Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Google redirects to Happili, Gimmeanswers

Started by DDDuster , Mar 30 2012 08:13 AM

This topic is locked

16 replies to this topic

#1 DDDuster

New Member

Members
9 posts

Posted 30 March 2012 - 08:13 AM

When doing a Google search request I would get redirected to Happili, Gimmeanswers or some other site. I even get a pop-up now and then. This computer is only a month old. I transferred my Norton 360 to this computer via my Norton account a few weeks after I bought it. I was using the free 30 day Norton AV but it never expired prior to me installing the permanent AV Norton 360. Malwarebytes, Super Anti Spyware and my AV couldn't find anything after multiple scans. Your help is appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Chuck at 5:43:42 on 2012-03-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.1264 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\MultiScreen\MultiScreen.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\PROGRA~2\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uStart Page = hxxp://foxnews.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Verizon Media Manager] C:\Program Files (x86)\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe 0
uRun: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{3D9BE19A-BB46-4646-A049-E279433F4D44} : DhcpNameServer = 172.24.1.1
TCP: Interfaces\{E91F8505-3DA3-4064-8B9C-3AD518750CD4} : DhcpNameServer = 192.168.1.1 68.238.64.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-26 652360]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccsvchst.exe [2012-3-23 138232]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-12-18 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-12-18 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-18 2656280]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-19 1157240]
R3 ccSet_N360;Norton 360 Settings Manager;C:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys --> C:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-13 138360]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120329.002\IDSviA64.sys [2012-3-30 488568]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [?]
R3 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [?]
R3 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [?]
R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0601020.00A\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-12-18 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-18 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-18 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\windows\system32\drivers\hitmanpro36.sys --> C:\windows\system32\drivers\hitmanpro36.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-28 19:36:05 -------- d-----w- C:\Program Files\CCleaner
2012-03-28 18:58:51 -------- d-----w- C:\ProgramData\iolo
2012-03-28 18:58:51 -------- d-----w- C:\Program Files (x86)\iolo
2012-03-28 16:19:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-28 15:26:55 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-03-28 12:48:05 75264 ----a-w- C:\windows\SysWow64\unacev2.dll
2012-03-28 12:48:05 153088 ----a-w- C:\windows\SysWow64\UNRAR3.dll
2012-03-27 21:27:40 200976 ----a-w- C:\windows\SysWow64\drivers\tmcomm.sys
2012-03-27 20:27:59 27424 ----a-w- C:\windows\System32\drivers\hitmanpro36.sys
2012-03-27 19:13:23 12872 ----a-w- C:\windows\System32\bootdelete.exe
2012-03-27 18:44:05 -------- d-----w- C:\Users\Chuck\AppData\Roaming\QuickScan
2012-03-27 18:00:18 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-03-27 17:57:43 230952 ----a-w- C:\windows\System32\drivers\PCTSD64.sys
2012-03-27 17:57:43 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-03-27 17:57:20 -------- d-----w- C:\ProgramData\PC Tools
2012-03-27 17:57:19 -------- d-----w- C:\Users\Chuck\AppData\Roaming\TestApp
2012-03-27 17:12:45 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-27 16:36:02 -------- d-----w- C:\Program Files\HitmanPro
2012-03-27 13:22:39 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-27 02:32:13 750488 ----a-w- C:\windows\System32\npdeployJava1.dll
2012-03-27 02:32:13 660368 ----a-w- C:\windows\System32\deployJava1.dll
2012-03-26 22:48:59 -------- d-----w- C:\Users\Chuck\AppData\Local\NPE
2012-03-26 21:34:36 -------- d-----w- C:\Users\Chuck\AppData\Roaming\Malwarebytes
2012-03-26 21:34:29 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-26 21:34:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-26 21:34:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-24 00:44:10 451192 ----a-r- C:\windows\System32\drivers\N360x64\0601020.00A\symds64.sys
2012-03-24 00:44:10 405624 ----a-r- C:\windows\System32\drivers\N360x64\0601020.00A\symnets.sys
2012-03-24 00:44:10 37496 ----a-r- C:\windows\System32\drivers\N360x64\0601020.00A\srtspx64.sys
2012-03-24 00:44:10 1092728 ----a-r- C:\windows\System32\drivers\N360x64\0601020.00A\symefa64.sys
2012-03-24 00:44:09 738936 ----a-r- C:\windows\System32\drivers\N360x64\0601020.00A\srtsp64.sys
2012-03-24 00:44:09 190072 ----a-r- C:\windows\System32\drivers\N360x64\0601020.00A\ironx64.sys
2012-03-24 00:44:09 167048 ----a-r- C:\windows\System32\drivers\N360x64\0601020.00A\ccsetx64.sys
2012-03-24 00:43:52 -------- d-----w- C:\windows\System32\drivers\N360x64\0601020.00A
2012-03-24 00:31:10 -------- d-----w- C:\ProgramData\Book Place
2012-03-23 20:11:09 -------- d-----w- C:\Users\Chuck\AppData\Local\Kjs.AppLife.Update
2012-03-23 20:09:18 -------- d-----w- C:\Users\Chuck\AppData\Roaming\Book Place
2012-03-17 01:58:44 -------- d-----w- C:\Users\Chuck\AppData\Local\Research In Motion
2012-03-17 01:57:53 44032 ----a-w- C:\windows\System32\drivers\RimSerial_AMD64.sys
2012-03-16 22:20:49 -------- d-----w- C:\Program Files (x86)\Amazon
2012-03-16 22:17:50 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-16 22:17:38 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-16 22:17:29 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-16 22:17:21 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-14 10:01:06 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-14 10:01:06 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:01:05 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-14 07:16:45 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-14 07:16:44 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-14 07:16:44 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-14 07:15:57 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-14 07:15:57 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-14 07:15:57 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-14 07:15:56 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-14 07:15:56 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-14 07:15:56 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-14 07:15:56 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-13 16:11:03 -------- d-----w- C:\Users\Chuck\AppData\Roaming\com.desktoplightning.airapp.E46A8636380668D0309964F39136B84A726B34C4.1
2012-03-08 18:21:23 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-08 18:21:23 -------- d-----w- C:\Program Files\Symantec
2012-03-08 18:21:23 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-03-08 18:20:42 -------- d-----w- C:\windows\System32\drivers\N360x64
2012-03-08 18:20:41 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-03-08 18:18:42 -------- d-----w- C:\ProgramData\PCSettings
2012-03-03 05:16:20 -------- d-----w- C:\Users\Chuck\AppData\Local\CrashDumps
.
==================== Find3M ====================
.
2012-03-28 18:56:27 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-02-21 21:16:56 205698 ----a-w- C:\windows\XHeader Uninstaller.exe
2012-02-18 15:16:37 260 ----a-w- C:\windows\SysWow64\cmdVBS.vbs
2012-02-18 15:16:37 256 ----a-w- C:\windows\SysWow64\MSIevent.bat
2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
.
============= FINISH: 5:44:15.01 ===============

Attached Files

Attach.txt 12.32K 1 downloads
Ark.txt 258bytes 0 downloads

BC Ads
BleepingComputer.com

#2 gringo_pr

Bleepin Gringo

Malware Response Team
120,402 posts

Gender:Male
Location:Puerto rico

Posted 31 March 2012 - 02:17 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

