG - ok
17:51:16.0535 2948 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
17:51:16.0536 2948 aliide - ok
17:51:16.0551 2948 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
17:51:16.0552 2948 amdide - ok
17:51:16.0581 2948 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
17:51:16.0583 2948 AmdK8 - ok
17:51:16.0587 2948 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
17:51:16.0588 2948 AmdPPM - ok
17:51:16.0602 2948 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:51:16.0604 2948 amdsata - ok
17:51:16.0626 2948 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
17:51:16.0637 2948 amdsbs - ok
17:51:16.0670 2948 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:51:16.0671 2948 amdxata - ok
17:51:16.0784 2948 [ 1B7D1F0A0DFADBC797C16364792A7AA5 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
17:51:16.0788 2948 Amsp - ok
17:51:16.0816 2948 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
17:51:16.0818 2948 AppID - ok
17:51:16.0838 2948 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:51:16.0840 2948 AppIDSvc - ok
17:51:16.0871 2948 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
17:51:16.0872 2948 Appinfo - ok
17:51:16.0911 2948 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
17:51:16.0922 2948 arc - ok
17:51:16.0948 2948 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
17:51:16.0950 2948 arcsas - ok
17:51:16.0978 2948 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:51:16.0979 2948 AsyncMac - ok
17:51:17.0001 2948 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
17:51:17.0002 2948 atapi - ok
17:51:17.0054 2948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:51:17.0062 2948 AudioEndpointBuilder - ok
17:51:17.0073 2948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
17:51:17.0077 2948 AudioSrv - ok
17:51:17.0122 2948 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
17:51:17.0124 2948 AxInstSV - ok
17:51:17.0169 2948 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
17:51:17.0174 2948 b06bdrv - ok
17:51:17.0206 2948 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:51:17.0210 2948 b57nd60a - ok
17:51:17.0244 2948 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
17:51:17.0246 2948 BDESVC - ok
17:51:17.0272 2948 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
17:51:17.0273 2948 Beep - ok
17:51:17.0580 2948 [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130412.001\BHDrvx64.sys
17:51:17.0597 2948 BHDrvx64 - ok
17:51:17.0636 2948 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:51:17.0638 2948 blbdrive - ok
17:51:17.0666 2948 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:51:17.0668 2948 bowser - ok
17:51:17.0695 2948 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
17:51:17.0697 2948 BrFiltLo - ok
17:51:17.0713 2948 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
17:51:17.0714 2948 BrFiltUp - ok
17:51:17.0736 2948 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
17:51:17.0739 2948 Browser - ok
17:51:17.0774 2948 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:51:17.0778 2948 Brserid - ok
17:51:17.0783 2948 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:51:17.0784 2948 BrSerWdm - ok
17:51:17.0802 2948 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:51:17.0803 2948 BrUsbMdm - ok
17:51:17.0806 2948 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:51:17.0807 2948 BrUsbSer - ok
17:51:17.0825 2948 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
17:51:17.0826 2948 BTHMODEM - ok
17:51:17.0860 2948 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
17:51:17.0862 2948 bthserv - ok
17:51:17.0962 2948 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys
17:51:17.0965 2948 ccSet_N360 - ok
17:51:18.0049 2948 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:51:18.0053 2948 cdfs - ok
17:51:18.0118 2948 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:51:18.0120 2948 cdrom - ok
17:51:18.0155 2948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
17:51:18.0157 2948 CertPropSvc - ok
17:51:18.0208 2948 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
17:51:18.0210 2948 circlass - ok
17:51:18.0253 2948 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
17:51:18.0258 2948 CLFS - ok
17:51:18.0326 2948 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:51:18.0328 2948 clr_optimization_v2.0.50727_32 - ok
17:51:18.0367 2948 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:51:18.0369 2948 clr_optimization_v2.0.50727_64 - ok
17:51:18.0451 2948 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:51:18.0455 2948 clr_optimization_v4.0.30319_32 - ok
17:51:18.0482 2948 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:51:18.0485 2948 clr_optimization_v4.0.30319_64 - ok
17:51:18.0525 2948 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:51:18.0526 2948 CmBatt - ok
17:51:18.0544 2948 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
17:51:18.0545 2948 cmdide - ok
17:51:18.0617 2948 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
17:51:18.0623 2948 CNG - ok
17:51:18.0651 2948 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
17:51:18.0653 2948 Compbatt - ok
17:51:18.0674 2948 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
17:51:18.0675 2948 CompositeBus - ok
17:51:18.0689 2948 COMSysApp - ok
17:51:18.0703 2948 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
17:51:18.0705 2948 crcdisk - ok
17:51:18.0759 2948 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
17:51:18.0762 2948 CryptSvc - ok
17:51:18.0787 2948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
17:51:18.0795 2948 DcomLaunch - ok
17:51:18.0821 2948 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
17:51:18.0825 2948 defragsvc - ok
17:51:18.0857 2948 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:51:18.0859 2948 DfsC - ok
17:51:18.0898 2948 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
17:51:18.0903 2948 Dhcp - ok
17:51:18.0939 2948 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
17:51:18.0940 2948 discache - ok
17:51:18.0978 2948 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
17:51:18.0980 2948 Disk - ok
17:51:18.0995 2948 DLPortIO - ok
17:51:19.0030 2948 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:51:19.0033 2948 Dnscache - ok
17:51:19.0047 2948 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
17:51:19.0051 2948 dot3svc - ok
17:51:19.0056 2948 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
17:51:19.0059 2948 DPS - ok
17:51:19.0091 2948 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:51:19.0092 2948 drmkaud - ok
17:51:19.0129 2948 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:51:19.0140 2948 DXGKrnl - ok
17:51:19.0171 2948 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
17:51:19.0173 2948 EapHost - ok
17:51:19.0270 2948 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
17:51:19.0306 2948 ebdrv - ok
17:51:19.0461 2948 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:51:19.0473 2948 eeCtrl - ok
