Inactive I think I have a virus

Havingphun

Posts: 83   +0
So last summer I got a virus on my laptop. I got rid of it by pressing the required button at start up that reintalled windows vista and resetting my laptop to factory settings. But now I have another. First of all I can't reset my pc the way I did before, It just beeps loudly. I'm pressing the right button too!

The virus I have now makes it so I cannot go to any website. I can connect to the internet but every website and search I try to access just comes up with a white screen and says its loading. But even after an hour of waiting it still does not load. I use opera as a browser.What used to happen is every website I clicked on would come up with some add site called abnow. All I had to do was copy the link of the website into the search box and it would bring me directly to the website.

But now no websites will load. I have also had this problem of just about every program I install will have this error when I try to use it: "Windows cannot access the specified device path, or file. You may not have the appropriate permissions to access this item." I am the only person who uses my laptop and I am the administrator, so I should have permission to use it. I also looked at the permissions of the files and I had permission to use them. Most programs that do this are ones that I install from disks. All of the programs effected never had this problem until these past couple of months. I had to uninstall all of my antivirus software and now I can't install anymore. I can't download any. Norton requires me to activate through the internet. Malware bytes has that error above now.

But there is this folder that I found in C:\Program Files\. I have no idea what it is and I have idea where it came from. Its called RelevantKnowledge. It has a file in it with no name and no file type. Its size of it is: 105 kb. If I try to delete it nothing happens. If I try to delete RelevantKnowledge the folder its in I get this error. "error 0x80070091: This directory is not empty."

I don't see how that is a good reason not to delete it. I have deleted directories that are not empty before. Can someone help me? These are my pc's specs:

CPU: AMD Turion Dual - Core RM - 70 2.00 GHz
RAM: 3.00 GB
OS: Windows Vista Home Premium, 32 bit, Service Pack 1
Model: HP G60 Notebook PC
GPU: NVIDIA GeForce 8200M G

Please help. Thanks in ahead.
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Ok thank you. I'm downloading malwarebytes now. Thats probably the most I can download because I have only have access to dial up now. 2.00 KB/sec downloads. ill keep updating.
 
Ok, so I installed Malwarebytes and it worked at first. The active proctection found and quarantined two files labeled as rootkit.noaccess. That would explain my pc telling me this error on alot of programs: "Windows cannot access the specified device path, or file. You may not have the appropriate permissions to access this item.". But after this it just got worse. When I started the quick scan mb ran for about 30 seconds then it acted as if it minimized. Its icon was still in the tray on the bottom right of the screen. But malware bytes did not do anything. When I tried to run malwarebytes again it gave me the error above. So somehow the virus got to it when it ran the scan. The only time that malwarebytes was found by the virus was when it tried to scan for the viruses. Later I tried to run a new install of malware bytes on safe mode. The virus still got to it. After several more tries my screen flashed white and my laptop turned off. I turned it back on and was looking at options other than safe mode and my computer did the same thing.

I was about to try again when I noticed my laptop was extremely hot in one spot. I noticed that it is the spot where my harddrive is located. So I turned it off and stopped for the night. Now I'm gonna try to install and update malware bytes on my un - infected pc and then move it to my other one. Also I tried to run gmer but the virus caught it. The virus also would not let me move, rename, or delete gmer after it caught it. So I made a new copy of gmer under a different name and ran it in safe mode. After the first scan it did not make the log correctly so I ran another scan and then my computer crashed. Thats how it crashed the first time.

Is there anyway that I can stop the virus from disabling malware bytes. Would updating it do that?
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Log from DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by New 2 at 14:30:45 on 2012-05-25
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1961 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\2017564883:744996487.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.1.0.37\IPSBHO.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
uRun: [Cracked Steam Service] "c:\program files\steam\Cracked Steam.exe" /SERVICE
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\relevantknowledge\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
dRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
dRun: [GameBooster.exe] c:\program files\iobit\game booster\GameBooster.exe
dRun: [HKCU] c:\windows\system32\install\winchk.exe
dRun: [AOL Fast Start] "c:\program files\aol 9.0a\AOL.EXE" -b
dRunOnce: [Shockwave Updater] c:\windows\system32\macromed\shockw~1\SWHELP~1.EXE -Update -1020023 -svchost.exe6.0
dExplorerRun: [Policies] c:\windows\system32\install\winchk.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{64EC8E6B-09C2-473E-8DDC-CD3ED2726172} : NameServer = 205.188.146.145
TCP: Interfaces\{7480D921-6286-496C-B2AC-6C2385A6918D} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9DABAAE7-1F5F-4D23-9AB3-D0703079E615} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A8EFB6DA-AF84-4C34-A8BF-9501C03258F2} : NameServer = 205.188.146.145
AppInit_DLLs:
STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - No File
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {74DH87MJ-35VS-3DAK-2I56-GIK58IRFVC08} - c:\windows\system32\install\winchk.exe
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-11 16184]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-8-26 29808]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2012-4-5 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2012-4-5 666672]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20100810.004\BHDrvx86.sys [2012-4-5 692272]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20100706.002\IDSVix86.sys [2012-4-5 344112]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2012-4-5 134704]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys [2012-4-5 331312]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-4-5 913752]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-11-20 24652]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2012-4-21 1201640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-24 22344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-25 40776]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-23 123496]
S2 AntUpdaterService;Ant Toolbar updater service;"c:\program files\ant.com\ie add-on\antupdaterservice.exe" --> c:\program files\ant.com\ie add-on\AntUpdaterService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]
S2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-7-11 821080]
S2 MBAMService;MBAMService;c:\program files\relevantknowledge\mbamservice.exe [2012-5-24 654408]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.1.0.37\ccSvcHst.exe [2012-4-5 126904]
S2 PCKeeperService;PCKeeper Worker Service;c:\program files\zeobit\pckeeper\ZeoService.exe [2011-8-10 0]
S2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe /service --> c:\program files\relevantknowledge\rlservice.exe [?]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-8-26 4048240]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-4 193840]
S3 fileHiders;fileHiders;c:\windows\system32\drivers\fileHiders.sys [2011-8-10 27928]
S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2011-7-11 18768]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2011-7-11 30600]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2011-7-11 19280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZeoScanner;ZeoScanner;c:\windows\system32\drivers\zeoscanner.sys [2011-8-10 23832]
.
=============== Created Last 30 ================
.
2012-05-25 20:45:27 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-25 20:32:09 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-05-25 06:29:20 -------- d-----w- c:\program files\NotMalwareBots
2012-05-25 05:57:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-25 05:44:41 -------- d-----w- c:\users\new 2\appdata\roaming\Malwarebytes
2012-05-25 05:44:31 -------- d-----w- c:\programdata\Malwarebytes
2012-05-05 23:43:25 -------- d-----w- c:\program files\Sierra
.
==================== Find3M ====================
.
2012-05-25 20:16:52 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2012-04-05 14:55:29 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-04-05 12:37:27 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-08 17:55:05 23277339 ----a-w- c:\program files\codeblocks-10.05-setup.exe
2009-03-16 21:36:16 1691464 ----a-w- c:\program files\dsetup32.dll
2009-03-16 21:35:46 525128 ----a-w- c:\program files\DXSETUP.exe
2009-03-16 21:35:34 94024 ----a-w- c:\program files\DSETUP.dll
.
============= FINISH: 14:34:22.83 ===============
 
Attach Log From DDS:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/20/2010 7:06:56 PM
System Uptime: 5/25/2012 1:16:22 PM (1 hours ago)
.
Motherboard: Wistron | | 303C
Processor: AMD Turion Dual-Core RM-70 | Socket A | 1000/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 27.87 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0.478 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP316: 4/21/2012 5:29:16 PM - Installed DirectX
RP317: 4/23/2012 4:10:06 PM - Scheduled Checkpoint
RP319: 4/23/2012 9:19:14 PM - Installed DirectX
RP320: 4/24/2012 4:29:12 PM - Scheduled Checkpoint
RP321: 4/25/2012 4:50:29 PM - Scheduled Checkpoint
RP322: 4/29/2012 5:41:24 AM - Scheduled Checkpoint
RP323: 5/3/2012 1:58:17 PM - Scheduled Checkpoint
RP324: 5/7/2012 2:33:57 PM - Scheduled Checkpoint
RP325: 5/8/2012 11:48:49 AM - Scheduled Checkpoint
RP326: 5/9/2012 12:07:17 PM - Scheduled Checkpoint
RP327: 5/10/2012 3:20:28 PM - Scheduled Checkpoint
RP328: 5/11/2012 12:42:15 PM - Scheduled Checkpoint
RP329: 5/24/2012 7:49:13 PM - Scheduled Checkpoint
RP330: 5/25/2012 2:12:52 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
18 Wheels of Steel: American Long Haul
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Advanced SystemCare 5
AIM 7
Algodoo v1.8.5
Algodoo v2.0.2 b1
AOL Mail and AIM Gadget
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
Atheros Driver Installation Program
Battlefield Vietnam(TM)
BitTorrent
Blender (remove only)
Blender NIF Scripts (remove only)
Borderlands
Caesar IV
Call of Duty: Modern Warfare 2 - Multiplayer
Cards_Calendar_OrderGift_DoMorePlugout
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CMake 2.8, a cross-platform, open-source build system
CodeBlocks
Command & Conquer 3
Command & Conquer The First Decade
Command & Conquer™ Red Alert™ 3
Company of Heroes - FAKEMSI
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Cracked Steam
CyberLink DVD Suite
CyberLink YouCam
Download Updater (AOL LLC)
Dragon UnPACKer 5
EasyBCD 2.0
ESU for Microsoft Vista
Fraps
FreeArc 0.666
Game Booster 3
GlassFish Server Open Source Edition 3.1
Google Chrome
Google Update Helper
Havij 1.14 Free
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
HOTLLAMA Media Player
How to make Modifications for Games in general 1.001
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons 6.40 D3
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
IObit Malware Fighter
ISO Recorder
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 5
Java(TM) SE Development Kit 6 Update 26
John Deere American Builder Deluxe
John Deere American Farmer Deluxe
LabelPrint
LightScribe System Software 1.12.33.2
Limewire Plus+ 1.0.1.8082
Liquid War 6 0.0.10beta
Malwarebytes Anti-Malware version 1.61.0.1400
MediaGet2 version 2.1.494.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Game Studio Platform Tools
MMDS 0.02
Mobile Broadband Generic Drivers
Morrowind
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.1
My HP Games
MySQL Connector/ODBC 3.51
NetBeans IDE 7.0
NetWaiting
Nexus Mod Manager
Norton Internet Security
NVIDIA Control Panel 260.99
NVIDIA Drivers
NVIDIA Graphics Driver 260.99
NVIDIA HD Audio Driver 1.1.9.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 260.99
NVIDIA Stereoscopic 3D Driver
Opera 11.62
Paint.NET v3.5.6
PCKeeper
Plants vs. Zombies
Power2Go
PowerDirector
PowerISO
PSSWCORE
PyFFI 2.1.11
Python 2.6.6
Python 2.7.2
Qt SDK
Quick Web Player
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek USB 2.0 Card Reader
Red Faction Guerrilla
RTC Client API v1.2
SanDiskSecureAccess_Manager.exe
Sid Meier's Civilization 4
Sid Meier's Civilization V - Demo
Silent Hunter Wolves of the Pacific
Sins of a Solar Empire
Smart Defrag 2
SpeedBit Video Downloader
SPORE™
Spy Sweeper
Spy Sweeper Core
Steam
Synaptics Pointing Device Driver
System Requirements Lab CYRI
TES Construction Set
THE SETTLERS - Rise of an Empire
Update for Office 2007 (KB934528)
uTorrentBar Toolbar
Ventrilo Client
Verizon Wireless MiFi-2200 Firmware Updates
VideoToolkit01
Viewpoint Media Player
Virtual Villagers - The Lost Children (remove only)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WinRAR archiver
YouTube Downloader 3.3
.
==== End Of File ===========================
 
