Virus on PC

[briguy350]

so i have a toshiba laptop windows 7 64bit. ive been having this issue for a couple of months now and none of my anti-viruses remove it. i cant open up windows microsoft essentials so ive tried super-antispyware , spybot , melwarebytes and norton. when i go online i can type in the address bar whatever site i want to go to and it will go. but if i go to google or yahoo or anything and do a search, it will show me the results but as soon as i click to go to a site it redirects me to advertising and phishing sites. ive tried i.e. , mozilla and chrome and all do the same thing. when i go into the registry editor and go to HKEY_CURRENT_USER the first tab says null and under that it has about 100 entries that say random stuff like (9sd8sfihhhe-ereelekjrlk8754h-48o4jhojf) . is this my problem? can i just delete these? what do these mean? HELP!! i tried to do a screen shot picture but i cant get it to work. any advice would be greatly appreciated!

 

[johnb35]

Please do the following exactly.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

2.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

Once you post the logs I'll look at them and give you your next steps to do.

 

[briguy350]

i found all this on another thread you helped somebody else with and ive done all the following and am in the progress of the malwarebytes scan. the tdsskiller and it found nothing so i proceded to the malwarebytes. so far it detected 1 threat but still running.

 

[briguy350]

this was tdsskiller log

20:10:47.0650 5564 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:10:48.0618 5564 ============================================================
20:10:48.0618 5564 Current date / time: 2012/01/06 20:10:48.0618
20:10:48.0618 5564 SystemInfo:
20:10:48.0618 5564
20:10:48.0618 5564 OS Version: 6.1.7600 ServicePack: 0.0
20:10:48.0618 5564 Product type: Workstation
20:10:48.0618 5564 ComputerName: BRIANPC
20:10:48.0618 5564 UserName: Brian
20:10:48.0618 5564 Windows directory: C:\Windows
20:10:48.0618 5564 System windows directory: C:\Windows
20:10:48.0618 5564 Running under WOW64
20:10:48.0618 5564 Processor architecture: Intel x64
20:10:48.0618 5564 Number of processors: 2
20:10:48.0618 5564 Page size: 0x1000
20:10:48.0618 5564 Boot type: Normal boot
20:10:48.0618 5564 ============================================================
20:10:51.0644 5564 Initialize success
20:10:54.0374 6032 ============================================================
20:10:54.0374 6032 Scan started
20:10:54.0374 6032 Mode: Manual;
20:10:54.0374 6032 ============================================================
20:10:56.0527 6032 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:10:56.0558 6032 1394ohci - ok
20:10:56.0667 6032 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:10:56.0667 6032 ACPI - ok
20:10:56.0730 6032 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:10:56.0745 6032 AcpiPmi - ok
20:10:56.0886 6032 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:10:56.0886 6032 adp94xx - ok
20:10:57.0026 6032 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:10:57.0057 6032 adpahci - ok
20:10:57.0120 6032 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:10:57.0120 6032 adpu320 - ok
20:10:57.0276 6032 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
20:10:57.0323 6032 AFD - ok
20:10:57.0541 6032 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
20:10:57.0572 6032 AgereSoftModem - ok
20:10:57.0650 6032 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:10:57.0681 6032 agp440 - ok
20:10:57.0744 6032 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:10:57.0759 6032 aliide - ok
20:10:57.0791 6032 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:10:57.0806 6032 amdide - ok
20:10:57.0853 6032 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:10:57.0869 6032 AmdK8 - ok
20:10:57.0884 6032 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:10:57.0900 6032 AmdPPM - ok
20:10:57.0993 6032 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:10:58.0009 6032 amdsata - ok
20:10:58.0118 6032 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:10:58.0149 6032 amdsbs - ok
20:10:58.0181 6032 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:10:58.0212 6032 amdxata - ok
20:10:58.0321 6032 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:10:58.0352 6032 AppID - ok
20:10:58.0493 6032 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:10:58.0508 6032 arc - ok
20:10:58.0555 6032 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:10:58.0586 6032 arcsas - ok
20:10:58.0633 6032 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:10:58.0649 6032 AsyncMac - ok
20:10:58.0727 6032 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:10:58.0727 6032 atapi - ok
20:10:58.0883 6032 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:10:58.0898 6032 b06bdrv - ok
20:10:59.0023 6032 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:10:59.0039 6032 b57nd60a - ok
20:10:59.0132 6032 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:10:59.0148 6032 Beep - ok
20:10:59.0725 6032 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys
20:10:59.0725 6032 BHDrvx64 - ok
20:11:00.0006 6032 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:11:00.0006 6032 blbdrive - ok
20:11:00.0271 6032 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:11:00.0318 6032 bowser - ok
20:11:00.0396 6032 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:11:00.0411 6032 BrFiltLo - ok
20:11:00.0443 6032 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:11:00.0458 6032 BrFiltUp - ok
20:11:00.0583 6032 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:11:00.0599 6032 Brserid - ok
20:11:00.0630 6032 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:11:00.0645 6032 BrSerWdm - ok
20:11:00.0692 6032 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:11:00.0708 6032 BrUsbMdm - ok
20:11:00.0723 6032 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:11:00.0755 6032 BrUsbSer - ok
20:11:00.0848 6032 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:11:00.0864 6032 BTHMODEM - ok
20:11:00.0926 6032 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:11:00.0926 6032 cdfs - ok
20:11:01.0020 6032 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:11:01.0020 6032 cdrom - ok
20:11:01.0129 6032 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:11:01.0145 6032 circlass - ok
20:11:01.0223 6032 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:11:01.0223 6032 CLFS - ok
20:11:01.0457 6032 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:11:01.0457 6032 CmBatt - ok
20:11:01.0503 6032 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:11:01.0503 6032 cmdide - ok
20:11:01.0597 6032 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
20:11:01.0613 6032 CNG - ok
20:11:01.0691 6032 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:11:01.0706 6032 Compbatt - ok
20:11:01.0753 6032 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:11:01.0769 6032 CompositeBus - ok
20:11:01.0815 6032 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:11:01.0815 6032 crcdisk - ok
20:11:01.0971 6032 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:11:02.0003 6032 DfsC - ok
20:11:02.0034 6032 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:11:02.0049 6032 discache - ok
20:11:02.0112 6032 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:11:02.0112 6032 Disk - ok
20:11:02.0159 6032 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:11:02.0174 6032 drmkaud - ok
20:11:02.0252 6032 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:11:02.0283 6032 DXGKrnl - ok
20:11:02.0471 6032 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:11:02.0673 6032 ebdrv - ok
20:11:02.0814 6032 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:11:02.0861 6032 eeCtrl - ok
20:11:03.0017 6032 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:11:03.0032 6032 elxstor - ok
20:11:03.0157 6032 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:11:03.0188 6032 EraserUtilRebootDrv - ok
20:11:03.0313 6032 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:11:03.0313 6032 ErrDev - ok
20:11:03.0422 6032 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:11:03.0422 6032 exfat - ok
20:11:03.0485 6032 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:11:03.0485 6032 fastfat - ok
20:11:03.0531 6032 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:11:03.0531 6032 fdc - ok
20:11:03.0563 6032 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:11:03.0563 6032 FileInfo - ok
20:11:03.0594 6032 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:11:03.0609 6032 Filetrace - ok
20:11:03.0625 6032 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:11:03.0656 6032 flpydisk - ok
20:11:03.0703 6032 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:11:03.0703 6032 FltMgr - ok
20:11:03.0750 6032 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:11:03.0750 6032 FsDepends - ok
20:11:03.0765 6032 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:11:03.0765 6032 Fs_Rec - ok
20:11:03.0828 6032 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:11:03.0843 6032 fvevol - ok
20:11:03.0906 6032 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
20:11:03.0906 6032 FwLnk - ok
20:11:03.0953 6032 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:11:03.0953 6032 gagp30kx - ok
20:11:04.0015 6032 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:11:04.0031 6032 GEARAspiWDM - ok
20:11:04.0093 6032 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\Windows\system32\drivers\GIDv2.sys
20:11:04.0109 6032 GIDv2 - ok
20:11:04.0218 6032 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:11:04.0218 6032 hcw85cir - ok
20:11:04.0280 6032 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:11:04.0296 6032 HdAudAddService - ok
20:11:04.0327 6032 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:11:04.0327 6032 HDAudBus - ok
20:11:04.0358 6032 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:11:04.0358 6032 HidBatt - ok
20:11:04.0405 6032 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:11:04.0421 6032 HidBth - ok
20:11:04.0436 6032 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:11:04.0436 6032 HidIr - ok