17:51:19.0506 2948 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
17:51:19.0508 2948 EFS - ok
17:51:19.0572 2948 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:51:19.0581 2948 ehRecvr - ok
17:51:19.0595 2948 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
17:51:19.0597 2948 ehSched - ok
17:51:19.0654 2948 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
17:51:19.0661 2948 elxstor - ok
17:51:19.0730 2948 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:51:19.0733 2948 EraserUtilRebootDrv - ok
17:51:19.0752 2948 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
17:51:19.0753 2948 ErrDev - ok
17:51:19.0799 2948 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
17:51:19.0804 2948 EventSystem - ok
17:51:19.0830 2948 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
17:51:19.0833 2948 exfat - ok
17:51:19.0849 2948 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
17:51:19.0852 2948 fastfat - ok
17:51:19.0903 2948 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
17:51:19.0912 2948 Fax - ok
17:51:19.0935 2948 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
17:51:19.0939 2948 fdc - ok
17:51:20.0010 2948 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
17:51:20.0011 2948 fdPHost - ok
17:51:20.0021 2948 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
17:51:20.0022 2948 FDResPub - ok
17:51:20.0056 2948 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:51:20.0057 2948 FileInfo - ok
17:51:20.0072 2948 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:51:20.0074 2948 Filetrace - ok
17:51:20.0093 2948 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
17:51:20.0094 2948 flpydisk - ok
17:51:20.0114 2948 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:51:20.0118 2948 FltMgr - ok
17:51:20.0165 2948 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
17:51:20.0178 2948 FontCache - ok
17:51:20.0224 2948 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:51:20.0225 2948 FontCache3.0.0.0 - ok
17:51:20.0241 2948 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:51:20.0243 2948 FsDepends - ok
17:51:20.0271 2948 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:51:20.0272 2948 Fs_Rec - ok
17:51:20.0300 2948 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:51:20.0304 2948 fvevol - ok
17:51:20.0338 2948 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
17:51:20.0340 2948 gagp30kx - ok
17:51:20.0395 2948 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:51:20.0398 2948 GamesAppService - ok
17:51:20.0421 2948 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:51:20.0423 2948 GEARAspiWDM - ok
17:51:20.0520 2948 [ ABF716B0F257D71D499F2DFEA8E6FD7A ] gfiark C:\windows\system32\drivers\gfiark.sys
17:51:20.0521 2948 gfiark - ok
17:51:20.0584 2948 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\windows\system32\drivers\gfibto.sys
17:51:20.0585 2948 gfibto - ok
17:51:20.0626 2948 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
17:51:20.0629 2948 GFNEXSrv - ok
17:51:20.0679 2948 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
17:51:20.0688 2948 gpsvc - ok
17:51:20.0720 2948 gupdate - ok
17:51:20.0737 2948 gupdatem - ok
17:51:20.0762 2948 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:51:20.0763 2948 hcw85cir - ok
17:51:20.0820 2948 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:51:20.0825 2948 HdAudAddService - ok
17:51:20.0864 2948 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
17:51:20.0866 2948 HDAudBus - ok
17:51:20.0870 2948 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
17:51:20.0871 2948 HidBatt - ok
17:51:20.0881 2948 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
17:51:20.0883 2948 HidBth - ok
17:51:20.0887 2948 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
17:51:20.0889 2948 HidIr - ok
17:51:20.0909 2948 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
17:51:20.0911 2948 hidserv - ok
17:51:20.0931 2948 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:51:20.0932 2948 HidUsb - ok
17:51:20.0957 2948 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
17:51:20.0959 2948 hkmsvc - ok
17:51:20.0967 2948 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:51:20.0970 2948 HomeGroupListener - ok
17:51:21.0000 2948 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:51:21.0003 2948 HomeGroupProvider - ok
17:51:21.0030 2948 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:51:21.0032 2948 HpSAMD - ok
17:51:21.0070 2948 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:51:21.0079 2948 HTTP - ok
17:51:21.0098 2948 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:51:21.0099 2948 hwpolicy - ok
17:51:21.0149 2948 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
17:51:21.0151 2948 i8042prt - ok
17:51:21.0201 2948 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:51:21.0204 2948 iaStor - ok
17:51:21.0234 2948 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:51:21.0239 2948 iaStorV - ok
17:51:21.0304 2948 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:51:21.0315 2948 idsvc - ok
17:51:21.0430 2948 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130419.001\IDSvia64.sys
17:51:21.0436 2948 IDSVia64 - ok
17:51:21.0711 2948 [ 370C2A8629B30F910F740387795DDC6F ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
17:51:21.0964 2948 igfx - ok
17:51:22.0022 2948 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
17:51:22.0023 2948 iirsp - ok
17:51:22.0082 2948 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
17:51:22.0092 2948 IKEEXT - ok
17:51:22.0175 2948 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
17:51:22.0207 2948 IntcAzAudAddService - ok
17:51:22.0252 2948 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
17:51:22.0256 2948 IntcDAud - ok
17:51:22.0277 2948 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
17:51:22.0279 2948 intelide - ok
17:51:22.0318 2948 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:51:22.0319 2948 intelppm - ok
17:51:22.0355 2948 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:51:22.0357 2948 IPBusEnum - ok
17:51:22.0380 2948 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:51:22.0382 2948 IpFilterDriver - ok
17:51:22.0386 2948 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:51:22.0387 2948 IPMIDRV - ok
17:51:22.0415 2948 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:51:22.0417 2948 IPNAT - ok
17:51:22.0440 2948 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
17:51:22.0441 2948 IRENUM - ok
17:51:22.0445 2948 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:51:22.0446 2948 isapnp - ok
17:51:22.0510 2948 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:51:22.0521 2948 iScsiPrt - ok
17:51:22.0556 2948 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
17:51:22.0557 2948 kbdclass - ok
17:51:22.0596 2948 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
17:51:22.0597 2948 kbdhid - ok
17:51:22.0628 2948 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