Part 1 of Log From TDssKiller:

14:42:56.0523 2076 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
14:42:56.0601 2076 ============================================================
14:42:56.0601 2076 Current date / time: 2012/05/25 14:42:56.0601
14:42:56.0601 2076 SystemInfo:
14:42:56.0601 2076
14:42:56.0601 2076 OS Version: 6.0.6001 ServicePack: 1.0
14:42:56.0601 2076 Product type: Workstation
14:42:56.0601 2076 ComputerName: LUKEMONEY-PC
14:42:56.0601 2076 UserName: New 2
14:42:56.0601 2076 Windows directory: C:\Windows
14:42:56.0601 2076 System windows directory: C:\Windows
14:42:56.0601 2076 Processor architecture: Intel x86
14:42:56.0601 2076 Number of processors: 2
14:42:56.0601 2076 Page size: 0x1000
14:42:56.0601 2076 Boot type: Normal boot
14:42:56.0601 2076 ============================================================
14:42:58.0707 2076 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:42:58.0722 2076 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:42:58.0722 2076 ============================================================
14:42:58.0722 2076 \Device\Harddisk0\DR0:
14:42:58.0722 2076 MBR partitions:
14:42:58.0722 2076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BE0E7C1
14:42:58.0722 2076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BE0E800, BlocksNum 0x13B5800
14:42:58.0722 2076 \Device\Harddisk1\DR1:
14:42:58.0722 2076 MBR partitions:
14:42:58.0722 2076 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
14:42:58.0722 2076 ============================================================
14:42:58.0753 2076 C: <-> \Device\Harddisk0\DR0\Partition0
14:42:58.0800 2076 D: <-> \Device\Harddisk0\DR0\Partition1
14:42:58.0800 2076 ============================================================
14:42:58.0800 2076 Initialize success
14:42:58.0800 2076 ============================================================
14:45:00.0589 4072 ============================================================
14:45:00.0589 4072 Scan started
14:45:00.0589 4072 Mode: Manual;
14:45:00.0589 4072 ============================================================
14:45:01.0619 4072 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
14:45:01.0635 4072 ACPI - ok
14:45:01.0697 4072 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:45:01.0697 4072 adp94xx - ok
14:45:01.0744 4072 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:45:01.0759 4072 adpahci - ok
14:45:01.0791 4072 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:45:01.0791 4072 adpu160m - ok
14:45:01.0822 4072 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:45:01.0822 4072 adpu320 - ok
14:45:02.0134 4072 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
14:45:02.0181 4072 AdvancedSystemCareService5 - ok
14:45:02.0243 4072 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:45:02.0243 4072 AeLookupSvc - ok
14:45:02.0352 4072 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
14:45:02.0368 4072 AFD - ok
14:45:02.0399 4072 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:45:02.0399 4072 agp440 - ok
14:45:02.0446 4072 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:45:02.0461 4072 aic78xx - ok
14:45:02.0477 4072 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:45:02.0493 4072 ALG - ok
14:45:02.0508 4072 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:45:02.0508 4072 aliide - ok
14:45:02.0524 4072 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:45:02.0539 4072 amdagp - ok
14:45:02.0555 4072 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:45:02.0555 4072 amdide - ok
14:45:02.0586 4072 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:45:02.0586 4072 AmdK7 - ok
14:45:02.0617 4072 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
14:45:02.0617 4072 AmdK8 - ok
14:45:02.0711 4072 AntUpdaterService - ok
14:45:02.0867 4072 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
14:45:02.0867 4072 AOL ACS - ok
14:45:02.0929 4072 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:45:02.0929 4072 Appinfo - ok
14:45:03.0007 4072 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:45:03.0007 4072 arc - ok
14:45:03.0039 4072 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:45:03.0039 4072 arcsas - ok
14:45:03.0195 4072 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:45:03.0195 4072 aspnet_state - ok
14:45:03.0226 4072 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:45:03.0226 4072 AsyncMac - ok
14:45:03.0257 4072 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
14:45:03.0257 4072 atapi - ok
14:45:03.0491 4072 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
14:45:03.0522 4072 athr - ok
14:45:03.0616 4072 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys
14:45:03.0631 4072 atksgt - ok
14:45:03.0725 4072 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
14:45:03.0741 4072 AudioEndpointBuilder - ok
14:45:03.0756 4072 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
14:45:03.0772 4072 Audiosrv - ok
14:45:03.0897 4072 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:45:03.0928 4072 BCM43XV - ok
14:45:03.0959 4072 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:45:03.0959 4072 Beep - ok
14:45:04.0037 4072 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
14:45:04.0037 4072 BFE - ok
14:45:04.0536 4072 BHDrvx86 (8f6d9ce8af24f09de6b020b2c09e27d9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
14:45:04.0599 4072 BHDrvx86 - ok
14:45:04.0911 4072 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
14:45:04.0942 4072 BITS - ok
14:45:05.0004 4072 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:45:05.0004 4072 blbdrive - ok
14:45:05.0051 4072 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
14:45:05.0051 4072 bowser - ok
14:45:05.0067 4072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:45:05.0067 4072 BrFiltLo - ok
14:45:05.0082 4072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:45:05.0082 4072 BrFiltUp - ok
14:45:05.0145 4072 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:45:05.0145 4072 Browser - ok
14:45:05.0176 4072 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:45:05.0191 4072 Brserid - ok
14:45:05.0191 4072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:45:05.0207 4072 BrSerWdm - ok
14:45:05.0207 4072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:45:05.0223 4072 BrUsbMdm - ok
14:45:05.0238 4072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:45:05.0238 4072 BrUsbSer - ok
14:45:05.0254 4072 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:45:05.0269 4072 BTHMODEM - ok
14:45:05.0301 4072 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:45:05.0301 4072 cdfs - ok
14:45:05.0332 4072 cdrom (7563722c65f25d0da64a9b990877cf0f) C:\Windows\system32\DRIVERS\cdrom.sys
14:45:05.0347 4072 cdrom ( Virus.Win32.ZAccess.g ) - infected
14:45:05.0347 4072 cdrom - detected Virus.Win32.ZAccess.g (0)
14:45:05.0379 4072 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
14:45:05.0379 4072 CertPropSvc - ok
14:45:05.0425 4072 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:45:05.0425 4072 circlass - ok
14:45:05.0488 4072 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
14:45:05.0488 4072 CLFS - ok
14:45:05.0581 4072 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:45:05.0581 4072 clr_optimization_v2.0.50727_32 - ok
14:45:05.0691 4072 clr_optimization_v4.0.30319_32 (31a71c94c8dd415b1c6a90bee470f727) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:45:05.0691 4072 clr_optimization_v4.0.30319_32 - ok
14:45:05.0753 4072 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:45:05.0753 4072 CmBatt - ok
14:45:05.0769 4072 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:45:05.0769 4072 cmdide - ok
14:45:05.0862 4072 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
14:45:05.0878 4072 CnxtHdAudService - ok
14:45:06.0018 4072 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:45:06.0018 4072 Com4QLBEx - ok
14:45:06.0081 4072 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:45:06.0081 4072 Compbatt - ok
14:45:06.0081 4072 COMSysApp - ok
14:45:06.0127 4072 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:45:06.0127 4072 crcdisk - ok
14:45:06.0190 4072 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:45:06.0190 4072 Crusoe - ok
14:45:06.0268 4072 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
14:45:06.0268 4072 CryptSvc - ok
14:45:06.0299 4072 d3984178 (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\2017564883:744996487.exe
14:45:06.0299 4072 Suspicious file (Hidden): C:\Windows\2017564883:744996487.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
14:45:06.0299 4072 d3984178 ( Rootkit.Win32.PMax.gen ) - infected
14:45:06.0315 4072 d3984178 - detected Rootkit.Win32.PMax.gen (0)
14:45:06.0424 4072 DcomLaunch (33fb1f0193ee2051067441492d56113c) C:\Windows\system32\rpcss.dll
14:45:06.0439 4072 DcomLaunch - ok
14:45:06.0471 4072 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
14:45:06.0471 4072 DfsC - ok
14:45:06.0876 4072 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
14:45:06.0954 4072 DFSR - ok
14:45:07.0173 4072 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
14:45:07.0188 4072 Dhcp - ok
14:45:07.0251 4072 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
14:45:07.0266 4072 disk - ok
14:45:07.0282 4072 Dnscache (f5a0f1da1ed8b429597e71d27d976e31) C:\Windows\System32\dnsrslvr.dll
14:45:07.0297 4072 Dnscache - ok
14:45:07.0344 4072 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
14:45:07.0360 4072 dot3svc - ok
14:45:07.0407 4072 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:45:07.0422 4072 DPS - ok
14:45:07.0438 4072 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:45:07.0438 4072 drmkaud - ok
14:45:07.0578 4072 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
14:45:07.0609 4072 DXGKrnl - ok
14:45:07.0656 4072 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:45:07.0656 4072 E1G60 - ok
14:45:07.0734 4072 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:45:07.0734 4072 EapHost - ok
14:45:07.0781 4072 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
14:45:07.0797 4072 Ecache - ok
14:45:07.0906 4072 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:45:07.0921 4072 ehRecvr - ok
14:45:07.0984 4072 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:45:07.0984 4072 ehSched - ok
14:45:08.0031 4072 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:45:08.0031 4072 ehstart - ok
14:45:08.0124 4072 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:45:08.0140 4072 elxstor - ok
14:45:08.0280 4072 EMDMgmt (ba4e96d951ddad6ac3af3c91d4ac68bf) C:\Windows\system32\emdmgmt.dll
14:45:08.0296 4072 EMDMgmt - ok
14:45:08.0327 4072 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:45:08.0327 4072 ErrDev - ok
14:45:08.0421 4072 EventSystem (f4bf4fa769db51b106d2b4b35256988b) C:\Windows\system32\es.dll
14:45:08.0436 4072 EventSystem - ok
14:45:08.0452 4072 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
14:45:08.0467 4072 exfat - ok
14:45:08.0545 4072 Exportit (b89cfbe8cb247b57d8c10adaa66b462b) C:\Windows\system32\CBN.dll
14:45:08.0561 4072 Exportit ( Backdoor.Multi.ZAccess.gen ) - infected
14:45:08.0561 4072 Exportit - detected Backdoor.Multi.ZAccess.gen (0)
14:45:08.0592 4072 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
14:45:08.0608 4072 fastfat - ok
14:45:08.0639 4072 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:45:08.0639 4072 fdc - ok
14:45:08.0686 4072 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:45:08.0686 4072 fdPHost - ok
14:45:08.0717 4072 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:45:08.0717 4072 FDResPub - ok
14:45:08.0764 4072 fileHiders (553f631715b403b9e6a2a3eafed6373f) C:\Windows\system32\DRIVERS\fileHiders.sys
14:45:08.0764 4072 fileHiders - ok
14:45:08.0826 4072 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:45:08.0826 4072 FileInfo - ok
14:45:08.0998 4072 FileMonitor (658fa0e08a00457b528491ed4e2ea462) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys
14:45:08.0998 4072 FileMonitor - ok
14:45:09.0045 4072 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:45:09.0045 4072 Filetrace - ok
14:45:09.0060 4072 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:45:09.0060 4072 flpydisk - ok
14:45:09.0123 4072 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
14:45:09.0123 4072 FltMgr - ok
14:45:09.0216 4072 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:45:09.0232 4072 FontCache3.0.0.0 - ok
14:45:09.0279 4072 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:45:09.0279 4072 Fs_Rec - ok
14:45:09.0341 4072 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:45:09.0341 4072 gagp30kx - ok
14:45:09.0481 4072 GameConsoleService (6139ae70e943b2a57ad04b70a316c0a0) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
14:45:09.0481 4072 GameConsoleService - ok
14:45:09.0559 4072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:45:09.0559 4072 GEARAspiWDM - ok
14:45:09.0653 4072 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
14:45:09.0669 4072 gpsvc - ok
14:45:09.0747 4072 gupdate (b488a83b6c00e38aaf5fb4ce1a26ca07) C:\Program Files\Google\Update\GoogleUpdate.exe
14:45:09.0762 4072 gupdate - ok
14:45:09.0762 4072 gupdatem (b488a83b6c00e38aaf5fb4ce1a26ca07) C:\Program Files\Google\Update\GoogleUpdate.exe
14:45:09.0778 4072 gupdatem - ok