20:11:04.0514 6032 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:11:04.0530 6032 HidUsb - ok
20:11:04.0623 6032 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:11:04.0655 6032 HpSAMD - ok
20:11:04.0733 6032 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:11:04.0764 6032 HTTP - ok
20:11:04.0779 6032 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:11:04.0795 6032 hwpolicy - ok
20:11:04.0873 6032 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:11:04.0873 6032 i8042prt - ok
20:11:04.0920 6032 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:11:04.0951 6032 iaStorV - ok
20:11:05.0185 6032 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120105.001\IDSvia64.sys
20:11:05.0185 6032 IDSVia64 - ok
20:11:05.0715 6032 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:11:05.0949 6032 igfx - ok
20:11:06.0121 6032 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:11:06.0137 6032 iirsp - ok
20:11:06.0277 6032 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
20:11:06.0293 6032 IntcHdmiAddService - ok
20:11:06.0324 6032 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:11:06.0324 6032 intelide - ok
20:11:06.0386 6032 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:11:06.0386 6032 intelppm - ok
20:11:06.0449 6032 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:11:06.0480 6032 IpFilterDriver - ok
20:11:06.0511 6032 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:11:06.0511 6032 IPMIDRV - ok
20:11:06.0542 6032 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:11:06.0542 6032 IPNAT - ok
20:11:06.0620 6032 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:11:06.0620 6032 IRENUM - ok
20:11:06.0667 6032 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:11:06.0667 6032 isapnp - ok
20:11:06.0714 6032 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:11:06.0714 6032 iScsiPrt - ok
20:11:06.0745 6032 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:11:06.0761 6032 kbdclass - ok
20:11:06.0807 6032 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:11:06.0823 6032 kbdhid - ok
20:11:06.0854 6032 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:11:06.0870 6032 KSecDD - ok
20:11:06.0917 6032 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
20:11:06.0917 6032 KSecPkg - ok
20:11:06.0963 6032 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:11:06.0979 6032 ksthunk - ok
20:11:07.0088 6032 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:11:07.0104 6032 lltdio - ok
20:11:07.0197 6032 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:11:07.0197 6032 LSI_FC - ok
20:11:07.0275 6032 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:11:07.0275 6032 LSI_SAS - ok
20:11:07.0353 6032 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:11:07.0353 6032 LSI_SAS2 - ok
20:11:07.0447 6032 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:11:07.0447 6032 LSI_SCSI - ok
20:11:07.0541 6032 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:11:07.0556 6032 luafv - ok
20:11:07.0743 6032 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:11:07.0775 6032 MBAMProtector - ok
20:11:08.0118 6032 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:11:08.0133 6032 megasas - ok
20:11:08.0180 6032 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:11:08.0196 6032 MegaSR - ok
20:11:08.0258 6032 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:11:08.0258 6032 Modem - ok
20:11:08.0321 6032 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:11:08.0321 6032 monitor - ok
20:11:08.0383 6032 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:11:08.0414 6032 mouclass - ok
20:11:08.0508 6032 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:11:08.0523 6032 mouhid - ok
20:11:08.0555 6032 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:11:08.0570 6032 mountmgr - ok
20:11:08.0664 6032 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
20:11:08.0695 6032 MpFilter - ok
20:11:08.0742 6032 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:11:08.0742 6032 mpio - ok
20:11:08.0835 6032 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:11:08.0867 6032 MpNWMon - ok
20:11:08.0913 6032 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:11:08.0929 6032 mpsdrv - ok
20:11:08.0960 6032 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:11:08.0960 6032 MRxDAV - ok
20:11:09.0054 6032 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:11:09.0069 6032 mrxsmb - ok
20:11:09.0194 6032 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:11:09.0241 6032 mrxsmb10 - ok
20:11:09.0335 6032 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:11:09.0366 6032 mrxsmb20 - ok
20:11:09.0428 6032 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:11:09.0459 6032 msahci - ok
20:11:09.0522 6032 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:11:09.0537 6032 msdsm - ok
20:11:09.0584 6032 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:11:09.0600 6032 Msfs - ok
20:11:09.0631 6032 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:11:09.0647 6032 mshidkmdf - ok
20:11:09.0709 6032 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:11:09.0725 6032 msisadrv - ok