#3 DDDuster

New Member

Members
9 posts

Posted 31 March 2012 - 08:51 AM

Thanks for the help. I didn't have any problems running ComboFix with the exception of having to restart my computer due to the error message you described in Note 2. The problem still remains. Monstermarketplace and Happili are still present.
Here is the ComboFix log;

ComboFix 12-03-31.02 - Chuck 03/31/2012 6:29.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.1852 [GMT -7:00]
Running from: c:\users\Chuck\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 13:34 . 2012-03-31 13:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-31 13:34 . 2012-03-31 13:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-28 19:36 . 2012-03-28 19:36 -------- d-----w- c:\program files\CCleaner
2012-03-28 18:58 . 2012-03-28 20:24 -------- d-----w- c:\programdata\iolo
2012-03-28 18:56 . 2012-03-28 18:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-28 18:56 . 2012-03-28 18:56 -------- d-----w- c:\program files (x86)\Java
2012-03-28 16:19 . 2012-03-28 16:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-28 15:26 . 2012-03-28 17:43 -------- d-----w- c:\program files (x86)\Anvisoft
2012-03-28 12:48 . 2003-02-03 02:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-03-28 12:48 . 2002-03-06 07:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-03-27 21:27 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-03-27 20:27 . 2012-03-27 20:42 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-03-27 19:13 . 2012-03-27 19:13 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-27 18:44 . 2012-03-28 14:21 -------- d-----w- c:\users\Chuck\AppData\Roaming\QuickScan
2012-03-27 18:00 . 2012-03-27 18:00 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-27 17:57 . 2012-03-27 19:53 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-27 17:57 . 2012-02-24 17:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-03-27 17:57 . 2012-03-27 19:50 -------- d-----w- c:\programdata\PC Tools
2012-03-27 17:57 . 2012-03-27 17:57 -------- d-----w- c:\users\Chuck\AppData\Roaming\TestApp
2012-03-27 16:36 . 2012-03-27 19:51 -------- d-----w- c:\program files\HitmanPro
2012-03-27 13:22 . 2012-03-27 19:13 -------- d-----w- c:\programdata\HitmanPro
2012-03-27 02:32 . 2012-03-27 02:32 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-27 02:32 . 2012-03-27 02:32 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-27 02:32 . 2012-03-27 02:32 -------- d-----w- c:\program files\Java
2012-03-26 22:48 . 2012-03-28 16:07 -------- d-----w- c:\users\Chuck\AppData\Local\NPE
2012-03-26 21:34 . 2012-03-26 21:34 -------- d-----w- c:\users\Chuck\AppData\Roaming\Malwarebytes
2012-03-26 21:34 . 2012-03-26 21:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 21:34 . 2012-03-26 21:34 -------- d-----w- c:\programdata\Malwarebytes
2012-03-26 21:34 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 00:31 . 2012-03-24 00:31 -------- d-----w- c:\programdata\Book Place
2012-03-23 20:24 . 2012-03-23 20:24 -------- d-----w- c:\users\Public\Book Place
2012-03-23 20:11 . 2012-03-24 00:29 -------- d-----w- c:\users\Chuck\AppData\Local\Kjs.AppLife.Update
2012-03-23 20:09 . 2012-03-24 00:30 -------- d-----w- c:\users\Chuck\AppData\Roaming\Book Place
2012-03-17 01:58 . 2012-03-19 15:39 -------- d-----w- c:\users\Chuck\AppData\Local\Research In Motion
2012-03-17 01:57 . 2011-07-20 21:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-03-16 22:23 . 2012-03-16 22:23 -------- d-----w- c:\users\Chuck\AppData\Roaming\Amazon
2012-03-16 22:20 . 2012-03-16 22:20 -------- d-----w- c:\program files (x86)\Amazon
2012-03-16 22:17 . 2012-03-16 22:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-16 22:17 . 2012-03-16 22:17 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-16 22:17 . 2012-03-16 22:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-16 22:17 . 2012-03-16 22:17 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-14 10:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 10:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 07:16 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:16 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:16 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 07:15 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:15 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:15 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:15 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 07:15 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:15 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 16:11 . 2012-03-13 16:11 -------- d-----w- c:\users\Chuck\AppData\Roaming\com.desktoplightning.airapp.E46A8636380668D0309964F39136B84A726B34C4.1
2012-03-08 18:21 . 2012-03-24 00:44 -------- d-----w- c:\program files\Symantec
2012-03-08 18:21 . 2012-03-24 00:44 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-08 18:21 . 2012-03-08 18:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-03-08 18:20 . 2012-03-26 20:55 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-03-08 18:20 . 2012-03-08 18:20 -------- d-----w- c:\program files (x86)\Norton 360
2012-03-08 18:18 . 2012-03-08 18:18 -------- d-----w- c:\programdata\PCSettings
2012-03-03 05:16 . 2012-03-27 02:46 -------- d-----w- c:\users\Chuck\AppData\Local\CrashDumps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 18:56 . 2011-11-03 12:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-21 21:16 . 2012-02-21 21:16 205698 ----a-w- c:\windows\XHeader Uninstaller.exe
2012-02-18 15:16 . 2012-02-18 15:16 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2012-02-18 15:16 . 2012-02-18 15:16 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
2012-02-12 22:38 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-04 10:44 . 2012-02-14 22:38 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-14 22:38 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-11-02 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-19 39408]
"Verizon Media Manager"="c:\program files (x86)\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" [2012-02-24 1519616]
"MultiScreen"="c:\program files (x86)\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-19 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-03 1157240]
S3 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-14 138360]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120330.002\IDSvia64.sys [2012-03-08 488568]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 05:34]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 05:34]
.
2012-03-31 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-02-26 18:30]
.
2012-03-28 c:\windows\Tasks\WebReg HP Photosmart Premium C309g-m.job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2009-11-18 08:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-07 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-07 392472]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://foxnews.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-24543003.sys
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-31 06:38:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 13:38
.
Pre-Run: 435,606,687,744 bytes free
Post-Run: 435,201,703,936 bytes free
.
- - End Of File - - 145B9188C9984FA9C88407ACDE15EEE3

#4 gringo_pr

Bleepin Gringo

Malware Response Team
120,402 posts

Gender:Male
Location:Puerto rico

Posted 31 March 2012 - 10:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#5 DDDuster

New Member

Members
9 posts

Posted 31 March 2012 - 10:27 AM

Thank you Gringo,

Here are the reports you requested.