14:45:09.0840 4072 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:45:09.0840 4072 HdAudAddService - ok
14:45:09.0887 4072 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:45:09.0887 4072 HDAudBus - ok
14:45:09.0903 4072 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:45:09.0903 4072 HidBth - ok
14:45:09.0918 4072 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:45:09.0934 4072 HidIr - ok
14:45:09.0996 4072 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
14:45:09.0996 4072 hidserv - ok
14:45:10.0043 4072 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
14:45:10.0043 4072 HidUsb - ok
14:45:10.0090 4072 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:45:10.0090 4072 hkmsvc - ok
14:45:10.0199 4072 HP Health Check Service (f696ff21794a552842cbb0a1a4dfd907) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
14:45:10.0199 4072 HP Health Check Service - ok
14:45:10.0261 4072 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:45:10.0261 4072 HpCISSs - ok
14:45:10.0308 4072 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:45:10.0308 4072 HpqKbFiltr - ok
14:45:10.0371 4072 hpqwmiex (77e68d172e42b5ca989e25081acedbf1) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
14:45:10.0386 4072 hpqwmiex - ok
14:45:10.0449 4072 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:45:10.0464 4072 HSFHWAZL - ok
14:45:10.0620 4072 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:45:10.0667 4072 HSF_DPV - ok
14:45:10.0714 4072 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:45:10.0729 4072 HSXHWAZL - ok
14:45:10.0839 4072 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
14:45:10.0854 4072 HTTP - ok
14:45:10.0870 4072 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:45:10.0885 4072 i2omp - ok
14:45:10.0917 4072 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:45:10.0917 4072 i8042prt - ok
14:45:10.0995 4072 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:45:10.0995 4072 iaStorV - ok
14:45:11.0104 4072 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:45:11.0104 4072 IDriverT - ok
14:45:11.0369 4072 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:45:11.0400 4072 idsvc - ok
14:45:11.0728 4072 IDSVix86 (2edd3504457691a10328079da011d0b8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys
14:45:11.0743 4072 IDSVix86 - ok
14:45:11.0868 4072 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:45:11.0868 4072 iirsp - ok
14:45:11.0977 4072 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
14:45:12.0009 4072 IKEEXT - ok
14:45:12.0289 4072 IMFservice (eae3a1bc61c34901bd1d9750c7587774) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
14:45:12.0305 4072 IMFservice - ok
14:45:12.0414 4072 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:45:12.0414 4072 intelide - ok
14:45:12.0461 4072 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:45:12.0461 4072 intelppm - ok
14:45:12.0523 4072 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:45:12.0523 4072 IPBusEnum - ok
14:45:12.0539 4072 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:45:12.0555 4072 IpFilterDriver - ok
14:45:12.0601 4072 iphlpsvc (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll
14:45:12.0601 4072 iphlpsvc - ok
14:45:12.0633 4072 IpInIp - ok
14:45:12.0648 4072 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:45:12.0648 4072 IPMIDRV - ok
14:45:12.0695 4072 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:45:12.0695 4072 IPNAT - ok
14:45:12.0867 4072 iPod Service (e5efe3910b0edc7639b6890754a7130d) C:\Program Files\iPod\bin\iPodService.exe
14:45:12.0882 4072 iPod Service - ok
14:45:12.0898 4072 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:45:12.0898 4072 IRENUM - ok
14:45:12.0945 4072 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:45:12.0945 4072 isapnp - ok
14:45:12.0991 4072 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
14:45:13.0007 4072 iScsiPrt - ok
14:45:13.0023 4072 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:45:13.0038 4072 iteatapi - ok
14:45:13.0069 4072 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:45:13.0069 4072 iteraid - ok
14:45:13.0116 4072 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:45:13.0116 4072 kbdclass - ok
14:45:13.0147 4072 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
14:45:13.0147 4072 kbdhid - ok
14:45:13.0194 4072 KeyIso (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
14:45:13.0194 4072 KeyIso - ok
14:45:13.0288 4072 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
14:45:13.0303 4072 KSecDD - ok
14:45:13.0381 4072 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:45:13.0397 4072 KtmRm - ok
14:45:13.0475 4072 LanmanServer (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\system32\srvsvc.dll
14:45:13.0491 4072 LanmanServer - ok
14:45:13.0553 4072 LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll
14:45:13.0569 4072 LanmanWorkstation - ok
14:45:13.0725 4072 LightScribeService (9e19a02418c01061f8fe63aea73d27c0) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:45:13.0725 4072 LightScribeService - ok
14:45:13.0771 4072 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
14:45:13.0771 4072 lirsgt - ok
14:45:13.0834 4072 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:45:13.0834 4072 lltdio - ok
14:45:13.0896 4072 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:45:13.0912 4072 lltdsvc - ok
14:45:13.0943 4072 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:45:13.0959 4072 lmhosts - ok
14:45:14.0005 4072 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:45:14.0021 4072 LSI_FC - ok
14:45:14.0037 4072 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:45:14.0052 4072 LSI_SAS - ok
14:45:14.0083 4072 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:45:14.0083 4072 LSI_SCSI - ok
14:45:14.0130 4072 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:45:14.0146 4072 luafv - ok
14:45:14.0208 4072 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
14:45:14.0208 4072 MBAMProtector - ok
14:45:14.0380 4072 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\RelevantKnowledge\mbamservice.exe
14:45:14.0380 4072 Suspicious file (NoAccess): C:\Program Files\RelevantKnowledge\mbamservice.exe. md5: ba400ed640bca1eae5c727ae17c10207
14:45:14.0395 4072 MBAMService ( LockedFile.Multi.Generic ) - warning
14:45:14.0395 4072 MBAMService - detected LockedFile.Multi.Generic (1)
14:45:14.0458 4072 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
14:45:14.0458 4072 MBAMSwissArmy - ok
14:45:14.0505 4072 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:45:14.0505 4072 Mcx2Svc - ok
14:45:14.0551 4072 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:45:14.0551 4072 mdmxsdk - ok
14:45:14.0614 4072 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:45:14.0614 4072 megasas - ok
14:45:14.0707 4072 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:45:14.0723 4072 MegaSR - ok
14:45:14.0754 4072 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:45:14.0754 4072 MMCSS - ok
14:45:14.0801 4072 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:45:14.0801 4072 Modem - ok
14:45:14.0832 4072 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:45:14.0832 4072 monitor - ok
14:45:14.0863 4072 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:45:14.0863 4072 mouclass - ok
14:45:14.0895 4072 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:45:14.0895 4072 mouhid - ok
14:45:14.0926 4072 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:45:14.0941 4072 MountMgr - ok
14:45:15.0004 4072 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:45:15.0004 4072 mpio - ok
14:45:15.0035 4072 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:45:15.0051 4072 mpsdrv - ok
14:45:15.0129 4072 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
14:45:15.0144 4072 MpsSvc - ok
14:45:15.0175 4072 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:45:15.0175 4072 Mraid35x - ok
14:45:15.0222 4072 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
14:45:15.0238 4072 MRxDAV - ok
14:45:15.0285 4072 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:45:15.0285 4072 mrxsmb - ok
14:45:15.0331 4072 mrxsmb10 (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:45:15.0347 4072 mrxsmb10 - ok
14:45:15.0394 4072 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:45:15.0409 4072 mrxsmb20 - ok
14:45:15.0441 4072 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:45:15.0441 4072 msahci - ok
14:45:15.0487 4072 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:45:15.0503 4072 msdsm - ok
14:45:15.0550 4072 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:45:15.0565 4072 MSDTC - ok
14:45:15.0628 4072 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:45:15.0628 4072 Msfs - ok
14:45:15.0659 4072 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:45:15.0659 4072 msisadrv - ok
14:45:15.0721 4072 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:45:15.0721 4072 MSiSCSI - ok
14:45:15.0737 4072 msiserver - ok
14:45:15.0784 4072 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:45:15.0784 4072 MSKSSRV - ok
14:45:15.0799 4072 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:45:15.0799 4072 MSPCLOCK - ok
14:45:15.0815 4072 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:45:15.0815 4072 MSPQM - ok
14:45:15.0877 4072 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
14:45:15.0877 4072 MsRPC - ok
14:45:15.0924 4072 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:45:15.0924 4072 mssmbios - ok
14:45:15.0955 4072 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:45:15.0955 4072 MSTEE - ok
14:45:16.0002 4072 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
14:45:16.0002 4072 Mup - ok
14:45:16.0080 4072 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
14:45:16.0111 4072 napagent - ok
14:45:16.0158 4072 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
14:45:16.0174 4072 NativeWifiP - ok
14:45:16.0470 4072 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS
14:45:16.0470 4072 NAVENG - ok
14:45:16.0891 4072 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS
14:45:16.0985 4072 NAVEX15 - ok
14:45:17.0297 4072 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
14:45:17.0313 4072 NDIS - ok
14:45:17.0344 4072 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:45:17.0344 4072 NdisTapi - ok
14:45:17.0375 4072 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:45:17.0391 4072 Ndisuio - ok
14:45:17.0437 4072 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
14:45:17.0453 4072 NdisWan - ok
14:45:17.0500 4072 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:45:17.0500 4072 NDProxy - ok
14:45:17.0547 4072 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:45:17.0547 4072 NetBIOS - ok
14:45:17.0640 4072 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
14:45:17.0656 4072 netbt - ok
14:45:17.0703 4072 Netlogon (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
14:45:17.0703 4072 Netlogon - ok
14:45:17.0796 4072 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:45:17.0812 4072 Netman - ok
14:45:17.0983 4072 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:45:17.0983 4072 NetMsmqActivator - ok
14:45:18.0015 4072 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:45:18.0015 4072 NetPipeActivator - ok
14:45:18.0077 4072 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:45:18.0108 4072 netprofm - ok
14:45:18.0124 4072 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:45:18.0124 4072 NetTcpActivator - ok
14:45:18.0139 4072 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:45:18.0139 4072 NetTcpPortSharing - ok
14:45:18.0202 4072 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:45:18.0202 4072 nfrd960 - ok
14:45:18.0451 4072 NIS (7c7c59be1a8fc688c7d4cf7349d08861) C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
14:45:18.0451 4072 Suspicious file (NoAccess): C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe. md5: 7c7c59be1a8fc688c7d4cf7349d08861
14:45:18.0467 4072 NIS ( LockedFile.Multi.Generic ) - warning
14:45:18.0467 4072 NIS - detected LockedFile.Multi.Generic (1)
14:45:18.0545 4072 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:45:18.0561 4072 NlaSvc - ok
14:45:18.0592 4072 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
14:45:18.0607 4072 Npfs - ok
14:45:18.0639 4072 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:45:18.0639 4072 nsi - ok
14:45:18.0670 4072 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:45:18.0685 4072 nsiproxy - ok
14:45:18.0904 4072 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
14:45:18.0951 4072 Ntfs - ok
14:45:18.0982 4072 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:45:18.0982 4072 ntrigdigi - ok
14:45:19.0013 4072 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:45:19.0013 4072 Null - ok
14:45:19.0200 4072 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:45:19.0247 4072 NVENETFD - ok
14:45:19.0309 4072 NVHDA (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys
14:45:19.0309 4072 NVHDA - ok
14:45:21.0150 4072 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:45:21.0603 4072 nvlddmkm - ok
14:45:21.0790 4072 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:45:21.0790 4072 nvraid - ok
14:45:21.0852 4072 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
14:45:21.0852 4072 nvsmu - ok
14:45:21.0899 4072 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32
 