20:11:09.0803 6032 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:11:09.0818 6032 MSKSSRV - ok
20:11:10.0037 6032 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:11:10.0068 6032 MSPCLOCK - ok
20:11:10.0099 6032 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:11:10.0115 6032 MSPQM - ok
20:11:10.0208 6032 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:11:10.0224 6032 MsRPC - ok
20:11:10.0302 6032 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:11:10.0302 6032 mssmbios - ok
20:11:10.0364 6032 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:11:10.0380 6032 MSTEE - ok
20:11:10.0395 6032 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:11:10.0411 6032 MTConfig - ok
20:11:10.0473 6032 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:11:10.0489 6032 Mup - ok
20:11:10.0692 6032 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:11:10.0707 6032 NativeWifiP - ok
20:11:11.0191 6032 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120105.021\ENG64.SYS
20:11:11.0191 6032 NAVENG - ok
20:11:11.0659 6032 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120105.021\EX64.SYS
20:11:11.0737 6032 NAVEX15 - ok
20:11:12.0361 6032 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:11:12.0377 6032 NDIS - ok
20:11:12.0704 6032 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:11:12.0720 6032 NdisCap - ok
20:11:12.0907 6032 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:11:12.0907 6032 NdisTapi - ok
20:11:12.0954 6032 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:11:12.0954 6032 Ndisuio - ok
20:11:12.0969 6032 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:11:12.0969 6032 NdisWan - ok
20:11:13.0016 6032 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:11:13.0016 6032 NDProxy - ok
20:11:13.0079 6032 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:11:13.0094 6032 NetBIOS - ok
20:11:13.0141 6032 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:11:13.0157 6032 NetBT - ok
20:11:13.0874 6032 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
20:11:14.0420 6032 NETw5s64 - ok
20:11:15.0481 6032 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:11:15.0684 6032 netw5v64 - ok
20:11:16.0043 6032 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:11:16.0074 6032 nfrd960 - ok
20:11:16.0214 6032 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:11:16.0261 6032 NisDrv - ok
20:11:16.0417 6032 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:11:16.0433 6032 Npfs - ok
20:11:16.0464 6032 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:11:16.0479 6032 nsiproxy - ok
20:11:16.0745 6032 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:11:16.0838 6032 Ntfs - ok
20:11:17.0135 6032 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:11:17.0150 6032 Null - ok
20:11:17.0197 6032 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:11:17.0213 6032 nvraid - ok
20:11:17.0306 6032 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:11:17.0353 6032 nvstor - ok
20:11:17.0431 6032 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:11:17.0447 6032 nv_agp - ok
20:11:17.0509 6032 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:11:17.0525 6032 ohci1394 - ok
20:11:17.0587 6032 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:11:17.0603 6032 Parport - ok
20:11:17.0634 6032 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:11:17.0649 6032 partmgr - ok
20:11:17.0743 6032 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:11:17.0759 6032 pci - ok
20:11:17.0790 6032 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:11:17.0790 6032 pciide - ok
20:11:17.0868 6032 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:11:17.0899 6032 pcmcia - ok
20:11:17.0930 6032 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:11:17.0946 6032 pcw - ok
20:11:18.0055 6032 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:11:18.0102 6032 PEAUTH - ok
20:11:18.0211 6032 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
20:11:18.0211 6032 PGEffect - ok
20:11:18.0336 6032 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:11:18.0351 6032 PptpMiniport - ok
20:11:18.0523 6032 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:11:18.0523 6032 Processor - ok
20:11:18.0648 6032 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:11:18.0679 6032 Psched - ok
20:11:19.0178 6032 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:11:19.0209 6032 ql2300 - ok
20:11:19.0272 6032 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:11:19.0287 6032 ql40xx - ok
20:11:19.0350 6032 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:11:19.0365 6032 QWAVEdrv - ok
20:11:19.0397 6032 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:11:19.0412 6032 RasAcd - ok
20:11:19.0506 6032 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:11:19.0521 6032 RasAgileVpn - ok
20:11:19.0553 6032 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:11:19.0693 6032 Rasl2tp - ok
20:11:19.0740 6032 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:11:19.0740 6032 RasPppoe - ok
20:11:19.0771 6032 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:11:19.0802 6032 RasSstp - ok