08:08:15.0018 3632 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
08:08:15.0550 3632 ============================================================
08:08:15.0550 3632 Current date / time: 2012/03/31 08:08:15.0550
08:08:15.0550 3632 SystemInfo:
08:08:15.0550 3632
08:08:15.0550 3632 OS Version: 6.1.7601 ServicePack: 1.0
08:08:15.0550 3632 Product type: Workstation
08:08:15.0550 3632 ComputerName: CHUCK-PC
08:08:15.0551 3632 UserName: Chuck
08:08:15.0551 3632 Windows directory: C:\windows
08:08:15.0551 3632 System windows directory: C:\windows
08:08:15.0551 3632 Running under WOW64
08:08:15.0551 3632 Processor architecture: Intel x64
08:08:15.0551 3632 Number of processors: 4
08:08:15.0551 3632 Page size: 0x1000
08:08:15.0551 3632 Boot type: Normal boot
08:08:15.0551 3632 ============================================================
08:08:16.0081 3632 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:08:16.0092 3632 \Device\Harddisk0\DR0:
08:08:16.0093 3632 MBR used
08:08:16.0093 3632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38261000
08:08:16.0126 3632 Initialize success
08:08:16.0126 3632 ============================================================
08:12:00.0205 5300 ============================================================
08:12:00.0205 5300 Scan started
08:12:00.0205 5300 Mode: Manual;
08:12:00.0205 5300 ============================================================
08:12:00.0485 5300 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
08:12:00.0485 5300 1394ohci - ok
08:12:00.0673 5300 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
08:12:00.0673 5300 ACPI - ok
08:12:00.0782 5300 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
08:12:00.0782 5300 AcpiPmi - ok
08:12:00.0922 5300 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
08:12:00.0938 5300 adp94xx - ok
08:12:01.0063 5300 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
08:12:01.0063 5300 adpahci - ok
08:12:01.0187 5300 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
08:12:01.0187 5300 adpu320 - ok
08:12:01.0250 5300 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
08:12:01.0250 5300 AeLookupSvc - ok
08:12:01.0390 5300 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
08:12:01.0390 5300 AFD - ok
08:12:01.0499 5300 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
08:12:01.0515 5300 agp440 - ok
08:12:01.0577 5300 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
08:12:01.0577 5300 ALG - ok
08:12:01.0671 5300 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
08:12:01.0671 5300 aliide - ok
08:12:01.0687 5300 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
08:12:01.0687 5300 amdide - ok
08:12:01.0811 5300 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
08:12:01.0811 5300 AmdK8 - ok
08:12:01.0843 5300 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
08:12:01.0843 5300 AmdPPM - ok
08:12:01.0952 5300 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
08:12:01.0952 5300 amdsata - ok
08:12:01.0999 5300 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
08:12:01.0999 5300 amdsbs - ok
08:12:02.0077 5300 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
08:12:02.0077 5300 amdxata - ok
08:12:02.0170 5300 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
08:12:02.0186 5300 AppID - ok
08:12:02.0233 5300 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
08:12:02.0233 5300 AppIDSvc - ok
08:12:02.0326 5300 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
08:12:02.0342 5300 Appinfo - ok
08:12:02.0435 5300 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
08:12:02.0451 5300 arc - ok
08:12:02.0467 5300 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
08:12:02.0467 5300 arcsas - ok
08:12:02.0623 5300 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:12:02.0623 5300 aspnet_state - ok
08:12:02.0716 5300 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
08:12:02.0716 5300 AsyncMac - ok
08:12:02.0747 5300 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
08:12:02.0747 5300 atapi - ok
08:12:02.0857 5300 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
08:12:02.0857 5300 AudioEndpointBuilder - ok
08:12:02.0888 5300 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
08:12:02.0888 5300 AudioSrv - ok
08:12:02.0981 5300 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
08:12:02.0981 5300 AxInstSV - ok
08:12:03.0153 5300 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
08:12:03.0169 5300 b06bdrv - ok
08:12:03.0325 5300 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
08:12:03.0325 5300 b57nd60a - ok
08:12:03.0418 5300 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
08:12:03.0418 5300 BDESVC - ok
08:12:03.0481 5300 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
08:12:03.0496 5300 Beep - ok
08:12:03.0621 5300 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
08:12:03.0637 5300 BFE - ok
08:12:03.0824 5300 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
08:12:03.0839 5300 BHDrvx64 - ok
08:12:03.0933 5300 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
08:12:03.0949 5300 BITS - ok
08:12:04.0042 5300 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
08:12:04.0042 5300 blbdrive - ok
08:12:04.0136 5300 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
08:12:04.0136 5300 bowser - ok
08:12:04.0229 5300 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
08:12:04.0229 5300 BrFiltLo - ok
08:12:04.0261 5300 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
08:12:04.0261 5300 BrFiltUp - ok
08:12:04.0354 5300 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
08:12:04.0370 5300 BridgeMP - ok
08:12:04.0448 5300 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
08:12:04.0463 5300 Browser - ok
08:12:04.0510 5300 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
08:12:04.0510 5300 Brserid - ok
08:12:04.0604 5300 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
08:12:04.0604 5300 BrSerWdm - ok
08:12:04.0697 5300 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
08:12:04.0697 5300 BrUsbMdm - ok
08:12:04.0744 5300 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
08:12:04.0744 5300 BrUsbSer - ok
08:12:04.0822 5300 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
08:12:04.0822 5300 BTHMODEM - ok
08:12:04.0931 5300 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
08:12:04.0931 5300 bthserv - ok
08:12:05.0056 5300 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys
08:12:05.0072 5300 ccSet_N360 - ok
08:12:05.0181 5300 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
08:12:05.0197 5300 cdfs - ok
08:12:05.0290 5300 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
08:12:05.0306 5300 cdrom - ok
08:12:05.0384 5300 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
08:12:05.0384 5300 CertPropSvc - ok
08:12:05.0431 5300 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
08:12:05.0431 5300 circlass - ok
08:12:05.0524 5300 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
08:12:05.0540 5300 CLFS - ok
08:12:05.0649 5300 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:12:05.0649 5300 clr_optimization_v2.0.50727_32 - ok
08:12:05.0696 5300 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:12:05.0711 5300 clr_optimization_v2.0.50727_64 - ok
08:12:05.0836 5300 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:12:05.0836 5300 clr_optimization_v4.0.30319_32 - ok
08:12:05.0992 5300 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:12:05.0992 5300 clr_optimization_v4.0.30319_64 - ok
08:12:06.0086 5300 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
08:12:06.0086 5300 CmBatt - ok
08:12:06.0101 5300 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
08:12:06.0117 5300 cmdide - ok
08:12:06.0211 5300 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
08:12:06.0211 5300 CNG - ok
08:12:06.0320 5300 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
08:12:06.0320 5300 Compbatt - ok
08:12:06.0413 5300 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
08:12:06.0413 5300 CompositeBus - ok
08:12:06.0445 5300 COMSysApp - ok
08:12:06.0460 5300 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
08:12:06.0460 5300 crcdisk - ok
08:12:06.0554 5300 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
08:12:06.0554 5300 CryptSvc - ok
08:12:06.0616 5300 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
08:12:06.0616 5300 DcomLaunch - ok
08:12:06.0694 5300 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