Part 2 of Log from TDssKiller:

\drivers\nvstor.sys
14:45:21.0899 4072 nvstor - ok
14:45:21.0977 4072 nvsvc (95df2f6bca8f253517f30cd8d33b5d07) C:\Windows\system32\nvvsvc.exe
14:45:22.0008 4072 nvsvc - ok
14:45:22.0039 4072 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:45:22.0055 4072 nv_agp - ok
14:45:22.0117 4072 NWADI (fc2a8aaa0f3321f41231ede0af1968ae) C:\Windows\system32\DRIVERS\NWADIenum.sys
14:45:22.0117 4072 NWADI - ok
14:45:22.0133 4072 NwlnkFlt - ok
14:45:22.0149 4072 NwlnkFwd - ok
14:45:22.0211 4072 NWUSBCDFIL (224131778c92aee8c13afac5fbff19ca) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
14:45:22.0227 4072 NWUSBCDFIL - ok
14:45:22.0258 4072 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbmdm.sys
14:45:22.0273 4072 NWUSBModem - ok
14:45:22.0289 4072 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser.sys
14:45:22.0305 4072 NWUSBPort - ok
14:45:22.0320 4072 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser2.sys
14:45:22.0320 4072 NWUSBPort2 - ok
14:45:22.0461 4072 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:45:22.0476 4072 odserv - ok
14:45:22.0539 4072 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:45:22.0539 4072 ohci1394 - ok
14:45:22.0585 4072 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:45:22.0585 4072 ose - ok
14:45:22.0679 4072 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
14:45:22.0710 4072 p2pimsvc - ok
14:45:22.0741 4072 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
14:45:22.0757 4072 p2psvc - ok
14:45:22.0788 4072 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:45:22.0804 4072 Parport - ok
14:45:22.0835 4072 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
14:45:22.0835 4072 partmgr - ok
14:45:22.0866 4072 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:45:22.0866 4072 Parvdm - ok
14:45:22.0913 4072 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:45:22.0929 4072 PcaSvc - ok
14:45:22.0960 4072 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
14:45:22.0960 4072 pci - ok
14:45:22.0991 4072 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:45:22.0991 4072 pciide - ok
14:45:23.0038 4072 PCKeeperService - ok
14:45:23.0085 4072 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:45:23.0085 4072 pcmcia - ok
14:45:23.0178 4072 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:45:23.0209 4072 PEAUTH - ok
14:45:23.0397 4072 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:45:23.0443 4072 pla - ok
14:45:23.0599 4072 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
14:45:23.0615 4072 PlugPlay - ok
14:45:23.0740 4072 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
14:45:23.0771 4072 PNRPAutoReg - ok
14:45:23.0787 4072 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
14:45:23.0802 4072 PNRPsvc - ok
14:45:23.0911 4072 PolicyAgent (017fb87911583b00da1581f07cb7e7f2) C:\Windows\System32\ipsecsvc.dll
14:45:23.0927 4072 PolicyAgent - ok
14:45:24.0021 4072 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:45:24.0021 4072 PptpMiniport - ok
14:45:24.0052 4072 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
14:45:24.0052 4072 Processor - ok
14:45:24.0130 4072 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
14:45:24.0145 4072 ProfSvc - ok
14:45:24.0208 4072 ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
14:45:24.0208 4072 ProtectedStorage - ok
14:45:24.0270 4072 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
14:45:24.0286 4072 PSched - ok
14:45:24.0489 4072 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:45:24.0535 4072 ql2300 - ok
14:45:24.0582 4072 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:45:24.0598 4072 ql40xx - ok
14:45:24.0676 4072 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:45:24.0691 4072 QWAVE - ok
14:45:24.0723 4072 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:45:24.0738 4072 QWAVEdrv - ok
14:45:24.0754 4072 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:45:24.0769 4072 RasAcd - ok
14:45:24.0801 4072 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:45:24.0816 4072 RasAuto - ok
14:45:24.0863 4072 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:45:24.0863 4072 Rasl2tp - ok
14:45:24.0941 4072 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
14:45:24.0972 4072 RasMan - ok
14:45:25.0035 4072 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
14:45:25.0050 4072 RasPppoe - ok
14:45:25.0081 4072 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
14:45:25.0097 4072 RasSstp - ok
14:45:25.0159 4072 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
14:45:25.0159 4072 rdbss - ok
14:45:25.0191 4072 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:45:25.0191 4072 RDPCDD - ok
14:45:25.0284 4072 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:45:25.0300 4072 rdpdr - ok
14:45:25.0331 4072 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:45:25.0331 4072 RDPENCDD - ok
14:45:25.0378 4072 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
14:45:25.0393 4072 RDPWD - ok
14:45:25.0518 4072 Recovery Service for Windows (931a23ef1506d1689ea94abcebf60de2) C:\Windows\SMINST\BLService.exe
14:45:25.0534 4072 Recovery Service for Windows - ok
14:45:25.0705 4072 RegFilter (6799a96873bf74f5c640b02ca04aa50c) C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys
14:45:25.0721 4072 RegFilter - ok
14:45:25.0768 4072 RelevantKnowledge - ok
14:45:25.0846 4072 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:45:25.0846 4072 RemoteAccess - ok
14:45:25.0908 4072 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
14:45:25.0924 4072 RemoteRegistry - ok
14:45:26.0033 4072 RichVideo (a376a03cd389715547c17dd745df4a74) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
14:45:26.0049 4072 RichVideo - ok
14:45:26.0095 4072 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:45:26.0095 4072 RpcLocator - ok
14:45:26.0205 4072 RpcSs (33fb1f0193ee2051067441492d56113c) C:\Windows\system32\rpcss.dll
14:45:26.0236 4072 RpcSs - ok
14:45:26.0329 4072 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:45:26.0345 4072 rspndr - ok
14:45:26.0423 4072 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
14:45:26.0423 4072 RTSTOR - ok
14:45:26.0470 4072 SamSs (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
14:45:26.0470 4072 SamSs - ok
14:45:26.0501 4072 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:45:26.0517 4072 sbp2port - ok
14:45:26.0563 4072 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
14:45:26.0579 4072 SCardSvr - ok
14:45:26.0641 4072 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
14:45:26.0641 4072 SCDEmu - ok
14:45:26.0782 4072 Schedule (1d5e99db3c10f4fa034010dc49043ca4) C:\Windows\system32\schedsvc.dll
14:45:26.0813 4072 Schedule - ok
14:45:26.0875 4072 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
14:45:26.0875 4072 SCPolicySvc - ok
14:45:26.0907 4072 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:45:26.0922 4072 SDRSVC - ok
14:45:26.0985 4072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:45:26.0985 4072 secdrv - ok
14:45:27.0031 4072 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:45:27.0031 4072 seclogon - ok
14:45:27.0063 4072 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:45:27.0078 4072 SENS - ok
14:45:27.0125 4072 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:45:27.0125 4072 Serenum - ok
14:45:27.0156 4072 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:45:27.0156 4072 Serial - ok
14:45:27.0172 4072 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:45:27.0172 4072 sermouse - ok
14:45:27.0250 4072 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:45:27.0265 4072 SessionEnv - ok
14:45:27.0281 4072 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:45:27.0281 4072 sffdisk - ok
14:45:27.0297 4072 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:45:27.0297 4072 sffp_mmc - ok
14:45:27.0312 4072 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:45:27.0312 4072 sffp_sd - ok
14:45:27.0328 4072 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:45:27.0343 4072 sfloppy - ok
14:45:27.0437 4072 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:45:27.0453 4072 SharedAccess - ok
14:45:27.0546 4072 ShellHWDetection (27f10f348e508243f6254846f8370d0d) C:\Windows\System32\shsvcs.dll
14:45:27.0562 4072 ShellHWDetection - ok
14:45:27.0562 4072 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:45:27.0577 4072 sisagp - ok
14:45:27.0609 4072 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:45:27.0609 4072 SiSRaid2 - ok
14:45:27.0655 4072 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:45:27.0655 4072 SiSRaid4 - ok
14:45:28.0108 4072 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
14:45:28.0217 4072 slsvc - ok
14:45:28.0467 4072 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
14:45:28.0482 4072 SLUINotify - ok
14:45:28.0560 4072 SmartDefragDriver (cc48f88fe17bb8e5eb6fa1a8a9477006) C:\Windows\system32\Drivers\SmartDefragDriver.sys
14:45:28.0560 4072 SmartDefragDriver - ok
14:45:28.0623 4072 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
14:45:28.0638 4072 Smb - ok
14:45:28.0685 4072 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:45:28.0701 4072 SNMPTRAP - ok