17:51:22.0629 2948 KeyIso - ok
17:51:22.0673 2948 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:51:22.0675 2948 KSecDD - ok
17:51:22.0684 2948 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:51:22.0686 2948 KSecPkg - ok
17:51:22.0719 2948 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:51:22.0720 2948 ksthunk - ok
17:51:22.0759 2948 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
17:51:22.0765 2948 KtmRm - ok
17:51:22.0800 2948 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
17:51:22.0804 2948 LanmanServer - ok
17:51:22.0833 2948 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:51:22.0836 2948 LanmanWorkstation - ok
17:51:22.0868 2948 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:51:22.0870 2948 lltdio - ok
17:51:22.0903 2948 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:51:22.0907 2948 lltdsvc - ok
17:51:22.0923 2948 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
17:51:22.0924 2948 lmhosts - ok
17:51:22.0999 2948 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:51:23.0004 2948 LMS - ok
17:51:23.0040 2948 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
17:51:23.0042 2948 LSI_FC - ok
17:51:23.0060 2948 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
17:51:23.0062 2948 LSI_SAS - ok
17:51:23.0065 2948 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
17:51:23.0067 2948 LSI_SAS2 - ok
17:51:23.0093 2948 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
17:51:23.0095 2948 LSI_SCSI - ok
17:51:23.0129 2948 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
17:51:23.0131 2948 luafv - ok
17:51:23.0169 2948 [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam C:\windows\system32\DRIVERS\mcvidrv_x64.sys
17:51:23.0171 2948 ManyCam - ok
17:51:23.0309 2948 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
17:51:23.0311 2948 MBAMProtector - ok
17:51:23.0445 2948 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:51:23.0451 2948 MBAMScheduler - ok
17:51:23.0482 2948 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:51:23.0491 2948 MBAMService - ok
17:51:23.0554 2948 [ 5858C4ABE87D0A842A941D6BD08038F1 ] mcaudrv_simple C:\windows\system32\drivers\mcaudrv_x64.sys
17:51:23.0555 2948 mcaudrv_simple - ok
17:51:23.0590 2948 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:51:23.0593 2948 Mcx2Svc - ok
17:51:23.0629 2948 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
17:51:23.0631 2948 megasas - ok
17:51:23.0661 2948 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
17:51:23.0665 2948 MegaSR - ok
17:51:23.0711 2948 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
17:51:23.0713 2948 MEIx64 - ok
17:51:23.0784 2948 Microsoft SharePoint Workspace Audit Service - ok
17:51:23.0811 2948 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
17:51:23.0813 2948 MMCSS - ok
17:51:23.0827 2948 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
17:51:23.0829 2948 Modem - ok
17:51:23.0867 2948 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:51:23.0869 2948 monitor - ok
17:51:23.0896 2948 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:51:23.0897 2948 mouclass - ok
17:51:23.0917 2948 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:51:23.0918 2948 mouhid - ok
17:51:23.0936 2948 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:51:23.0939 2948 mountmgr - ok
17:51:24.0075 2948 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:51:24.0077 2948 MozillaMaintenance - ok
17:51:24.0127 2948 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
17:51:24.0130 2948 mpio - ok
17:51:24.0146 2948 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:51:24.0148 2948 mpsdrv - ok
17:51:24.0153 2948 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:51:24.0155 2948 MRxDAV - ok
17:51:24.0178 2948 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:51:24.0181 2948 mrxsmb - ok
17:51:24.0202 2948 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:51:24.0206 2948 mrxsmb10 - ok
17:51:24.0223 2948 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:51:24.0225 2948 mrxsmb20 - ok
17:51:24.0252 2948 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
17:51:24.0254 2948 msahci - ok
17:51:24.0278 2948 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:51:24.0280 2948 msdsm - ok
17:51:24.0305 2948 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
17:51:24.0308 2948 MSDTC - ok
17:51:24.0348 2948 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:51:24.0349 2948 Msfs - ok
17:51:24.0379 2948 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:51:24.0394 2948 mshidkmdf - ok
17:51:24.0413 2948 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:51:24.0414 2948 msisadrv - ok
17:51:24.0447 2948 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:51:24.0450 2948 MSiSCSI - ok
17:51:24.0455 2948 msiserver - ok
17:51:24.0497 2948 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:51:24.0498 2948 MSKSSRV - ok
17:51:24.0530 2948 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:51:24.0553 2948 MSPCLOCK - ok
17:51:24.0560 2948 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:51:24.0561 2948 MSPQM - ok
17:51:24.0605 2948 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:51:24.0619 2948 MsRPC - ok
17:51:24.0637 2948 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
17:51:24.0638 2948 mssmbios - ok
17:51:24.0664 2948 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:51:24.0665 2948 MSTEE - ok
17:51:24.0685 2948 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
17:51:24.0687 2948 MTConfig - ok
17:51:24.0711 2948 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
17:51:24.0713 2948 Mup - ok
17:51:24.0836 2948 [ 241BD3019FB31E812A51B31B06906335 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
17:51:24.0839 2948 N360 - ok
17:51:24.0867 2948 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
17:51:24.0873 2948 napagent - ok
17:51:24.0921 2948 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:51:24.0929 2948 NativeWifiP - ok
17:51:25.0122 2948 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130420.003\ENG64.SYS
17:51:25.0124 2948 NAVENG - ok
17:51:25.0258 2948 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130420.003\EX64.SYS
17:51:25.0304 2948 NAVEX15 - ok
17:51:25.0361 2948 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
17:51:25.0372 2948 NDIS - ok
17:51:25.0393 2948 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:51:25.0394 2948 NdisCap - ok
17:51:25.0436 2948 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:51:25.0437 2948 NdisTapi - ok
17:51:25.0456 2948 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:51:25.0457 2948 Ndisuio - ok
17:51:25.0478 2948 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:51:25.0481 2948 NdisWan - ok
17:51:25.0498 2948 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:51:25.0499 2948 NDProxy - ok
17:51:25.0551 2948 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:51:25.0552 2948 NetBIOS - ok