08:12:06.0710 5300 defragsvc - ok
08:12:06.0803 5300 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
08:12:06.0803 5300 DfsC - ok
08:12:06.0881 5300 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
08:12:06.0897 5300 Dhcp - ok
08:12:06.0944 5300 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
08:12:06.0944 5300 discache - ok
08:12:07.0037 5300 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
08:12:07.0037 5300 Disk - ok
08:12:07.0069 5300 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
08:12:07.0084 5300 Dnscache - ok
08:12:07.0209 5300 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
08:12:07.0225 5300 dot3svc - ok
08:12:07.0240 5300 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
08:12:07.0256 5300 DPS - ok
08:12:07.0334 5300 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
08:12:07.0334 5300 drmkaud - ok
08:12:07.0396 5300 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
08:12:07.0412 5300 DXGKrnl - ok
08:12:07.0490 5300 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
08:12:07.0490 5300 EapHost - ok
08:12:07.0615 5300 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
08:12:07.0646 5300 ebdrv - ok
08:12:07.0739 5300 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
08:12:07.0755 5300 eeCtrl - ok
08:12:07.0833 5300 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
08:12:07.0833 5300 EFS - ok
08:12:07.0911 5300 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
08:12:07.0911 5300 ehRecvr - ok
08:12:08.0020 5300 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
08:12:08.0020 5300 ehSched - ok
08:12:08.0114 5300 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
08:12:08.0129 5300 elxstor - ok
08:12:08.0223 5300 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:12:08.0223 5300 EraserUtilRebootDrv - ok
08:12:08.0317 5300 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
08:12:08.0317 5300 ErrDev - ok
08:12:08.0426 5300 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
08:12:08.0441 5300 EventSystem - ok
08:12:08.0519 5300 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
08:12:08.0535 5300 exfat - ok
08:12:08.0551 5300 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
08:12:08.0566 5300 fastfat - ok
08:12:08.0660 5300 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
08:12:08.0675 5300 Fax - ok
08:12:08.0753 5300 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
08:12:08.0753 5300 fdc - ok
08:12:08.0847 5300 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
08:12:08.0863 5300 fdPHost - ok
08:12:08.0878 5300 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
08:12:08.0878 5300 FDResPub - ok
08:12:08.0972 5300 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
08:12:08.0972 5300 FileInfo - ok
08:12:09.0003 5300 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
08:12:09.0003 5300 Filetrace - ok
08:12:09.0081 5300 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
08:12:09.0081 5300 flpydisk - ok
08:12:09.0268 5300 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
08:12:09.0268 5300 FltMgr - ok
08:12:09.0393 5300 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
08:12:09.0409 5300 FontCache - ok
08:12:09.0502 5300 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:12:09.0502 5300 FontCache3.0.0.0 - ok
08:12:09.0565 5300 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
08:12:09.0565 5300 FsDepends - ok
08:12:09.0643 5300 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
08:12:09.0643 5300 Fs_Rec - ok
08:12:09.0689 5300 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
08:12:09.0689 5300 fvevol - ok
08:12:09.0783 5300 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
08:12:09.0783 5300 gagp30kx - ok
08:12:09.0877 5300 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
08:12:09.0877 5300 GamesAppService - ok
08:12:10.0001 5300 GFNEXSrv (fa07ec01952729ddddc5bf4bae06b09e) C:\Windows\System32\GFNEXSrv.exe
08:12:10.0001 5300 GFNEXSrv - ok
08:12:10.0111 5300 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
08:12:10.0126 5300 gpsvc - ok
08:12:10.0204 5300 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:12:10.0220 5300 gupdate - ok
08:12:10.0220 5300 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:12:10.0220 5300 gupdatem - ok
08:12:10.0235 5300 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:12:10.0251 5300 gusvc - ok
08:12:10.0329 5300 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
08:12:10.0329 5300 hcw85cir - ok
08:12:10.0376 5300 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
08:12:10.0391 5300 HdAudAddService - ok
08:12:10.0469 5300 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
08:12:10.0469 5300 HDAudBus - ok
08:12:10.0563 5300 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
08:12:10.0563 5300 HidBatt - ok
08:12:10.0594 5300 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
08:12:10.0594 5300 HidBth - ok
08:12:10.0672 5300 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
08:12:10.0672 5300 HidIr - ok
08:12:10.0719 5300 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
08:12:10.0735 5300 hidserv - ok
08:12:10.0828 5300 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
08:12:10.0828 5300 HidUsb - ok
08:12:10.0953 5300 hitmanpro35 (c2e487f2caeffd950e55e0b727612f7e) C:\windows\system32\drivers\hitmanpro36.sys
08:12:10.0953 5300 hitmanpro35 - ok
08:12:11.0000 5300 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
08:12:11.0015 5300 hkmsvc - ok
08:12:11.0062 5300 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
08:12:11.0078 5300 HomeGroupListener - ok
08:12:11.0187 5300 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
08:12:11.0187 5300 HomeGroupProvider - ok
08:12:11.0296 5300 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
08:12:11.0296 5300 hpqcxs08 - ok
08:12:11.0452 5300 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
08:12:11.0452 5300 hpqddsvc - ok
08:12:11.0546 5300 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
08:12:11.0546 5300 HpSAMD - ok
08:12:11.0702 5300 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
08:12:11.0717 5300 HPSLPSVC - ok
08:12:11.0858 5300 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
08:12:11.0873 5300 HTTP - ok
08:12:11.0951 5300 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
08:12:11.0951 5300 hwpolicy - ok
08:12:12.0061 5300 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
08:12:12.0061 5300 i8042prt - ok
08:12:12.0170 5300 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
08:12:12.0170 5300 iaStor - ok
08:12:12.0279 5300 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
08:12:12.0279 5300 iaStorV - ok
08:12:12.0388 5300 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:12:12.0404 5300 idsvc - ok
08:12:12.0575 5300 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120330.002\IDSvia64.sys
08:12:12.0591 5300 IDSVia64 - ok
08:12:12.0919 5300 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys
08:12:13.0184 5300 igfx - ok
08:12:13.0309 5300 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
08:12:13.0309 5300 IHA_MessageCenter - ok
08:12:13.0402 5300 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
08:12:13.0402 5300 iirsp - ok
08:12:13.0465 5300 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
08:12:13.0465 5300 IKEEXT - ok
08:12:13.0652 5300 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\windows\system32\drivers\RTKVHD64.sys
08:12:13.0667 5300 IntcAzAudAddService - ok
08:12:13.0761 5300 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
08:12:13.0777 5300 IntcDAud - ok
08:12:13.0808 5300 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
08:12:13.0808 5300 intelide - ok
08:12:13.0901 5300 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
08:12:13.0901 5300 intelppm - ok
08:12:13.0979 5300 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
08:12:13.0979 5300 IPBusEnum - ok
08:12:14.0026 5300 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:12:14.0026 5300 IpFilterDriver - ok
08:12:14.0104 5300 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
08:12:14.0120 5300 iphlpsvc - ok
08:12:14.0167 5300 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
08:12:14.0167 5300 IPMIDRV - ok
08:12:14.0245 5300 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
08:12:14.0245 5300 IPNAT - ok
08:12:14.0307 5300 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
08:12:14.0307 5300 IRENUM - ok