14:45:28.0716 4072 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:45:28.0716 4072 spldr - ok
14:45:28.0763 4072 Spooler (846cdf9a3cf4da9b306adfb7d55ee4c2) C:\Windows\System32\spoolsv.exe
14:45:28.0763 4072 Spooler - ok
14:45:28.0966 4072 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS
14:45:28.0997 4072 SRTSP - ok
14:45:29.0075 4072 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS
14:45:29.0091 4072 SRTSPX - ok
14:45:29.0184 4072 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
14:45:29.0200 4072 srv - ok
14:45:29.0262 4072 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
14:45:29.0262 4072 srv2 - ok
14:45:29.0325 4072 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
14:45:29.0340 4072 srvnet - ok
14:45:29.0403 4072 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:45:29.0418 4072 SSDPSRV - ok
14:45:29.0496 4072 ssfs0bbc (010232855e1903f70bd34afa026543c4) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
14:45:29.0496 4072 ssfs0bbc - ok
14:45:29.0574 4072 sshrmd (1b4edfe8d487277fcbaf6905d255f855) C:\Windows\system32\DRIVERS\sshrmd.sys
14:45:29.0574 4072 sshrmd - ok
14:45:29.0652 4072 ssidrv (72b663021fc7a23ed7241092558fe573) C:\Windows\system32\DRIVERS\ssidrv.sys
14:45:29.0652 4072 ssidrv - ok
14:45:29.0730 4072 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:45:29.0761 4072 SstpSvc - ok
14:45:29.0824 4072 Steam Client Service - ok
14:45:29.0980 4072 Stereo Service (027fc35a5da0bdaa72f63ec9bf3bf117) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:45:29.0995 4072 Stereo Service - ok
14:45:30.0105 4072 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
14:45:30.0136 4072 stisvc - ok
14:45:30.0183 4072 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:45:30.0198 4072 swenum - ok
14:45:30.0276 4072 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
14:45:30.0307 4072 swprv - ok
14:45:30.0323 4072 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:45:30.0323 4072 Symc8xx - ok
14:45:30.0557 4072 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS
14:45:30.0573 4072 SymDS - ok
14:45:30.0791 4072 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS
14:45:30.0822 4072 SymEFA - ok
14:45:30.0885 4072 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:45:30.0900 4072 SymEvent - ok
14:45:30.0994 4072 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS
14:45:30.0994 4072 SymIRON - ok
14:45:31.0134 4072 SYMTDIv (a5fb04f87a9cc3ea6b839fefd6790419) C:\Windows\system32\drivers\NIS\1201000.025\SYMTDIV.SYS
14:45:31.0150 4072 SYMTDIv - ok
14:45:31.0212 4072 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:45:31.0212 4072 Sym_hi - ok
14:45:31.0259 4072 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:45:31.0259 4072 Sym_u3 - ok
14:45:31.0337 4072 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
14:45:31.0353 4072 SynTP - ok
14:45:31.0493 4072 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
14:45:31.0524 4072 SysMain - ok
14:45:31.0571 4072 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:45:31.0587 4072 TabletInputService - ok
14:45:31.0649 4072 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
14:45:31.0665 4072 TapiSrv - ok
14:45:31.0696 4072 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:45:31.0711 4072 TBS - ok
14:45:31.0883 4072 Tcpip (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
14:45:31.0914 4072 Tcpip - ok
14:45:31.0977 4072 Tcpip6 (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
14:45:31.0992 4072 Tcpip6 - ok
14:45:32.0055 4072 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
14:45:32.0055 4072 tcpipreg - ok
14:45:32.0086 4072 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:45:32.0086 4072 TDPIPE - ok
14:45:32.0101 4072 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:45:32.0101 4072 TDTCP - ok
14:45:32.0164 4072 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
14:45:32.0164 4072 tdx - ok
14:45:32.0211 4072 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
14:45:32.0211 4072 TermDD - ok
14:45:32.0320 4072 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
14:45:32.0351 4072 TermService - ok
14:45:32.0413 4072 Themes (27f10f348e508243f6254846f8370d0d) C:\Windows\system32\shsvcs.dll
14:45:32.0429 4072 Themes - ok
14:45:32.0491 4072 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:45:32.0491 4072 THREADORDER - ok
14:45:32.0538 4072 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:45:32.0554 4072 TrkWks - ok
14:45:32.0601 4072 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
14:45:32.0616 4072 TrustedInstaller - ok
14:45:32.0694 4072 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:45:32.0694 4072 tssecsrv - ok
14:45:32.0725 4072 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:45:32.0725 4072 tunmp - ok
14:45:32.0757 4072 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
14:45:32.0772 4072 tunnel - ok
14:45:32.0803 4072 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:45:32.0819 4072 uagp35 - ok
14:45:32.0866 4072 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
14:45:32.0881 4072 udfs - ok
14:45:32.0944 4072 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:45:32.0959 4072 UI0Detect - ok
14:45:32.0991 4072 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:45:33.0006 4072 uliagpkx - ok
14:45:33.0069 4072 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:45:33.0084 4072 uliahci - ok
14:45:33.0131 4072 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:45:33.0147 4072 UlSata - ok
14:45:33.0193 4072 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:45:33.0193 4072 ulsata2 - ok
14:45:33.0225 4072 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:45:33.0225 4072 umbus - ok
14:45:33.0303 4072 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:45:33.0334 4072 upnphost - ok
14:45:33.0490 4072 UrlFilter (115d1fc230548904dea317867c924c4a) C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys
14:45:33.0490 4072 UrlFilter - ok
14:45:33.0521 4072 USBAAPL - ok
14:45:33.0583 4072 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:45:33.0583 4072 usbccgp - ok
14:45:33.0646 4072 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:45:33.0646 4072 usbcir - ok
14:45:33.0708 4072 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
14:45:33.0708 4072 usbehci - ok
14:45:33.0771 4072 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
14:45:33.0786 4072 usbhub - ok
14:45:33.0817 4072 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
14:45:33.0817 4072 usbohci - ok
14:45:33.0849 4072 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
14:45:33.0849 4072 usbprint - ok
14:45:33.0895 4072 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:45:33.0895 4072 USBSTOR - ok
14:45:33.0911 4072 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:45:33.0911 4072 usbuhci - ok
14:45:33.0989 4072 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:45:34.0005 4072 usbvideo - ok
14:45:34.0036 4072 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
14:45:34.0051 4072 UxSms - ok
14:45:34.0129 4072 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
14:45:34.0161 4072 vds - ok
14:45:34.0207 4072 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:45:34.0207 4072 vga - ok
14:45:34.0254 4072 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:45:34.0254 4072 VgaSave - ok
14:45:34.0285 4072 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:45:34.0285 4072 viaagp - ok
14:45:34.0301 4072 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:45:34.0317 4072 ViaC7 - ok
14:45:34.0348 4072 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:45:34.0348 4072 viaide - ok
14:45:34.0473 4072 Viewpoint Manager Service (b1bc5a7fd3c27aef2872cbb53372337f) C:\Program Files\Viewpoint\Common\ViewpointService.exe
14:45:34.0473 4072 Viewpoint Manager Service - ok
14:45:34.0504 4072 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:45:34.0504 4072 volmgr - ok
14:45:34.0597 4072 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
14:45:34.0613 4072 volmgrx - ok
14:45:34.0691 4072 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
14:45:34.0707 4072 volsnap - ok
14:45:34.0769 4072 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:45:34.0769 4072 vsmraid - ok
14:45:35.0003 4072 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
14:45:35.0065 4072 VSS - ok
14:45:35.0143 4072 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
14:45:35.0159 4072 W32Time - ok
14:45:35.0253 4072 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:45:35.0253 4072 WacomPen - ok
14:45:35.0299 4072 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:45:35.0299 4072 Wanarp - ok
14:45:35.0315 4072 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:45:35.0331 4072 Wanarpv6 - ok
14:45:35.0393 4072 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
14:45:35.0393 4072 wanatw - ok
14:45:35.0518 4072 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
14:45:35.0549 4072 wcncsvc - ok
14:45:35.0611 4072 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:45:35.0627 4072 WcsPlugInService - ok
14:45:35.0658 4072 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:45:35.0658 4072 Wd - ok
14:45:35.0752 4072 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:45:35.0783 4072 Wdf01000 - ok