17:51:25.0582 2948 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:51:25.0586 2948 NetBT - ok
17:51:25.0596 2948 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
17:51:25.0597 2948 Netlogon - ok
17:51:25.0689 2948 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
17:51:25.0721 2948 Netman - ok
17:51:25.0741 2948 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
17:51:25.0747 2948 netprofm - ok
17:51:25.0815 2948 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:51:25.0817 2948 NetTcpPortSharing - ok
17:51:25.0863 2948 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
17:51:25.0865 2948 nfrd960 - ok
17:51:25.0970 2948 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
17:51:25.0988 2948 NlaSvc - ok
17:51:26.0126 2948 Norton PC Checkup Application Launcher - ok
17:51:26.0141 2948 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:51:26.0143 2948 Npfs - ok
17:51:26.0172 2948 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
17:51:26.0174 2948 nsi - ok
17:51:26.0197 2948 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:51:26.0198 2948 nsiproxy - ok
17:51:26.0241 2948 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:51:26.0260 2948 Ntfs - ok
17:51:26.0274 2948 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
17:51:26.0275 2948 Null - ok
17:51:26.0303 2948 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
17:51:26.0307 2948 nvraid - ok
17:51:26.0329 2948 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
17:51:26.0332 2948 nvstor - ok
17:51:26.0339 2948 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:51:26.0341 2948 nv_agp - ok
17:51:26.0360 2948 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:51:26.0362 2948 ohci1394 - ok
17:51:26.0434 2948 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:51:26.0436 2948 ose - ok
17:51:26.0628 2948 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:51:26.0756 2948 osppsvc - ok
17:51:26.0802 2948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:51:26.0814 2948 p2pimsvc - ok
17:51:26.0854 2948 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
17:51:26.0861 2948 p2psvc - ok
17:51:26.0888 2948 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
17:51:26.0890 2948 Parport - ok
17:51:26.0922 2948 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
17:51:26.0923 2948 partmgr - ok
17:51:26.0947 2948 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
17:51:26.0951 2948 PcaSvc - ok
17:51:27.0016 2948 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
17:51:27.0018 2948 PCCUJobMgr - ok
17:51:27.0043 2948 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
17:51:27.0046 2948 pci - ok
17:51:27.0058 2948 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
17:51:27.0059 2948 pciide - ok
17:51:27.0081 2948 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
17:51:27.0084 2948 pcmcia - ok
17:51:27.0100 2948 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
17:51:27.0102 2948 pcw - ok
17:51:27.0123 2948 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:51:27.0131 2948 PEAUTH - ok
17:51:27.0235 2948 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
17:51:27.0237 2948 PerfHost - ok
17:51:27.0284 2948 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
17:51:27.0285 2948 PGEffect - ok
17:51:27.0331 2948 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
17:51:27.0348 2948 pla - ok
17:51:27.0392 2948 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:51:27.0398 2948 PlugPlay - ok
17:51:27.0407 2948 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:51:27.0409 2948 PNRPAutoReg - ok
17:51:27.0425 2948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:51:27.0427 2948 PNRPsvc - ok
17:51:27.0457 2948 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:51:27.0463 2948 PolicyAgent - ok
17:51:27.0493 2948 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
17:51:27.0496 2948 Power - ok
17:51:27.0532 2948 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:51:27.0546 2948 PptpMiniport - ok
17:51:27.0587 2948 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
17:51:27.0589 2948 Processor - ok
17:51:27.0632 2948 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
17:51:27.0636 2948 ProfSvc - ok
17:51:27.0651 2948 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
17:51:27.0652 2948 ProtectedStorage - ok
17:51:27.0684 2948 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:51:27.0687 2948 Psched - ok
17:51:27.0745 2948 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
17:51:27.0763 2948 ql2300 - ok
17:51:27.0768 2948 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
17:51:27.0770 2948 ql40xx - ok
17:51:27.0806 2948 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
17:51:27.0811 2948 QWAVE - ok
17:51:27.0834 2948 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:51:27.0836 2948 QWAVEdrv - ok
17:51:27.0853 2948 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:51:27.0854 2948 RasAcd - ok
17:51:27.0882 2948 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:51:27.0883 2948 RasAgileVpn - ok
17:51:27.0901 2948 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
17:51:27.0904 2948 RasAuto - ok
17:51:27.0932 2948 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:51:27.0934 2948 Rasl2tp - ok
17:51:27.0998 2948 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
17:51:28.0003 2948 RasMan - ok
17:51:28.0031 2948 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:51:28.0033 2948 RasPppoe - ok
17:51:28.0046 2948 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:51:28.0048 2948 RasSstp - ok
17:51:28.0065 2948 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:51:28.0069 2948 rdbss - ok
17:51:28.0095 2948 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
17:51:28.0096 2948 rdpbus - ok
17:51:28.0119 2948 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:51:28.0120 2948 RDPCDD - ok
17:51:28.0145 2948 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:51:28.0146 2948 RDPENCDD - ok
17:51:28.0155 2948 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:51:28.0156 2948 RDPREFMP - ok
17:51:28.0189 2948 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:51:28.0193 2948 RDPWD - ok
17:51:28.0236 2948 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:51:28.0240 2948 rdyboost - ok
17:51:28.0316 2948 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
17:51:28.0319 2948 RemoteAccess - ok
17:51:28.0351 2948 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:51:28.0355 2948 RemoteRegistry - ok
17:51:28.0449 2948 [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:51:28.0452 2948 RichVideo - ok
17:51:28.0465 2948 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:51:28.0468 2948 RpcEptMapper - ok
17:51:28.0498 2948 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
17:51:28.0500 2948 RpcLocator - ok
17:51:28.0533 2948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
17:51:28.0537 2948 RpcSs - ok
17:51:28.0601 2948 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:51:28.0603 2948 rspndr - ok