20:11:19.0880 6032 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:11:19.0880 6032 rdbss - ok
20:11:19.0943 6032 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:11:19.0943 6032 rdpbus - ok
20:11:19.0974 6032 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:11:19.0989 6032 RDPCDD - ok
20:11:20.0052 6032 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:11:20.0067 6032 RDPENCDD - ok
20:11:20.0145 6032 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:11:20.0145 6032 RDPREFMP - ok
20:11:20.0192 6032 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:11:20.0208 6032 RDPWD - ok
20:11:20.0286 6032 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:11:20.0301 6032 rdyboost - ok
20:11:20.0426 6032 rimspci (abf0d2eae54a7f071a54bd2828c982ca) C:\Windows\system32\DRIVERS\rimspe64.sys
20:11:20.0457 6032 rimspci - ok
20:11:20.0567 6032 rixdpcie (e8ed37d472eb5211c0a34fd63a3971e9) C:\Windows\system32\DRIVERS\rixdpe64.sys
20:11:20.0598 6032 rixdpcie - ok
20:11:20.0723 6032 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:11:20.0754 6032 rspndr - ok
20:11:20.0879 6032 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:11:20.0879 6032 RTL8167 - ok
20:11:20.0988 6032 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
20:11:21.0035 6032 RTL8169 - ok
20:11:21.0222 6032 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:11:21.0253 6032 SASDIFSV - ok
20:11:21.0315 6032 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:11:21.0347 6032 SASKUTIL - ok
20:11:21.0565 6032 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:11:21.0565 6032 sbp2port - ok
20:11:21.0674 6032 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:11:21.0690 6032 scfilter - ok
20:11:21.0799 6032 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
20:11:21.0815 6032 sdbus - ok
20:11:21.0846 6032 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:11:21.0877 6032 secdrv - ok
20:11:21.0939 6032 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:11:21.0955 6032 Serenum - ok
20:11:22.0064 6032 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:11:22.0064 6032 Serial - ok
20:11:22.0142 6032 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:11:22.0142 6032 sermouse - ok
20:11:22.0205 6032 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:11:22.0205 6032 sffdisk - ok
20:11:22.0267 6032 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:11:22.0283 6032 sffp_mmc - ok
20:11:22.0361 6032 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:11:22.0361 6032 sffp_sd - ok
20:11:22.0392 6032 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:11:22.0407 6032 sfloppy - ok
20:11:22.0485 6032 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:11:22.0501 6032 SiSRaid2 - ok
20:11:22.0563 6032 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:11:22.0579 6032 SiSRaid4 - ok
20:11:22.0657 6032 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:11:22.0673 6032 Smb - ok
20:11:22.0735 6032 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:11:22.0751 6032 spldr - ok
20:11:22.0969 6032 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
20:11:23.0000 6032 SRTSP - ok
20:11:23.0078 6032 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
20:11:23.0125 6032 SRTSPX - ok
20:11:23.0234 6032 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:11:23.0281 6032 srv - ok
20:11:23.0390 6032 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:11:23.0468 6032 srv2 - ok
20:11:23.0593 6032 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:11:23.0609 6032 srvnet - ok
20:11:23.0718 6032 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:11:23.0733 6032 stexstor - ok
20:11:23.0827 6032 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:11:23.0843 6032 swenum - ok
20:11:24.0108 6032 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
20:11:24.0170 6032 SymDS - ok
20:11:24.0435 6032 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
20:11:24.0482 6032 SymEFA - ok
20:11:24.0591 6032 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:11:24.0623 6032 SymEvent - ok
20:11:24.0763 6032 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
20:11:24.0763 6032 SymIRON - ok
20:11:24.0825 6032 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS
20:11:24.0872 6032 SymNetS - ok
20:11:25.0044 6032 SynTP (6de6d25cc1d1cb694a1cc3e4604db644) C:\Windows\system32\DRIVERS\SynTP.sys
20:11:25.0106 6032 SynTP - ok
20:11:25.0340 6032 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
20:11:25.0418 6032 Tcpip - ok
20:11:25.0995 6032 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
20:11:26.0011 6032 TCPIP6 - ok
20:11:26.0105 6032 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:11:26.0120 6032 tcpipreg - ok
20:11:26.0183 6032 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:11:26.0198 6032 tdcmdpst - ok
20:11:26.0214 6032 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:11:26.0245 6032 TDPIPE - ok
20:11:26.0261 6032 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:11:26.0261 6032 TDTCP - ok
20:11:26.0339 6032 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:11:26.0354 6032 tdx - ok
20:11:26.0401 6032 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:11:26.0417 6032 TermDD - ok