14:45:35.0830 4072 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:45:35.0830 4072 WdiServiceHost - ok
14:45:35.0845 4072 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:45:35.0861 4072 WdiSystemHost - ok
14:45:35.0923 4072 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
14:45:35.0939 4072 WebClient - ok
14:45:36.0781 4072 WebrootSpySweeperService (c821918a1a6ece8255b9efd437d38b4e) C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
14:45:36.0781 4072 Suspicious file (NoAccess): C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe. md5: c821918a1a6ece8255b9efd437d38b4e
14:45:36.0828 4072 WebrootSpySweeperService ( LockedFile.Multi.Generic ) - warning
14:45:36.0828 4072 WebrootSpySweeperService - detected LockedFile.Multi.Generic (1)
14:45:37.0031 4072 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
14:45:37.0047 4072 Wecsvc - ok
14:45:37.0093 4072 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:45:37.0093 4072 wercplsupport - ok
14:45:37.0140 4072 WerSvc (4081288554294f144e5a7d4ee20e3ce6) C:\Windows\System32\WerSvc.dll
14:45:37.0156 4072 WerSvc - ok
14:45:37.0343 4072 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:45:37.0374 4072 winachsf - ok
14:45:37.0499 4072 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:45:37.0515 4072 WinDefend - ok
14:45:37.0546 4072 WinHttpAutoProxySvc - ok
14:45:37.0655 4072 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
14:45:37.0655 4072 Winmgmt - ok
14:45:37.0842 4072 WinRM (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll
14:45:37.0889 4072 WinRM - ok
14:45:38.0029 4072 Wlansvc (4b40ff01db5357299dcbdb5a5746ad21) C:\Windows\System32\wlansvc.dll
14:45:38.0045 4072 Wlansvc - ok
14:45:38.0139 4072 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:45:38.0139 4072 WmiAcpi - ok
14:45:38.0232 4072 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
14:45:38.0248 4072 wmiApSrv - ok
14:45:38.0497 4072 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:45:38.0529 4072 WMPNetworkSvc - ok
14:45:38.0607 4072 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
14:45:38.0622 4072 WPCSvc - ok
14:45:38.0669 4072 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
14:45:38.0685 4072 WPDBusEnum - ok
14:45:38.0763 4072 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
14:45:38.0778 4072 WpdUsb - ok
14:45:39.0043 4072 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:45:39.0059 4072 WPFFontCache_v0400 - ok
14:45:39.0387 4072 WRConsumerService (091bde599fadc61df91150557462de14) C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
14:45:39.0433 4072 WRConsumerService - ok
14:45:39.0621 4072 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:45:39.0621 4072 ws2ifsl - ok
14:45:39.0683 4072 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
14:45:39.0699 4072 wscsvc - ok
14:45:39.0714 4072 WSearch - ok
14:45:40.0057 4072 wuauserv (d79538b67fa641e986855def651e78fe) C:\Windows\system32\wuaueng.dll
14:45:40.0135 4072 wuauserv - ok
14:45:40.0385 4072 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:45:40.0401 4072 WUDFRd - ok
14:45:40.0447 4072 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:45:40.0463 4072 wudfsvc - ok
14:45:40.0510 4072 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
14:45:40.0510 4072 XAudio - ok
14:45:40.0603 4072 XAudioService (31d3da3858c5dd6b58dbc40b0cb5641b) C:\Windows\system32\DRIVERS\xaudio.exe
14:45:40.0619 4072 XAudioService - ok
14:45:40.0713 4072 ZeoScanner (3fb1f9c11af05f2f414f2c5045932d48) C:\Windows\system32\DRIVERS\zeoscanner.sys
14:45:40.0713 4072 ZeoScanner - ok
14:45:40.0759 4072 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:45:41.0056 4072 \Device\Harddisk0\DR0 - ok
14:45:41.0071 4072 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
14:45:41.0087 4072 \Device\Harddisk1\DR1 - ok
14:45:41.0103 4072 Boot (0x1200) (7b9dc6b17defcc2bf85c9035671597bb) \Device\Harddisk0\DR0\Partition0
14:45:41.0118 4072 \Device\Harddisk0\DR0\Partition0 - ok
14:45:41.0134 4072 Boot (0x1200) (e2bdf2114a9bddb2c4fd0f8404926e71) \Device\Harddisk0\DR0\Partition1
14:45:41.0134 4072 \Device\Harddisk0\DR0\Partition1 - ok
14:45:41.0149 4072 Boot (0x1200) (6909c472b4de3157a3088bf9e2c15a74) \Device\Harddisk1\DR1\Partition0
14:45:41.0149 4072 \Device\Harddisk1\DR1\Partition0 - ok
14:45:41.0165 4072 ============================================================
14:45:41.0165 4072 Scan finished
14:45:41.0165 4072 ============================================================
14:45:41.0196 1616 Detected object count: 6
14:45:41.0196 1616 Actual detected object count: 6
14:46:07.0295 1616 C:\Windows\system32\DRIVERS\cdrom.sys - copied to quarantine
14:46:07.0342 1616 C:\Windows\$NtUninstallKB27935$\3549970808\@ - copied to quarantine
14:46:07.0373 1616 C:\Windows\$NtUninstallKB27935$\3549970808\L\qnbwvoto - copied to quarantine
14:46:07.0389 1616 C:\Windows\$NtUninstallKB27935$\3549970808\loader.tlb - copied to quarantine
14:46:07.0404 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@00000001 - copied to quarantine
14:46:07.0435 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@000000c0 - copied to quarantine
14:46:07.0451 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@000000cb - copied to quarantine
14:46:07.0467 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@000000cf - copied to quarantine
14:46:07.0498 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@80000000 - copied to quarantine
14:46:07.0529 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@800000c0 - copied to quarantine
14:46:07.0560 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@800000cb - copied to quarantine
14:46:07.0591 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@800000cf - copied to quarantine
14:46:07.0607 1616 C:\Windows\assembly\GAC_MSIL\desktop.ini - copied to quarantine
14:46:07.0607 1616 C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - copied to quarantine
14:46:07.0623 1616 C:\Users\New 2\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - copied to quarantine
14:46:07.0638 1616 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\cdrom.sys) error 1813
14:46:08.0262 1616 Backup copy found, using it..
14:46:08.0574 1616 C:\Windows\system32\DRIVERS\cdrom.sys - will be cured on reboot
14:46:08.0855 1616 C:\WINDOWS\System32\c_10410.nls - will be deleted on reboot
14:46:11.0398 1616 C:\Windows\$NtUninstallKB27935$\3549970808\@ - will be deleted on reboot
14:46:11.0413 1616 C:\Windows\$NtUninstallKB27935$\3549970808\loader.tlb - will be deleted on reboot
14:46:11.0413 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@00000001 - will be deleted on reboot
14:46:11.0413 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@000000c0 - will be deleted on reboot
14:46:11.0429 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@000000cb - will be deleted on reboot
14:46:11.0429 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@000000cf - will be deleted on reboot
14:46:11.0429 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@80000000 - will be deleted on reboot
14:46:11.0429 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@800000c0 - will be deleted on reboot
14:46:11.0429 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@800000cb - will be deleted on reboot
14:46:11.0445 1616 C:\Windows\$NtUninstallKB27935$\3549970808\U\@800000cf - will be deleted on reboot
14:46:11.0445 1616 C:\Windows\$NtUninstallKB27935$\3734911066 - will be deleted on reboot
14:46:11.0445 1616 C:\Windows\assembly\GAC_MSIL\desktop.ini - will be deleted on reboot
14:46:11.0445 1616 C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - will be deleted on reboot
14:46:11.0445 1616 C:\Users\New 2\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - will be deleted on reboot
14:46:11.0445 1616 cdrom ( Virus.Win32.ZAccess.g ) - User select action: Cure
14:46:11.0507 1616 C:\Windows\2017564883:744996487.exe - copied to quarantine
14:46:11.0507 1616 HKLM\SYSTEM\ControlSet001\services\d3984178 - will be deleted on reboot
14:46:11.0538 1616 HKLM\SYSTEM\ControlSet010\services\d3984178 - will be deleted on reboot
14:46:11.0569 1616 C:\Windows\2017564883:744996487.exe - will be deleted on reboot
14:46:11.0569 1616 d3984178 ( Rootkit.Win32.PMax.gen ) - User select action: Delete
14:46:11.0647 1616 C:\Windows\system32\CBN.dll - copied to quarantine
14:46:11.0647 1616 HKLM\SYSTEM\ControlSet001\services\Exportit - will be deleted on reboot
14:46:11.0647 1616 HKLM\SYSTEM\ControlSet010\services\Exportit - will be deleted on reboot
14:46:11.0663 1616 C:\Windows\system32\CBN.dll - will be deleted on reboot
14:46:11.0663 1616 Exportit ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
14:46:11.0679 1616 MBAMService ( LockedFile.Multi.Generic ) - skipped by user
14:46:11.0679 1616 MBAMService ( LockedFile.Multi.Generic ) - User select action: Skip
14:46:11.0679 1616 NIS ( LockedFile.Multi.Generic ) - skipped by user
14:46:11.0679 1616 NIS ( LockedFile.Multi.Generic ) - User select action: Skip
14:46:11.0694 1616 WebrootSpySweeperService ( LockedFile.Multi.Generic ) - skipped by user
14:46:11.0694 1616 WebrootSpySweeperService ( LockedFile.Multi.Generic ) - User select action: Skip
14:46:23.0238 2804 Deinitialize success
 