08:12:14.0401 5300 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
08:12:14.0401 5300 isapnp - ok
08:12:14.0416 5300 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
08:12:14.0432 5300 iScsiPrt - ok
08:12:14.0525 5300 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
08:12:14.0525 5300 kbdclass - ok
08:12:14.0572 5300 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
08:12:14.0572 5300 kbdhid - ok
08:12:14.0635 5300 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
08:12:14.0635 5300 KeyIso - ok
08:12:14.0681 5300 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
08:12:14.0681 5300 KSecDD - ok
08:12:14.0759 5300 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
08:12:14.0759 5300 KSecPkg - ok
08:12:14.0853 5300 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
08:12:14.0853 5300 ksthunk - ok
08:12:14.0884 5300 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
08:12:14.0900 5300 KtmRm - ok
08:12:14.0993 5300 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
08:12:15.0009 5300 LanmanServer - ok
08:12:15.0103 5300 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
08:12:15.0118 5300 LanmanWorkstation - ok
08:12:15.0227 5300 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
08:12:15.0227 5300 lltdio - ok
08:12:15.0290 5300 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
08:12:15.0305 5300 lltdsvc - ok
08:12:15.0352 5300 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
08:12:15.0352 5300 lmhosts - ok
08:12:15.0461 5300 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:12:15.0461 5300 LMS - ok
08:12:15.0555 5300 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
08:12:15.0555 5300 LSI_FC - ok
08:12:15.0649 5300 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
08:12:15.0664 5300 LSI_SAS - ok
08:12:15.0680 5300 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
08:12:15.0680 5300 LSI_SAS2 - ok
08:12:15.0789 5300 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
08:12:15.0789 5300 LSI_SCSI - ok
08:12:15.0883 5300 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
08:12:15.0883 5300 luafv - ok
08:12:15.0976 5300 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
08:12:15.0976 5300 MBAMProtector - ok
08:12:16.0054 5300 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:12:16.0070 5300 MBAMService - ok
08:12:16.0148 5300 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
08:12:16.0148 5300 Mcx2Svc - ok
08:12:16.0210 5300 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
08:12:16.0210 5300 megasas - ok
08:12:16.0304 5300 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
08:12:16.0319 5300 MegaSR - ok
08:12:16.0413 5300 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
08:12:16.0413 5300 MEIx64 - ok
08:12:16.0475 5300 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
08:12:16.0491 5300 MMCSS - ok
08:12:16.0538 5300 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
08:12:16.0538 5300 Modem - ok
08:12:16.0631 5300 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
08:12:16.0631 5300 monitor - ok
08:12:16.0741 5300 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
08:12:16.0741 5300 mouclass - ok
08:12:16.0834 5300 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
08:12:16.0834 5300 mouhid - ok
08:12:16.0912 5300 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
08:12:16.0928 5300 mountmgr - ok
08:12:16.0959 5300 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
08:12:16.0959 5300 mpio - ok
08:12:17.0053 5300 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
08:12:17.0053 5300 mpsdrv - ok
08:12:17.0209 5300 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
08:12:17.0224 5300 MpsSvc - ok
08:12:17.0287 5300 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
08:12:17.0287 5300 MRxDAV - ok
08:12:17.0396 5300 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
08:12:17.0396 5300 mrxsmb - ok
08:12:17.0474 5300 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:12:17.0474 5300 mrxsmb10 - ok
08:12:17.0489 5300 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:12:17.0505 5300 mrxsmb20 - ok
08:12:17.0521 5300 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
08:12:17.0521 5300 msahci - ok
08:12:17.0552 5300 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
08:12:17.0552 5300 msdsm - ok
08:12:17.0630 5300 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
08:12:17.0630 5300 MSDTC - ok
08:12:17.0692 5300 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
08:12:17.0708 5300 Msfs - ok
08:12:17.0801 5300 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
08:12:17.0801 5300 mshidkmdf - ok
08:12:17.0817 5300 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
08:12:17.0817 5300 msisadrv - ok
08:12:17.0911 5300 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
08:12:17.0911 5300 MSiSCSI - ok
08:12:17.0926 5300 msiserver - ok
08:12:17.0989 5300 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
08:12:17.0989 5300 MSKSSRV - ok
08:12:18.0067 5300 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
08:12:18.0067 5300 MSPCLOCK - ok
08:12:18.0176 5300 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
08:12:18.0176 5300 MSPQM - ok
08:12:18.0207 5300 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
08:12:18.0223 5300 MsRPC - ok
08:12:18.0301 5300 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
08:12:18.0301 5300 mssmbios - ok
08:12:18.0410 5300 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
08:12:18.0410 5300 MSTEE - ok
08:12:18.0488 5300 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
08:12:18.0503 5300 MTConfig - ok
08:12:18.0581 5300 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
08:12:18.0581 5300 Mup - ok
08:12:18.0800 5300 N360 (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
08:12:18.0800 5300 N360 - ok
08:12:18.0893 5300 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
08:12:18.0893 5300 napagent - ok
08:12:19.0003 5300 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
08:12:19.0018 5300 NativeWifiP - ok
08:12:19.0190 5300 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120330.036\ENG64.SYS
08:12:19.0190 5300 NAVENG - ok
08:12:19.0439 5300 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120330.036\EX64.SYS
08:12:19.0455 5300 NAVEX15 - ok
08:12:19.0564 5300 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
08:12:19.0580 5300 NDIS - ok
08:12:19.0673 5300 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
08:12:19.0673 5300 NdisCap - ok
08:12:19.0767 5300 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
08:12:19.0767 5300 NdisTapi - ok
08:12:19.0876 5300 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
08:12:19.0876 5300 Ndisuio - ok
08:12:19.0892 5300 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
08:12:19.0907 5300 NdisWan - ok
08:12:19.0923 5300 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
08:12:19.0923 5300 NDProxy - ok
08:12:20.0001 5300 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
08:12:20.0001 5300 NetBIOS - ok
08:12:20.0095 5300 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
08:12:20.0110 5300 NetBT - ok
08:12:20.0188 5300 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
08:12:20.0188 5300 Netlogon - ok
08:12:20.0251 5300 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
08:12:20.0266 5300 Netman - ok
08:12:20.0422 5300 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:12:20.0422 5300 NetMsmqActivator - ok
08:12:20.0438 5300 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:12:20.0438 5300 NetPipeActivator - ok
08:12:20.0531 5300 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
08:12:20.0547 5300 netprofm - ok
08:12:20.0703 5300 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:12:20.0703 5300 NetTcpActivator - ok
08:12:20.0703 5300 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:12:20.0703 5300 NetTcpPortSharing - ok
08:12:20.0812 5300 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
08:12:20.0812 5300 nfrd960 - ok
08:12:20.0906 5300 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
08:12:20.0921 5300 NlaSvc - ok
08:12:20.0984 5300 Norton PC Checkup Application Launcher - ok
08:12:21.0062 5300 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
08:12:21.0077 5300 Npfs - ok
08:12:21.0187 5300 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
08:12:21.0187 5300 nsi - ok
08:12:21.0296 5300 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