20:11:26.0495 6032 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\Windows\system32\DRIVERS\thpdrv.sys
20:11:26.0495 6032 Thpdrv - ok
20:11:26.0541 6032 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\Windows\system32\DRIVERS\Thpevm.SYS
20:11:26.0557 6032 Thpevm - ok
20:11:26.0807 6032 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
20:11:26.0822 6032 tos_sps64 - ok
20:11:26.0869 6032 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:11:26.0885 6032 tssecsrv - ok
20:11:26.0916 6032 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:11:26.0931 6032 tunnel - ok
20:11:27.0025 6032 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:11:27.0025 6032 TVALZ - ok
20:11:27.0072 6032 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:11:27.0072 6032 uagp35 - ok
20:11:27.0119 6032 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:11:27.0134 6032 udfs - ok
20:11:27.0181 6032 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:11:27.0197 6032 uliagpkx - ok
20:11:27.0259 6032 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:11:27.0290 6032 umbus - ok
20:11:27.0368 6032 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:11:27.0384 6032 UmPass - ok
20:11:27.0493 6032 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
20:11:27.0509 6032 USBAAPL64 - ok
20:11:27.0555 6032 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
20:11:27.0587 6032 usbccgp - ok
20:11:27.0665 6032 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:11:27.0665 6032 usbcir - ok
20:11:27.0743 6032 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
20:11:27.0758 6032 usbehci - ok
20:11:27.0836 6032 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
20:11:27.0961 6032 usbhub - ok
20:11:28.0164 6032 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
20:11:28.0195 6032 usbohci - ok
20:11:28.0273 6032 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:11:28.0289 6032 usbprint - ok
20:11:28.0367 6032 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:11:28.0398 6032 USBSTOR - ok
20:11:28.0429 6032 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:11:28.0445 6032 usbuhci - ok
20:11:28.0569 6032 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
20:11:28.0569 6032 usbvideo - ok
20:11:28.0663 6032 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:11:28.0679 6032 vdrvroot - ok
20:11:28.0725 6032 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:11:28.0741 6032 vga - ok
20:11:28.0803 6032 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:11:28.0803 6032 VgaSave - ok
20:11:28.0881 6032 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:11:28.0881 6032 vhdmp - ok
20:11:28.0944 6032 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:11:28.0959 6032 viaide - ok
20:11:28.0991 6032 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:11:29.0006 6032 volmgr - ok
20:11:29.0069 6032 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:11:29.0084 6032 volmgrx - ok
20:11:29.0162 6032 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:11:29.0193 6032 volsnap - ok
20:11:29.0287 6032 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:11:29.0303 6032 vsmraid - ok
20:11:29.0334 6032 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:11:29.0349 6032 vwifibus - ok
20:11:29.0381 6032 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:11:29.0396 6032 vwififlt - ok
20:11:29.0443 6032 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:11:29.0459 6032 WacomPen - ok
20:11:29.0552 6032 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:29.0568 6032 WANARP - ok
20:11:29.0599 6032 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:29.0599 6032 Wanarpv6 - ok
20:11:29.0724 6032 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:11:29.0739 6032 Wd - ok
20:11:29.0833 6032 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:11:29.0864 6032 Wdf01000 - ok
20:11:29.0958 6032 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:11:29.0958 6032 WfpLwf - ok
20:11:30.0005 6032 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:11:30.0020 6032 WIMMount - ok
20:11:30.0161 6032 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:11:30.0176 6032 WinUsb - ok
20:11:30.0239 6032 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:11:30.0254 6032 WmiAcpi - ok
20:11:30.0317 6032 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:11:30.0332 6032 ws2ifsl - ok
20:11:30.0379 6032 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:11:30.0395 6032 WudfPf - ok
20:11:30.0519 6032 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:11:30.0535 6032 WUDFRd - ok
20:11:30.0566 6032 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:11:30.0644 6032 \Device\Harddisk0\DR0 - ok
20:11:30.0660 6032 Boot (0x1200) (d3784512bb4b347ce6de2737692d98ae) \Device\Harddisk0\DR0\Partition0
20:11:30.0660 6032 \Device\Harddisk0\DR0\Partition0 - ok
20:11:30.0660 6032 ============================================================
20:11:30.0660 6032 Scan finished
20:11:30.0660 6032 ============================================================
20:11:30.0675 3248 Detected object count: 0
20:11:30.0675 3248 Actual detected object count: 0