DDS worked with no problems. The logs for that are above. TDsskiller worked fine and found around 8 threats. 3 were just locked files of programs I have and were skipped and the rest were deleted or quarantined. The log is above in two parts. I scanned again and the only things that were found were the locked files that were skipped. What should I do next?
 
One more thing I ran TDssKiller after I ran DDS so would you like me to run DDS again to see if tdsskiller made a difference?
 
No.

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

=====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Boot Cleaner Log:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 32-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...
 
aswMBR Log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-25 16:58:41
-----------------------------
16:58:41.586 OS Version: Windows 6.0.6001 Service Pack 1
16:58:41.586 Number of processors: 2 586 0x301
16:58:41.586 ComputerName: LUKEMONEY-PC UserName: New 2
16:58:58.497 Initialize success
17:00:16.814 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
17:00:16.830 Disk 0 Vendor: TOSHIBA_MK2552GSX LV011C Size: 238475MB BusType: 3
17:00:16.861 Disk 0 MBR read successfully
17:00:16.861 Disk 0 MBR scan
17:00:16.877 Disk 0 Windows 7 default MBR code
17:00:16.892 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 228380 MB offset 63
17:00:16.924 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10091 MB offset 467724288
17:00:16.939 Disk 0 scanning sectors +488390656
17:00:17.126 Disk 0 scanning C:\Windows\system32\drivers
17:00:29.045 Service scanning
17:00:58.108 Modules scanning
17:01:38.231 Disk 0 trace - called modules:
17:01:38.262 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:01:38.278 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c91ac8]
17:01:38.808 3 CLASSPNP.SYS[82b67745] -> nt!IofCallDriver -> [0x859e3918]
17:01:38.839 5 acpi.sys[82a0b6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x86353a40]
17:01:38.870 Scan finished successfully
17:01:50.945 Disk 0 MBR has been saved successfully to "C:\Users\New 2\Desktop\MBR.dat"
17:01:51.007 The log file has been saved successfully to "C:\Users\New 2\Desktop\aswMBR.txt"


What next?
 
MalwareBytes now works. Here is the log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.04.08
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19048
New 2 :: LUKEMONEY-PC [administrator]
Protection: Disabled
5/25/2012 5:43:29 PM
mbam-log-2012-05-25 (17-43-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 248804
Time elapsed: 42 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\MBAMService (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEXPLORE.EXE (Spyware.MarketScore) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Malwarebytes' Anti-Malware (Spyware.MarketScore) -> Data: "C:\Program Files\RelevantKnowledge\mbamgui.exe" /starttray -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\Chameleon (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
Files Detected: 83
C:\WINDOWS\System32\elbycdfl.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\oracleorahome92pagingserver.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\CoolerXPDriver.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\harmony.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\mpfservice.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\MRESP50a64.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\napagent.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\NeroMediaHomeService.4.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\nfsds.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\Rawwan.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\rdnaoflsvc.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\roxwatch.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\tcpip6.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\amoagent.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\efs.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HH3Z65KL\MPLSetup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\ (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\changes.rtf (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\license.txt (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\mbam.chm (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\mbam.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\mbam.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\mbamcore.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\mbamgui.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\mbamnet.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\mbamservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\RelevantKnowledge.arc (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\unins000.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\unins000.msg (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\chameleon.chm (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\firefox.com (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\firefox.pif (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\firefox.scr (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\iexplore.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\mbam-chameleon.com (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\mbam-chameleon.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\mbam-chameleon.pif (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\mbam-chameleon.scr (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\mbam-killer.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\rundll32.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\svchost.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Chameleon\winlogon.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\greek.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\arabic.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\bosnian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\bulgarian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\catalan.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\chineseSI.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\chineseTR.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\croatian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\czech.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\danish.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\dutch.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\english.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\estonian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\finnish.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\french.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\german.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\hebrew.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\hungarian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\italian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\latvian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\lithuanian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\macedonian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\norwegian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\polish.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\portugueseBR.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\portuguesePT.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\romanian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\russian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\serbian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\slovak.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\slovenian.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\spanish.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\swedish.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\thai.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\turkish.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\Languages\vietnamese.lng (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
(end)

Is my system clean? What should I do next?
 