08:12:21.0296 5300 nsiproxy - ok
08:12:21.0514 5300 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
08:12:21.0530 5300 Ntfs - ok
08:12:21.0623 5300 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
08:12:21.0623 5300 Null - ok
08:12:21.0717 5300 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
08:12:21.0733 5300 nvraid - ok
08:12:21.0826 5300 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
08:12:21.0826 5300 nvstor - ok
08:12:21.0920 5300 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
08:12:21.0935 5300 nv_agp - ok
08:12:22.0045 5300 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:12:22.0060 5300 odserv - ok
08:12:22.0138 5300 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
08:12:22.0138 5300 ohci1394 - ok
08:12:22.0216 5300 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:12:22.0232 5300 ose - ok
08:12:22.0325 5300 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
08:12:22.0341 5300 p2pimsvc - ok
08:12:22.0372 5300 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
08:12:22.0388 5300 p2psvc - ok
08:12:22.0481 5300 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
08:12:22.0481 5300 Parport - ok
08:12:22.0559 5300 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
08:12:22.0559 5300 partmgr - ok
08:12:22.0637 5300 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
08:12:22.0637 5300 PcaSvc - ok
08:12:22.0731 5300 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
08:12:22.0731 5300 PCCUJobMgr - ok
08:12:22.0840 5300 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
08:12:22.0840 5300 pci - ok
08:12:22.0934 5300 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
08:12:22.0934 5300 pciide - ok
08:12:23.0012 5300 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
08:12:23.0027 5300 pcmcia - ok
08:12:23.0059 5300 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
08:12:23.0059 5300 pcw - ok
08:12:23.0137 5300 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
08:12:23.0183 5300 PEAUTH - ok
08:12:23.0324 5300 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
08:12:23.0324 5300 PerfHost - ok
08:12:23.0402 5300 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
08:12:23.0402 5300 PGEffect - ok
08:12:23.0495 5300 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
08:12:23.0527 5300 pla - ok
08:12:23.0636 5300 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
08:12:23.0651 5300 PlugPlay - ok
08:12:23.0698 5300 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
08:12:23.0698 5300 PNRPAutoReg - ok
08:12:23.0776 5300 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
08:12:23.0776 5300 PNRPsvc - ok
08:12:23.0823 5300 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
08:12:23.0839 5300 PolicyAgent - ok
08:12:23.0932 5300 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
08:12:23.0932 5300 Power - ok
08:12:24.0026 5300 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
08:12:24.0026 5300 PptpMiniport - ok
08:12:24.0119 5300 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
08:12:24.0119 5300 Processor - ok
08:12:24.0213 5300 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
08:12:24.0229 5300 ProfSvc - ok
08:12:24.0244 5300 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
08:12:24.0260 5300 ProtectedStorage - ok
08:12:24.0338 5300 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
08:12:24.0338 5300 Psched - ok
08:12:24.0463 5300 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
08:12:24.0478 5300 ql2300 - ok
08:12:24.0587 5300 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
08:12:24.0587 5300 ql40xx - ok
08:12:24.0665 5300 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
08:12:24.0665 5300 QWAVE - ok
08:12:24.0728 5300 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
08:12:24.0728 5300 QWAVEdrv - ok
08:12:24.0790 5300 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
08:12:24.0790 5300 RasAcd - ok
08:12:24.0853 5300 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
08:12:24.0853 5300 RasAgileVpn - ok
08:12:24.0931 5300 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
08:12:24.0931 5300 RasAuto - ok
08:12:24.0993 5300 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
08:12:24.0993 5300 Rasl2tp - ok
08:12:25.0071 5300 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
08:12:25.0087 5300 RasMan - ok
08:12:25.0180 5300 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
08:12:25.0180 5300 RasPppoe - ok
08:12:25.0289 5300 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
08:12:25.0289 5300 RasSstp - ok
08:12:25.0445 5300 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
08:12:25.0461 5300 rdbss - ok
08:12:25.0555 5300 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
08:12:25.0555 5300 rdpbus - ok
08:12:25.0633 5300 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
08:12:25.0633 5300 RDPCDD - ok
08:12:25.0726 5300 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
08:12:25.0726 5300 RDPENCDD - ok
08:12:25.0820 5300 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
08:12:25.0820 5300 RDPREFMP - ok
08:12:25.0913 5300 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
08:12:25.0913 5300 RDPWD - ok
08:12:26.0023 5300 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
08:12:26.0023 5300 rdyboost - ok
08:12:26.0069 5300 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
08:12:26.0069 5300 RemoteAccess - ok
08:12:26.0147 5300 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
08:12:26.0147 5300 RemoteRegistry - ok
08:12:26.0225 5300 RimUsb - ok
08:12:26.0288 5300 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
08:12:26.0288 5300 RimVSerPort - ok
08:12:26.0366 5300 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
08:12:26.0381 5300 ROOTMODEM - ok
08:12:26.0459 5300 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
08:12:26.0459 5300 RpcEptMapper - ok
08:12:26.0491 5300 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
08:12:26.0506 5300 RpcLocator - ok
08:12:26.0584 5300 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\System32\rpcss.dll
08:12:26.0584 5300 RpcSs - ok
08:12:26.0678 5300 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
08:12:26.0678 5300 rspndr - ok
08:12:26.0787 5300 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
08:12:26.0787 5300 RSUSBSTOR - ok
08:12:26.0881 5300 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
08:12:26.0896 5300 RTL8167 - ok
08:12:27.0005 5300 RTL8192Ce (e7d79600575f755614dd5d79b044d588) C:\windows\system32\DRIVERS\rtl8192Ce.sys
08:12:27.0037 5300 RTL8192Ce - ok
08:12:27.0115 5300 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
08:12:27.0115 5300 SamSs - ok
08:12:27.0193 5300 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
08:12:27.0193 5300 sbp2port - ok
08:12:27.0239 5300 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
08:12:27.0239 5300 SCardSvr - ok
08:12:27.0317 5300 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
08:12:27.0317 5300 scfilter - ok
08:12:27.0395 5300 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
08:12:27.0411 5300 Schedule - ok
08:12:27.0489 5300 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
08:12:27.0505 5300 SCPolicySvc - ok
08:12:27.0536 5300 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
08:12:27.0551 5300 SDRSVC - ok
08:12:27.0645 5300 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
08:12:27.0645 5300 secdrv - ok
08:12:27.0723 5300 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
08:12:27.0723 5300 seclogon - ok
08:12:27.0754 5300 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
08:12:27.0754 5300 SENS - ok
08:12:27.0848 5300 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
08:12:27.0848 5300 SensrSvc - ok
08:12:27.0910 5300 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
08:12:27.0910 5300 Serenum - ok
08:12:28.0004 5300 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
08:12:28.0019 5300 Serial - ok
08:12:28.0097 5300 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
08:12:28.0097 5300 sermouse - ok
08:12:28.0207 5300 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
08:12:28.0207 5300 SessionEnv - ok
08:12:28.0253 5300 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
08:12:28.0253 5300 sffdisk - ok
08:12:28.0316 5300 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
08:12:28.0316 5300 sffp_mmc - ok
08:12:28.0331 5300 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
08:12:28.0331 5300 sffp_sd - ok