17:51:28.0633 2948 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
17:51:28.0637 2948 RSUSBSTOR - ok
17:51:28.0654 2948 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
17:51:28.0659 2948 RTL8167 - ok
17:51:28.0711 2948 [ E7D79600575F755614DD5D79B044D588 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
17:51:28.0724 2948 RTL8192Ce - ok
17:51:28.0740 2948 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
17:51:28.0741 2948 SamSs - ok
17:51:28.0765 2948 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:51:28.0767 2948 sbp2port - ok
17:51:28.0799 2948 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
17:51:28.0803 2948 SCardSvr - ok
17:51:28.0825 2948 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:51:28.0827 2948 scfilter - ok
17:51:28.0859 2948 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
17:51:28.0873 2948 Schedule - ok
17:51:28.0901 2948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
17:51:28.0901 2948 SCPolicySvc - ok
17:51:28.0930 2948 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:51:28.0933 2948 SDRSVC - ok
17:51:28.0964 2948 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:51:28.0966 2948 secdrv - ok
17:51:28.0974 2948 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
17:51:28.0976 2948 seclogon - ok
17:51:29.0010 2948 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
17:51:29.0013 2948 SENS - ok
17:51:29.0021 2948 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:51:29.0023 2948 SensrSvc - ok
17:51:29.0037 2948 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
17:51:29.0038 2948 Serenum - ok
17:51:29.0075 2948 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
17:51:29.0086 2948 Serial - ok
17:51:29.0110 2948 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
17:51:29.0111 2948 sermouse - ok
17:51:29.0138 2948 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
17:51:29.0141 2948 SessionEnv - ok
17:51:29.0145 2948 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:51:29.0146 2948 sffdisk - ok
17:51:29.0149 2948 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:51:29.0150 2948 sffp_mmc - ok
17:51:29.0154 2948 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:51:29.0155 2948 sffp_sd - ok
17:51:29.0167 2948 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
17:51:29.0168 2948 sfloppy - ok
17:51:29.0194 2948 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:51:29.0199 2948 ShellHWDetection - ok
17:51:29.0244 2948 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
17:51:29.0246 2948 SiSRaid2 - ok
17:51:29.0250 2948 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
17:51:29.0252 2948 SiSRaid4 - ok
17:51:29.0335 2948 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:51:29.0338 2948 SkypeUpdate - ok
17:51:29.0371 2948 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:51:29.0372 2948 Smb - ok
17:51:29.0421 2948 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:51:29.0423 2948 SNMPTRAP - ok
17:51:29.0431 2948 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
17:51:29.0433 2948 spldr - ok
17:51:29.0457 2948 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
17:51:29.0465 2948 Spooler - ok
17:51:29.0540 2948 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
17:51:29.0621 2948 sppsvc - ok
17:51:29.0642 2948 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:51:29.0645 2948 sppuinotify - ok
17:51:29.0751 2948 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\windows\System32\Drivers\N360x64\1403000.024\SRTSP64.SYS
17:51:29.0761 2948 SRTSP - ok
17:51:29.0770 2948 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\windows\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
17:51:29.0772 2948 SRTSPX - ok
17:51:29.0802 2948 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
17:51:29.0808 2948 srv - ok
17:51:29.0828 2948 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:51:29.0833 2948 srv2 - ok
17:51:29.0851 2948 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:51:29.0854 2948 srvnet - ok
17:51:29.0893 2948 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:51:29.0896 2948 SSDPSRV - ok
17:51:29.0913 2948 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
17:51:29.0916 2948 SstpSvc - ok
17:51:29.0990 2948 Steam Client Service - ok
17:51:30.0008 2948 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
17:51:30.0009 2948 stexstor - ok
17:51:30.0069 2948 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
17:51:30.0077 2948 stisvc - ok
17:51:30.0097 2948 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
17:51:30.0098 2948 swenum - ok
17:51:30.0127 2948 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
17:51:30.0134 2948 swprv - ok
17:51:30.0197 2948 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\windows\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
17:51:30.0203 2948 SymDS - ok
17:51:30.0256 2948 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\windows\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
17:51:30.0269 2948 SymEFA - ok
17:51:30.0308 2948 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
17:51:30.0310 2948 SymEvent - ok
17:51:30.0372 2948 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS
17:51:30.0375 2948 SymIRON - ok
17:51:30.0414 2948 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\windows\System32\Drivers\N360x64\1403000.024\SYMNETS.SYS
17:51:30.0420 2948 SymNetS - ok
17:51:30.0483 2948 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:51:30.0499 2948 SynTP - ok
17:51:30.0553 2948 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
17:51:30.0573 2948 SysMain - ok
17:51:30.0585 2948 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
17:51:30.0588 2948 TabletInputService - ok
17:51:30.0614 2948 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
17:51:30.0625 2948 TapiSrv - ok
17:51:30.0651 2948 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
17:51:30.0654 2948 TBS - ok
17:51:30.0723 2948 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:51:30.0745 2948 Tcpip - ok
17:51:30.0801 2948 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:51:30.0813 2948 TCPIP6 - ok
17:51:30.0843 2948 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:51:30.0844 2948 tcpipreg - ok
17:51:30.0860 2948 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
17:51:30.0861 2948 tdcmdpst - ok
17:51:30.0877 2948 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:51:30.0878 2948 TDPIPE - ok
17:51:30.0906 2948 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:51:30.0907 2948 TDTCP - ok
17:51:30.0935 2948 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:51:30.0937 2948 tdx - ok
17:51:30.0949 2948 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
17:51:30.0951 2948 TermDD - ok
17:51:30.0986 2948 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
17:51:30.0994 2948 TermService - ok
17:51:31.0008 2948 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
17:51:31.0010 2948 Themes - ok