Not quite yet, but we're getting there.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
CoboFix ran fine I did not have to use Rkill. Here is the log:

ComboFix 12-05-25.03 - New 2 05/25/2012 20:39:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1969 [GMT -7:00]
Running from: c:\users\New 2\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\windows\$NtUninstallKB27935$\3549970808\L\qnbwvoto
c:\windows\2017564883
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\
c:\windows\system32\cwafadmincontroller.dll
c:\windows\system32\dds_log_ad13.cmd
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\shsvcs.dll.vgorg
c:\windows\system32\themeui.dll.vgorg
c:\windows\system32\uxtheme.dll.vgorg
c:\windows\system32\drivers\ . . . . Failed to delete
.
Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected
Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
Restored copy from - c:\program files\Google\Update\
.
Infected copy of c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe was found and disinfected
Restored copy from - c:\program files\Hewlett-Packard\HP Health Check\
.
Infected copy of c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe was found and disinfected
Restored copy from - c:\program files\Hewlett-Packard\Shared\
.
c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe . . . is infected!!
c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\program files\iPod\bin\
.
Infected copy of c:\program files\Common Files\LightScribe\LSSrvc.exe was found and disinfected
Restored copy from - c:\program files\Common Files\LightScribe\
.
c:\windows\system32\nvvsvc.exe . . . is infected!!
c:\windows\system32\nvvsvc.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\windows\SMINST\BLService.exe . . . is infected!!
c:\windows\SMINST\BLService.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe was found and disinfected
Restored copy from - c:\program files\NVIDIA Corporation\3D Vision\
.
c:\program files\Viewpoint\Common\ViewpointService.exe . . . is infected!!
c:\program files\Viewpoint\Common\ViewpointService.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\windows\system32\DRIVERS\xaudio.exe was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\hpqherzm.inf_8705e467\XAudio.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
-------\Service_PCKeeperService
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 04:18 . 2012-05-26 04:50 -------- d-----w- c:\users\New 2\AppData\Local\temp
2012-05-26 04:18 . 2012-05-26 04:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 04:18 . 2012-05-26 04:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-26 00:42 . 2012-05-26 00:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-25 21:46 . 2012-05-25 21:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-25 20:32 . 2012-05-25 20:44 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-05-25 06:29 . 2012-05-25 06:30 -------- d-----w- c:\program files\ForGayViruses
2012-05-25 05:57 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-25 05:44 . 2012-05-25 05:44 -------- d-----w- c:\users\New 2\AppData\Roaming\Malwarebytes
2012-05-25 05:44 . 2012-05-25 05:44 -------- d-----w- c:\programdata\Malwarebytes
2012-05-05 23:43 . 2012-05-05 23:43 -------- d-----w- c:\program files\Sierra
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-25 21:47 . 2008-01-21 02:23 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-04-05 12:37 . 2012-04-05 12:37 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-08 17:55 . 2011-08-08 17:54 23277339 ----a-w- c:\program files\codeblocks-10.05-setup.exe
2009-03-16 21:36 . 2009-03-16 21:36 1691464 ----a-w- c:\program files\dsetup32.dll
2009-03-16 21:35 . 2009-03-16 21:35 525128 ----a-w- c:\program files\DXSETUP.exe
2009-03-16 21:35 . 2009-03-16 21:35 94024 ----a-w- c:\program files\DSETUP.dll
2012-02-21 16:09 . 2011-04-02 14:48 0 ----a-w- c:\program files\opera\program\plugins\dapop.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2011-07-11 18:13 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 20:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cracked Steam Service"="c:\program files\steam\Cracked Steam.exe" [2011-04-26 337496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GameBooster.exe"="c:\program files\IObit\Game Booster\GameBooster.exe" [2011-10-28 2185560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-15 913752]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Exportit
vnxservice
EACSvrMngr
ifxtcs
Si3132
MTDVC2
AppnApi
dtsrvc
bocdrive
rootmodem
sentinel
roxliveshare9
mcshield
pensup
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-26 04:08]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-26 04:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{64EC8E6B-09C2-473E-8DDC-CD3ED2726172}: NameServer = 205.188.146.145
TCP: Interfaces\{A8EFB6DA-AF84-4C34-A8BF-9501C03258F2}: NameServer = 205.188.146.145
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKU-Default-Run-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
HKU-Default-Run-DownloadAccelerator - c:\program files\DAP\DAP.EXE
HKU-Default-Run-HKCU - c:\windows\System32\install\winchk.exe
HKU-Default-Run-AOL Fast Start - c:\program files\AOL 9.0a\AOL.EXE
HKU-Default-Explorer_Run-Policies - c:\windows\System32\install\winchk.exe
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
SafeBoot-15610563.sys
MSConfigStartUp-Cracked Steam - (no file)
MSConfigStartUp-ehTray - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 21:50
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3319729882-385008171-2775926612-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:95,db,4a,fd,b4,f6,da,34,10,31,95,4c,79,69,73,6a,a6,a3,fe,e2,61,b4,86,
2e,10,90,8d,4e,7a,4a,89,d6,49,e8,5d,52,09,7d,f0,f4,b3,01,b5,25,f2,dc,c9,10,\
"??"=hex:dd,a1,0c,94,ce,1e,e7,50,fe,a5,4a,82,98,89,ca,bb
.
[HKEY_USERS\S-1-5-21-3319729882-385008171-2775926612-1006\Software\SecuROM\License information*]
"datasecu"=hex:51,f5,eb,1b,e0,d2,cd,39,6d,57,da,42,6c,3f,5e,60,37,2e,e5,fd,34,
0f,e4,6a,67,11,d1,1a,98,49,12,06,c3,d3,3d,06,74,be,fd,a7,55,f8,54,81,b3,e7,\
"rkeysecu"=hex:b4,47,27,73,ba,8f,7d,1f,e8,ad,6d,b4,3d,b4,8b,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-05-25 22:01:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 05:01
.
Pre-Run: 41,791,078,400 bytes free
Post-Run: 41,408,897,024 bytes free
.
- - End Of File - - 67D2CA3BA79C56D45D3B5A7E1F1641F8

Whats next Broni?
 
Uninstall Advanced SystemCare 5.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


==================================================================================

Is your Norton in working condition or do I see some leftovers?

Please re-run Combofix one more time.
 
Yup I have not use advanced system care 5 in awhile and I pledged not to use it after you said the same thing to someone on another thread. Also I need the internet to activate norton. The internet could not be used on my laptop when I tried to install a spare copy of norton that my friend had so I could get rid of the viruses. Ok ill run combofix again. Hopefully it will go quicker this time. The last time took 4 hours.
 
Here is the log:

ComboFix 12-05-25.03 - New 2 05/25/2012 23:13:38.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.2255 [GMT -7:00]
Running from: c:\users\New 2\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 06:35 . 2012-05-26 06:40 -------- d-----w- c:\users\New 2\AppData\Local\temp
2012-05-26 06:35 . 2012-05-26 06:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-26 06:35 . 2012-05-26 06:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 00:42 . 2012-05-26 00:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-25 21:46 . 2012-05-25 21:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-25 20:32 . 2012-05-25 20:44 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-05-25 06:29 . 2012-05-25 06:30 -------- d-----w- c:\program files\ForGayViruses
2012-05-25 05:57 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-25 05:44 . 2012-05-25 05:44 -------- d-----w- c:\users\New 2\AppData\Roaming\Malwarebytes
2012-05-25 05:44 . 2012-05-25 05:44 -------- d-----w- c:\programdata\Malwarebytes
2012-05-05 23:43 . 2012-05-05 23:43 -------- d-----w- c:\program files\Sierra
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-25 21:47 . 2008-01-21 02:23 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-04-05 12:37 . 2012-04-05 12:37 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-08 17:55 . 2011-08-08 17:54 23277339 ----a-w- c:\program files\codeblocks-10.05-setup.exe
2009-03-16 21:36 . 2009-03-16 21:36 1691464 ----a-w- c:\program files\dsetup32.dll
2009-03-16 21:35 . 2009-03-16 21:35 525128 ----a-w- c:\program files\DXSETUP.exe
2009-03-16 21:35 . 2009-03-16 21:35 94024 ----a-w- c:\program files\DSETUP.dll
2012-02-21 16:09 . 2011-04-02 14:48 0 ----a-w- c:\program files\opera\program\plugins\dapop.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2011-07-11 18:13 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 20:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cracked Steam Service"="c:\program files\steam\Cracked Steam.exe" [2011-04-26 337496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GameBooster.exe"="c:\program files\IObit\Game Booster\GameBooster.exe" [2011-10-28 2185560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Exportit
vnxservice
EACSvrMngr
ifxtcs
Si3132
MTDVC2
AppnApi
dtsrvc
bocdrive
rootmodem
sentinel
roxliveshare9
mcshield
pensup
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-26 04:08]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-26 04:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{64EC8E6B-09C2-473E-8DDC-CD3ED2726172}: NameServer = 205.188.146.145
TCP: Interfaces\{A8EFB6DA-AF84-4C34-A8BF-9501C03258F2}: NameServer = 205.188.146.145
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 23:40
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3319729882-385008171-2775926612-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:95,db,4a,fd,b4,f6,da,34,10,31,95,4c,79,69,73,6a,a6,a3,fe,e2,61,b4,86,
2e,10,90,8d,4e,7a,4a,89,d6,49,e8,5d,52,09,7d,f0,f4,b3,01,b5,25,f2,dc,c9,10,\
"??"=hex:dd,a1,0c,94,ce,1e,e7,50,fe,a5,4a,82,98,89,ca,bb
.
[HKEY_USERS\S-1-5-21-3319729882-385008171-2775926612-1006\Software\SecuROM\License information*]
"datasecu"=hex:51,f5,eb,1b,e0,d2,cd,39,6d,57,da,42,6c,3f,5e,60,37,2e,e5,fd,34,
0f,e4,6a,67,11,d1,1a,98,49,12,06,c3,d3,3d,06,74,be,fd,a7,55,f8,54,81,b3,e7,\
"rkeysecu"=hex:b4,47,27,73,ba,8f,7d,1f,e8,ad,6d,b4,3d,b4,8b,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-05-25 23:49:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 06:49
ComboFix2.txt 2012-05-26 05:01
.
Pre-Run: 41,519,587,328 bytes free
Post-Run: 41,359,884,288 bytes free
.
- - End Of File - - A89A146C098208CBDF0D68FF819627F2


I want to check my internet but the only internet I have where I live is dial up. Its aol and my laptop does not have a copy of the aol program on it. I have to find the install cd to get it to work. Also combofix said that a virus insterted itself in the tcp/ip stack and that it would try to fix it. It said that the second time too. So I don't know if it will work until I can go to my friends and try on their internet. But the virus was also causing most programs that I installed to give this error when I tried to run them: "Windows cannot access the specified device path, or file. You may not have the appropriate permissions to access this item." All of these programs worked before and never had that error. I checked the permissions then and I had permission to use them. Should I reinstall one of the programs that had that error. Also combofix only took 30 minutes to run this time.
 
Back