08:12:28.0378 5300 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
08:12:28.0394 5300 sfloppy - ok
08:12:28.0472 5300 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
08:12:28.0487 5300 SharedAccess - ok
08:12:28.0534 5300 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
08:12:28.0534 5300 ShellHWDetection - ok
08:12:28.0643 5300 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
08:12:28.0643 5300 SiSRaid2 - ok
08:12:28.0721 5300 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
08:12:28.0737 5300 SiSRaid4 - ok
08:12:28.0831 5300 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
08:12:28.0831 5300 Smb - ok
08:12:28.0924 5300 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
08:12:28.0924 5300 SNMPTRAP - ok
08:12:28.0987 5300 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
08:12:28.0987 5300 spldr - ok
08:12:29.0080 5300 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
08:12:29.0096 5300 Spooler - ok
08:12:29.0205 5300 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
08:12:29.0252 5300 sppsvc - ok
08:12:29.0314 5300 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
08:12:29.0330 5300 sppuinotify - ok
08:12:29.0439 5300 SRTSP (4d56f175f76c685a06471800a03219b2) C:\windows\System32\Drivers\N360x64\0601020.00A\SRTSP64.SYS
08:12:29.0439 5300 SRTSP - ok
08:12:29.0548 5300 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\windows\system32\drivers\N360x64\0601020.00A\SRTSPX64.SYS
08:12:29.0548 5300 SRTSPX - ok
08:12:29.0657 5300 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
08:12:29.0657 5300 srv - ok
08:12:29.0751 5300 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
08:12:29.0767 5300 srv2 - ok
08:12:29.0860 5300 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
08:12:29.0860 5300 srvnet - ok
08:12:29.0954 5300 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
08:12:29.0954 5300 SSDPSRV - ok
08:12:29.0969 5300 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
08:12:29.0985 5300 SstpSvc - ok
08:12:30.0079 5300 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
08:12:30.0079 5300 stexstor - ok
08:12:30.0172 5300 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
08:12:30.0172 5300 StillCam - ok
08:12:30.0250 5300 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
08:12:30.0266 5300 stisvc - ok
08:12:30.0313 5300 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
08:12:30.0313 5300 swenum - ok
08:12:30.0406 5300 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
08:12:30.0422 5300 swprv - ok
08:12:30.0547 5300 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS
08:12:30.0562 5300 SymDS - ok
08:12:30.0718 5300 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS
08:12:30.0734 5300 SymEFA - ok
08:12:30.0827 5300 SymEvent (894579207e39c465737e850a252ce4f2) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
08:12:30.0827 5300 SymEvent - ok
08:12:30.0968 5300 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS
08:12:30.0968 5300 SymIRON - ok
08:12:31.0093 5300 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS
08:12:31.0108 5300 SymNetS - ok
08:12:31.0295 5300 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
08:12:31.0311 5300 SynTP - ok
08:12:31.0467 5300 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
08:12:31.0498 5300 SysMain - ok
08:12:31.0592 5300 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
08:12:31.0592 5300 TabletInputService - ok
08:12:31.0623 5300 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
08:12:31.0639 5300 TapiSrv - ok
08:12:31.0717 5300 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
08:12:31.0732 5300 TBS - ok
08:12:31.0826 5300 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
08:12:31.0857 5300 Tcpip - ok
08:12:31.0997 5300 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
08:12:32.0029 5300 TCPIP6 - ok
08:12:32.0107 5300 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
08:12:32.0122 5300 tcpipreg - ok
08:12:32.0153 5300 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
08:12:32.0153 5300 tdcmdpst - ok
08:12:32.0247 5300 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
08:12:32.0263 5300 TDPIPE - ok
08:12:32.0341 5300 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
08:12:32.0341 5300 TDTCP - ok
08:12:32.0387 5300 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
08:12:32.0387 5300 tdx - ok
08:12:32.0465 5300 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
08:12:32.0465 5300 TermDD - ok
08:12:32.0528 5300 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
08:12:32.0543 5300 TermService - ok
08:12:32.0606 5300 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
08:12:32.0606 5300 Themes - ok
08:12:32.0653 5300 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
08:12:32.0653 5300 THREADORDER - ok
08:12:32.0731 5300 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
08:12:32.0731 5300 TMachInfo - ok
08:12:32.0809 5300 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
08:12:32.0824 5300 TODDSrv - ok
08:12:32.0887 5300 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
08:12:32.0902 5300 TosCoSrv - ok
08:12:32.0949 5300 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe
08:12:32.0965 5300 TOSHIBA eco Utility Service - ok
08:12:33.0027 5300 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
08:12:33.0027 5300 TOSHIBA HDD SSD Alert Service - ok
08:12:33.0121 5300 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
08:12:33.0136 5300 tos_sps64 - ok
08:12:33.0261 5300 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
08:12:33.0277 5300 TPCHSrv - ok
08:12:33.0355 5300 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
08:12:33.0355 5300 TrkWks - ok
08:12:33.0386 5300 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
08:12:33.0401 5300 TrustedInstaller - ok
08:12:33.0479 5300 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
08:12:33.0479 5300 tssecsrv - ok
08:12:33.0573 5300 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
08:12:33.0589 5300 TsUsbFlt - ok
08:12:33.0604 5300 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
08:12:33.0604 5300 TsUsbGD - ok
08:12:33.0713 5300 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
08:12:33.0713 5300 tunnel - ok
08:12:33.0791 5300 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
08:12:33.0791 5300 TVALZ - ok
08:12:33.0823 5300 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
08:12:33.0823 5300 TVALZFL - ok
08:12:33.0901 5300 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
08:12:33.0901 5300 uagp35 - ok
08:12:33.0947 5300 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
08:12:33.0947 5300 udfs - ok
08:12:34.0041 5300 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
08:12:34.0041 5300 UI0Detect - ok
08:12:34.0088 5300 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
08:12:34.0088 5300 uliagpkx - ok
08:12:34.0197 5300 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
08:12:34.0197 5300 umbus - ok
08:12:34.0306 5300 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
08:12:34.0306 5300 UmPass - ok
08:12:34.0478 5300 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:12:34.0493 5300 UNS - ok
08:12:34.0587 5300 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
08:12:34.0587 5300 upnphost - ok
08:12:34.0634 5300 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
08:12:34.0634 5300 usbccgp - ok
08:12:34.0727 5300 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
08:12:34.0727 5300 usbcir - ok
08:12:34.0821 5300 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
08:12:34.0821 5300 usbehci - ok
08:12:34.0930 5300 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
08:12:34.0930 5300 usbhub - ok
08:12:35.0024 5300 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
08:12:35.0024 5300 usbohci - ok
08:12:35.0117 5300 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
08:12:35.0117 5300 usbprint - ok
08:12:35.0180 5300 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:12:35.0195 5300 USBSTOR - ok
08:12:35.0289 5300 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
08:12:35.0289 5300 usbuhci - ok
08:12:35.0383 5300 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
08:12:35.0398 5300 usbvideo - ok
08:12:35.0476 5300 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
08:12:35.0476 5300 UxSms - ok
08:12:35.0523 5300 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
08:12:35.0523 5300 VaultSvc - ok