17:51:31.0034 2948 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
17:51:31.0035 2948 THREADORDER - ok
17:51:31.0093 2948 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
17:51:31.0094 2948 TMachInfo - ok
17:51:31.0134 2948 [ E386DD8EC68C67CA3E2A3ABDC1DF5C56 ] tmactmon C:\windows\system32\DRIVERS\tmactmon.sys
17:51:31.0136 2948 tmactmon - ok
17:51:31.0165 2948 [ AB011C569487FD65C8944DDF8CBB2572 ] tmcomm C:\windows\system32\DRIVERS\tmcomm.sys
17:51:31.0168 2948 tmcomm - ok
17:51:31.0178 2948 [ 8870A3D7305455B47ADCCD226F8E51BC ] tmevtmgr C:\windows\system32\DRIVERS\tmevtmgr.sys
17:51:31.0180 2948 tmevtmgr - ok
17:51:31.0212 2948 [ 065CB7D9278D778FB9EF62CEAD01433F ] tmtdi C:\windows\system32\DRIVERS\tmtdi.sys
17:51:31.0214 2948 tmtdi - ok
17:51:31.0237 2948 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
17:51:31.0241 2948 TODDSrv - ok
17:51:31.0326 2948 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:51:31.0333 2948 TosCoSrv - ok
17:51:31.0375 2948 [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
17:51:31.0379 2948 TOSHIBA eco Utility Service - ok
17:51:31.0417 2948 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
17:51:31.0419 2948 TOSHIBA HDD SSD Alert Service - ok
17:51:31.0449 2948 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
17:51:31.0456 2948 tos_sps64 - ok
17:51:31.0500 2948 [ 098B8A408C17E125A3D9A8E1166780C8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
17:51:31.0509 2948 TPCHSrv - ok
17:51:31.0530 2948 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
17:51:31.0533 2948 TrkWks - ok
17:51:31.0581 2948 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:51:31.0584 2948 TrustedInstaller - ok
17:51:31.0611 2948 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:51:31.0612 2948 tssecsrv - ok
17:51:31.0627 2948 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:51:31.0645 2948 TsUsbFlt - ok
17:51:31.0675 2948 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
17:51:31.0676 2948 TsUsbGD - ok
17:51:31.0708 2948 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:51:31.0711 2948 tunnel - ok
17:51:31.0752 2948 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
17:51:31.0753 2948 TVALZ - ok
17:51:31.0790 2948 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
17:51:31.0795 2948 TVALZFL - ok
17:51:31.0812 2948 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
17:51:31.0813 2948 uagp35 - ok
17:51:31.0889 2948 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:51:31.0894 2948 udfs - ok
17:51:31.0971 2948 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:51:31.0974 2948 UI0Detect - ok
17:51:32.0011 2948 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:51:32.0013 2948 uliagpkx - ok
17:51:32.0059 2948 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
17:51:32.0060 2948 umbus - ok
17:51:32.0079 2948 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
17:51:32.0080 2948 UmPass - ok
17:51:32.0201 2948 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:51:32.0230 2948 UNS - ok
17:51:32.0262 2948 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
17:51:32.0268 2948 upnphost - ok
17:51:32.0326 2948 [ DD8064FF60ACB855552FF999CB6076CD ] USB28xxBGA C:\windows\system32\DRIVERS\emBDA64.sys
17:51:32.0334 2948 USB28xxBGA - ok
17:51:32.0391 2948 [ 19B65BEF83E549087633328C5EA338EE ] USB28xxOEM C:\windows\system32\DRIVERS\emOEM64.sys
17:51:32.0405 2948 USB28xxOEM - ok
17:51:32.0469 2948 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
17:51:32.0471 2948 usbaudio - ok
17:51:32.0503 2948 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:51:32.0506 2948 usbccgp - ok
17:51:32.0529 2948 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:51:32.0531 2948 usbcir - ok
17:51:32.0553 2948 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
17:51:32.0554 2948 usbehci - ok
17:51:32.0587 2948 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:51:32.0592 2948 usbhub - ok
17:51:32.0611 2948 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:51:32.0612 2948 usbohci - ok
17:51:32.0626 2948 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
17:51:32.0627 2948 usbprint - ok
17:51:32.0657 2948 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:51:32.0668 2948 USBSTOR - ok
17:51:32.0702 2948 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:51:32.0703 2948 usbuhci - ok
17:51:32.0743 2948 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
17:51:32.0746 2948 usbvideo - ok
17:51:32.0769 2948 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
17:51:32.0772 2948 UxSms - ok
17:51:32.0784 2948 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
17:51:32.0786 2948 VaultSvc - ok
17:51:32.0806 2948 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:51:32.0808 2948 vdrvroot - ok
17:51:32.0823 2948 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
17:51:32.0830 2948 vds - ok
17:51:32.0866 2948 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:51:32.0867 2948 vga - ok
17:51:32.0881 2948 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
17:51:32.0882 2948 VgaSave - ok
17:51:32.0888 2948 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:51:32.0891 2948 vhdmp - ok
17:51:32.0915 2948 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
17:51:32.0917 2948 viaide - ok
17:51:32.0942 2948 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:51:32.0943 2948 volmgr - ok
17:51:32.0974 2948 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:51:32.0979 2948 volmgrx - ok
17:51:32.0997 2948 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
17:51:33.0001 2948 volsnap - ok
17:51:33.0045 2948 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
17:51:33.0047 2948 vsmraid - ok
17:51:33.0103 2948 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
17:51:33.0122 2948 VSS - ok
17:51:33.0136 2948 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:51:33.0137 2948 vwifibus - ok
17:51:33.0165 2948 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:51:33.0167 2948 vwififlt - ok
17:51:33.0199 2948 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
17:51:33.0207 2948 vwifimp - ok
17:51:33.0225 2948 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
17:51:33.0231 2948 W32Time - ok
17:51:33.0242 2948 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
17:51:33.0244 2948 WacomPen - ok
17:51:33.0292 2948 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:51:33.0294 2948 WANARP - ok
17:51:33.0297 2948 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:51:33.0298 2948 Wanarpv6 - ok
17:51:33.0347 2948 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
17:51:33.0362 2948 WatAdminSvc - ok
17:51:33.0421 2948 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
17:51:33.0439 2948 wbengine - ok
17:51:33.0485 2948 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:51:33.0489 2948 WbioSrvc - ok
17:51:33.0506 2948 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
17:51:33.0512 2948 wcncsvc - ok