 

[briguy350]

this was from the malwarebytes. detected 6 things.

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Brian :: BRIANPC [limited]

Protection: Enabled

1/6/2012 6:32:25 PM
mbam-log-2012-01-06 (18-32-25).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 413080
Time elapsed: 2 hour(s), 2 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:18810 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Brian\Downloads\setup.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

(end)

 

[johnb35]

Waiting for the hijackthis log now.

 

[briguy350]

alright let me go back to other thread and keep following.

 

[briguy350]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:57:54 PM, on 1/6/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=xfactiv_eg_self_main
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=xfactiv_eg_self_main
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12725 bytes

 

[johnb35]

I don't see anything standing out in your log. Are you still having issues with your system? If so, we can run a different program.

 

[briguy350]

seems to be able to do searches and go to the correct page about %50 of time, other's still getting redirected. seems like its almost there.i never rebooted, should i try that?

 

[johnb35]

If its still redirecting do this. Make sure you disable your Norton antivirus first before running.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[briguy350]

keep getting installation cannot complete. disabled norton and nothing else is running. get error download

 

[johnb35]

Try booting to safe mode and running it.

 

[briguy350]

shit still error. double checked everythings disabled.

 

[johnb35]

Ok, at this point, try doing a system restore back to a day before you were infected. Then you still need to scan your system with malwarebytes. Let me know how it goes. We may be able to run combofix at that point.

 

[CrazyHV8000]

You might want to try Avast! antivirus www.avast.com. After you installing, running boot-time scan. It is same happened to me and my friend.

 

[briguy350]

Sorry was gone a couple days. I couldn't do a system restore it was locked on me that was the first thing I tried to do. I uninstalled my norton and downloaded the avast and did the boot scan and it found errors. One was a win32 something but I think that was it. Now I'm able to do google searches again and everything seems to be running smooth again. I want to thank you guys so much! This was my first visit here and you guys help me fix my problem and I really thank you for your help! I will continue to use this site for help and I've also been doing a lot of research on here and it's help me a lot.

 

[CrazyHV8000]

Sorry was gone a couple days. I couldn't do a system restore it was locked on me that was the first thing I tried to do. I uninstalled my norton and downloaded the avast and did the boot scan and it found errors. One was a win32 something but I think that was it. Now I'm able to do google searches again and everything seems to be running smooth again. I want to thank you guys so much! This was my first visit here and you guys help me fix my problem and I really thank you for your help! I will continue to use this site for help and I've also been doing a lot of research on here and it's help me a lot.

No problem. You know computer talk to me