17:51:33.0529 2948 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:51:33.0531 2948 WcsPlugInService - ok
17:51:33.0560 2948 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
17:51:33.0561 2948 Wd - ok
17:51:33.0592 2948 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:51:33.0600 2948 Wdf01000 - ok
17:51:33.0610 2948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
17:51:33.0613 2948 WdiServiceHost - ok
17:51:33.0618 2948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
17:51:33.0620 2948 WdiSystemHost - ok
17:51:33.0656 2948 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
17:51:33.0660 2948 WebClient - ok
17:51:33.0709 2948 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
17:51:33.0720 2948 Wecsvc - ok
17:51:33.0752 2948 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:51:33.0754 2948 wercplsupport - ok
17:51:33.0775 2948 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
17:51:33.0778 2948 WerSvc - ok
17:51:33.0801 2948 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:51:33.0803 2948 WfpLwf - ok
17:51:33.0837 2948 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:51:33.0838 2948 WIMMount - ok
17:51:33.0843 2948 WinHttpAutoProxySvc - ok
17:51:33.0904 2948 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:51:33.0907 2948 Winmgmt - ok
17:51:33.0994 2948 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
17:51:34.0019 2948 WinRM - ok
17:51:34.0187 2948 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
17:51:34.0199 2948 Wlansvc - ok
17:51:34.0261 2948 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:51:34.0263 2948 wlcrasvc - ok
17:51:34.0409 2948 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:51:34.0434 2948 wlidsvc - ok
17:51:34.0463 2948 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
17:51:34.0465 2948 WmiAcpi - ok
17:51:34.0496 2948 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:51:34.0499 2948 wmiApSrv - ok
17:51:34.0525 2948 WMPNetworkSvc - ok
17:51:34.0565 2948 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
17:51:34.0567 2948 WPCSvc - ok
17:51:34.0586 2948 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:51:34.0589 2948 WPDBusEnum - ok
17:51:34.0612 2948 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:51:34.0614 2948 ws2ifsl - ok
17:51:34.0650 2948 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
17:51:34.0652 2948 WSDPrintDevice - ok
17:51:34.0655 2948 WSearch - ok
17:51:34.0671 2948 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:51:34.0673 2948 WudfPf - ok
17:51:34.0720 2948 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:51:34.0723 2948 WUDFRd - ok
17:51:34.0749 2948 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:51:34.0752 2948 wudfsvc - ok
17:51:34.0773 2948 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
17:51:34.0777 2948 WwanSvc - ok
17:51:34.0925 2948 X6va005 - ok
17:51:34.0962 2948 X6va007 - ok
17:51:35.0053 2948 X6va008 - ok
17:51:35.0074 2948 ================ Scan global ===============================
17:51:35.0104 2948 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
17:51:35.0130 2948 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
17:51:35.0138 2948 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
17:51:35.0161 2948 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
17:51:35.0175 2948 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
17:51:35.0180 2948 [Global] - ok
17:51:35.0181 2948 ================ Scan MBR ==================================
17:51:35.0189 2948 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
17:51:35.0189 2948 Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:51:35.0261 2948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:51:35.0261 2948 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:51:35.0263 2948 ================ Scan VBR ==================================
17:51:35.0294 2948 [ EEBFFFE9D8094D6615FD4D9C9E467CDE ] \Device\Harddisk0\DR0\Partition1
17:51:35.0295 2948 \Device\Harddisk0\DR0\Partition1 - ok
17:51:35.0298 2948 ============================================================
17:51:35.0298 2948 Scan finished
17:51:35.0298 2948 ============================================================
17:51:35.0309 8528 Detected object count: 1
17:51:35.0309 8528 Actual detected object count: 1
17:51:39.0070 8528 \Device\Harddisk0\DR0\# - copied to quarantine
17:51:39.0072 8528 \Device\Harddisk0\DR0 - copied to quarantine
17:51:39.0258 8528 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:51:39.0263 8528 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:51:39.0270 8528 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:51:39.0278 8528 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:51:39.0300 8528 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:51:39.0313 8528 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:51:39.0314 8528 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:51:39.0316 8528 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:51:39.0319 8528 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:51:39.0323 8528 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:51:39.0327 8528 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:51:39.0348 8528 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:51:39.0369 8528 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:51:39.0371 8528 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:51:39.0410 8528 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:51:39.0493 8528 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:51:39.0535 8528 \Device\Harddisk0\DR0 - ok
17:51:40.0124 8528 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:52:43.0030 7912 Deinitialize success
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
20-Apr-2013, 07:13 PM #9
Great job...you did just fine!

ComboFix

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
mrepic13's Avatar
mrepic13 mrepic13 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Apr 2013
Experience: Beginner
20-Apr-2013, 11:55 PM #10
Combofix is says that it is deleting a file but nothing is happening after that. It has been doing this for atleast 3 hours and i don't know what to do
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
21-Apr-2013, 07:32 PM #11
3 hours? Go ahead and reboot your system and run ComboFix again. Post the log if one is created please.
mrepic13's Avatar
mrepic13 mrepic13 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Apr 2013
Experience: Beginner
23-Apr-2013, 04:24 PM #12
here is the log. I let it sit while I was at school. Restarted my laptop, and was able to get the internet working. Here it is

ComboFix 13-04-20.02 - User 04/23/2013 7:12.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.3996 [GMT -5:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Trend Micro Titanium 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Trend Micro Titanium 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-23 to 2013-04-23 )))))))))))))))))))))))))))))))
.
.
2013-04-23 12:33 . 2013-04-23 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-23 12:33 . 2013-04-23 12:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-04-23 12:12 . 2013-04-23 12:12 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-04-23 01:57 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-04-23 01:57 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-04-23 01:57 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-04-23 01:57 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-04-22 21:16 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-04-22 21:16 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-04-22 21:16 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-04-22 21:16 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-04-22 21:14 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-04-22 21:14 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-04-22 21:14 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-04-22 21:14 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-04-22 21:13 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-04-22 21:13 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-04-22 21:13 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-04-22 21:10 . 2013-04-22 21:10 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-22 21:10 . 2013-04-22 21:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-04-22 04:43 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-04-22 04:42 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-04-22 04:41 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-04-22 04:40 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-04-22 04:27 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-04-22 04:27 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2013-04-22 04:27 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2013-04-22 04:27 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2013-04-22 04:27 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2013-04-22 04:27 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-22 04:27 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-04-22 04:27 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-04-20 22:51 . 2013-04-20 22:51 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-17 21:16 . 2013-04-17 21:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-17 21:15 . 2013-04-04 10:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 01:13 . 2013-04-16 01:14 -------- d-----w- c:\windows\system32\drivers\N360x64\1403010.016
2013-04-14 05:38 . 2013-04-23 04:31 -------- d-----w- c:\users\User\AppData\Roaming\.minecraft
2013-04-13 20:36 . 2013-04-13 20:36 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-12 04:19 . 2013-04-12 04:19 110080 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\IconF7A21AF7.exe
2013-04-12 04:19 . 2013-04-12 04:19 110080 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\IconD7F16134.exe
2013-04-12 04:19 . 2013-04-12 04:19 110080 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\Icon1226A4C5.exe
2013-04-12 04:19 . 2013-04-12 04:25 -------- d-----w- C:\sh4ldr
2013-04-12 04:19 . 2013-04-12 04:19 -------- d-----w- c:\program files\Enigma Software Group
2013-04-12 04:17 . 2013-04-12 04:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-04-12 04:13 . 2013-04-12 04:13 -------- d-----w- c:\users\User\AppData\Local\Macromedia
2013-04-10 04:12 . 2013-04-10 04:12 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2013-04-10 04:12 . 2013-04-10 04:12 -------- d-----w- c:\programdata\Malwarebytes
2013-04-10 04:12 . 2013-04-10 04:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-10 04:12 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 04:37 . 2012-04-01 15:38 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-12 04:37 . 2011-07-27 03:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 00:58 . 2011-11-17 20:27 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-09 05:40 . 2012-05-06 16:02 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-09 05:40 . 2011-12-26 18:19 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-21 23:45 . 2013-02-21 19:29 8107 ----a-w- c:\windows\w7dsd.reg
2013-02-21 23:45 . 2013-02-21 19:29 8089 ----a-w- c:\windows\w7dse.reg
2013-02-21 19:13 . 2013-02-21 18:56 275360 ----a-w- c:\windows\system32\DreamScene.dll
2013-02-21 18:56 . 2013-02-21 18:56 275360 ----a-w- c:\windows\system32\DreamScene.dll.10105
2013-02-12 05:45 . 2013-04-22 04:41 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-22 04:41 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-22 04:41 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-22 04:41 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-22 04:41 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-22 04:41 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-31 09:50 . 2013-01-31 09:50 28160 ----a-w- c:\windows\system32\drivers\mcaudrv_x64.sys
2013-01-31 03:18 . 2013-03-07 04:57 432800 ----a-w- c:\windows\system32\drivers\N360x64\1403000.024\symnets.sys
2013-01-31 03:18 . 2013-03-07 04:57 1139800 ----a-w- c:\windows\system32\drivers\N360x64\1403000.024\symefa64.sys
2013-01-29 01:45 . 2013-03-07 04:57 796248 ----a-w- c:\windows\system32\drivers\N360x64\1403000.024\srtsp64.sys
2013-01-29 01:45 . 2013-03-07 04:57 36952 ----a-w- c:\windows\system32\drivers\N360x64\1403000.024\srtspx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-04-19 1631144]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Wallpaper Changer"="c:\program files (x86)\Wallpaper Changer\Wallpaper Changer.exe" [2013-01-23 1882624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2011-06-22 21:26 3218864 ----a-w- c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DLPortIO;DriverLINX Port I/O Driver; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-11-29 38016]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2013-01-31 28160]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
R3 X6va005;X6va005;c:\users\User\AppData\Local\Temp\005A25E.tmp [x]
R3 X6va007;X6va007;c:\users\User\AppData\Local\Temp\007101E.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-11-28 14456]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403000.024\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS [2013-01-31 1139800]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-04-12 1390680]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130420.001\IDSvia64.sys [2012-12-19 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1403000.024\SYMNETS.SYS [2013-01-31 432800]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-08-11 70928]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe [2012-12-24 144520]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-11-28 132056]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-19 138912]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-02 1103464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 04:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-08-02 204048]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-09-20 1300672]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dkkeeu9d.default\
FF - ExtSQL: 2013-04-09 23:27; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn
FF - ExtSQL: 2013-04-11 20:25; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn
FF - ExtSQL: 2013-04-13 15:37; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{66F57190-01EB-45A6-8260-7895267209F7} - c:\program files (x86)\visualbee\visualbee\1.8.9.1\bh\visualbee.dll
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Toolbar-Locked - (no file)
Toolbar-{610AF794-9293-4129-9FAF-A81BBDFBFA14} - c:\program files (x86)\visualbee\visualbee\1.8.9.1\visualbeeTlbr.dll
Wow6432Node-HKLM-Run-SMessaging - c:\users\User\AppData\Local\Strongvault Online Backup\SMessaging.exe
SafeBoot-31390200.sys
MSConfigStartUp-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
AddRemove-LEGO Creator - c:\program files\Lego Media\Constructive\CREATOR\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\005A25E.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\007101E.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6e,a9,d0,e8,5b,72,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-04-23 16:12:07 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-23 21:12
.
Pre-Run: 70,010,077,184 bytes free
Post-Run: 73,913,380,864 bytes free
.
- - End Of File - - 7EEF19978DAFDA4866D4C8395AE3CFD9
mrepic13's Avatar
mrepic13 mrepic13 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Apr 2013
Experience: Beginner
23-Apr-2013, 06:49 PM #13
All Problems seem to be gone. Thanks for all of your help in solving my problems
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
24-Apr-2013, 05:22 PM #14
Are you sure you are happy with your system? Do you want to continue with the check or not?
mrepic13's Avatar
mrepic13 mrepic13 is offline
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Apr 2013
Experience: Beginner
24-Apr-2013, 09:03 PM #15
so you are saying that there could still be something on my computer??? Well if so then of course i would! I do not want this happening agian. And thank you for helping me with my issue
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
malware, spyware, svchost.exe, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2