08:12:35.0617 5300 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
08:12:35.0617 5300 vdrvroot - ok
08:12:35.0726 5300 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
08:12:35.0741 5300 vds - ok
08:12:35.0835 5300 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
08:12:35.0835 5300 vga - ok
08:12:35.0929 5300 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
08:12:35.0929 5300 VgaSave - ok
08:12:35.0960 5300 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
08:12:35.0960 5300 vhdmp - ok
08:12:36.0053 5300 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
08:12:36.0053 5300 viaide - ok
08:12:36.0085 5300 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
08:12:36.0085 5300 volmgr - ok
08:12:36.0178 5300 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
08:12:36.0194 5300 volmgrx - ok
08:12:36.0272 5300 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
08:12:36.0287 5300 volsnap - ok
08:12:36.0397 5300 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
08:12:36.0397 5300 vsmraid - ok
08:12:36.0521 5300 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
08:12:36.0553 5300 VSS - ok
08:12:36.0631 5300 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
08:12:36.0631 5300 vwifibus - ok
08:12:36.0724 5300 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
08:12:36.0724 5300 vwififlt - ok
08:12:36.0833 5300 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
08:12:36.0833 5300 W32Time - ok
08:12:36.0865 5300 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
08:12:36.0865 5300 WacomPen - ok
08:12:36.0974 5300 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
08:12:36.0974 5300 WANARP - ok
08:12:37.0005 5300 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
08:12:37.0005 5300 Wanarpv6 - ok
08:12:37.0177 5300 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
08:12:37.0208 5300 WatAdminSvc - ok
08:12:37.0333 5300 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
08:12:37.0348 5300 wbengine - ok
08:12:37.0442 5300 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
08:12:37.0457 5300 WbioSrvc - ok
08:12:37.0489 5300 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
08:12:37.0489 5300 wcncsvc - ok
08:12:37.0567 5300 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
08:12:37.0567 5300 WcsPlugInService - ok
08:12:37.0613 5300 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
08:12:37.0613 5300 Wd - ok
08:12:37.0707 5300 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
08:12:37.0723 5300 Wdf01000 - ok
08:12:37.0754 5300 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
08:12:37.0754 5300 WdiServiceHost - ok
08:12:37.0754 5300 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
08:12:37.0769 5300 WdiSystemHost - ok
08:12:37.0832 5300 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
08:12:37.0847 5300 WebClient - ok
08:12:37.0879 5300 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
08:12:37.0894 5300 Wecsvc - ok
08:12:37.0957 5300 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
08:12:37.0957 5300 wercplsupport - ok
08:12:38.0019 5300 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
08:12:38.0019 5300 WerSvc - ok
08:12:38.0128 5300 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
08:12:38.0128 5300 WfpLwf - ok
08:12:38.0206 5300 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
08:12:38.0222 5300 WIMMount - ok
08:12:38.0269 5300 WinDefend - ok
08:12:38.0284 5300 WinHttpAutoProxySvc - ok
08:12:38.0362 5300 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
08:12:38.0362 5300 Winmgmt - ok
08:12:38.0456 5300 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
08:12:38.0487 5300 WinRM - ok
08:12:38.0596 5300 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
08:12:38.0596 5300 WinUsb - ok
08:12:38.0737 5300 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
08:12:38.0752 5300 Wlansvc - ok
08:12:38.0830 5300 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:12:38.0830 5300 wlcrasvc - ok
08:12:38.0971 5300 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:12:39.0033 5300 wlidsvc - ok
08:12:39.0127 5300 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
08:12:39.0127 5300 WmiAcpi - ok
08:12:39.0298 5300 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
08:12:39.0314 5300 wmiApSrv - ok
08:12:39.0376 5300 WMPNetworkSvc - ok
08:12:39.0454 5300 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
08:12:39.0470 5300 WPCSvc - ok
08:12:39.0485 5300 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
08:12:39.0501 5300 WPDBusEnum - ok
08:12:39.0595 5300 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
08:12:39.0595 5300 ws2ifsl - ok
08:12:39.0673 5300 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
08:12:39.0688 5300 wscsvc - ok
08:12:39.0766 5300 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
08:12:39.0766 5300 WSDPrintDevice - ok
08:12:39.0782 5300 WSearch - ok
08:12:39.0875 5300 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
08:12:39.0922 5300 wuauserv - ok
08:12:40.0000 5300 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
08:12:40.0000 5300 WudfPf - ok
08:12:40.0047 5300 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
08:12:40.0047 5300 WUDFRd - ok
08:12:40.0109 5300 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
08:12:40.0125 5300 wudfsvc - ok
08:12:40.0156 5300 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
08:12:40.0172 5300 WwanSvc - ok
08:12:40.0265 5300 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:12:40.0265 5300 YahooAUService - ok
08:12:40.0312 5300 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
08:12:40.0375 5300 \Device\Harddisk0\DR0 - ok
08:12:40.0406 5300 Boot (0x1200) (1fcffba50cffb5044094699e57ba0150) \Device\Harddisk0\DR0\Partition0
08:12:40.0406 5300 \Device\Harddisk0\DR0\Partition0 - ok
08:12:40.0406 5300 ============================================================
08:12:40.0406 5300 Scan finished
08:12:40.0406 5300 ============================================================
08:12:40.0421 3064 Detected object count: 0
08:12:40.0421 3064 Actual detected object count: 0
08:14:21.0911 1216 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-31 08:08:50
-----------------------------
08:08:50.191 OS Version: Windows x64 6.1.7601 Service Pack 1
08:08:50.191 Number of processors: 4 586 0x2A07
08:08:50.192 ComputerName: CHUCK-PC UserName: Chuck
08:08:51.606 Initialize success
08:09:35.073 AVAST engine defs: 12033100
08:14:26.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:14:26.014 Disk 0 Vendor: TOSHIBA_ GT00 Size: 476940MB BusType: 3
08:14:26.029 Disk 0 MBR read successfully
08:14:26.029 Disk 0 MBR scan
08:14:26.045 Disk 0 Windows VISTA default MBR code
08:14:26.060 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
08:14:26.076 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459970 MB offset 3074048
08:14:26.123 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15469 MB offset 945092608
08:14:26.170 Disk 0 scanning C:\windows\system32\drivers
08:14:33.892 Service scanning
08:15:08.648 Modules scanning
08:15:08.664 Disk 0 trace - called modules:
08:15:08.680 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
08:15:09.179 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006088060]
08:15:09.179 3 CLASSPNP.SYS[fffff8800168c43f] -> nt!IofCallDriver -> [0xfffffa8004587e40]
08:15:09.194 5 ACPI.sys[fffff88000f6e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800458b050]
08:15:10.162 AVAST engine scan C:\windows
08:15:12.470 AVAST engine scan C:\windows\system32
08:17:45.137 AVAST engine scan C:\windows\system32\drivers
08:18:01.766 AVAST engine scan C:\Users\Chuck
08:20:53.429 AVAST engine scan C:\ProgramData
08:21:52.241 Scan finished successfully
08:22:58.931 Disk 0 MBR has been saved successfully to "C:\Users\Chuck\Desktop\MBR.dat"
08:22:58.931 The log file has been saved successfully to "C:\Users\Chuck\Desktop\aswMBR.txt"

#6 gringo_pr

Bleepin Gringo

Malware Response Team
120,402 posts

Gender:Male
Location:Puerto rico

Posted 31 March 2012 - 11:57 AM

Greetings

the redirects happen in one browser or does it happen in all browsers?

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

#7 DDDuster

New Member

Members
9 posts

Posted 31 March 2012 - 01:43 PM

Hello,

The redirect happens in Firefox, IE and Chrome. After running ComboFix I had to reboot in order to connect to the Internet. An error message popped up when I clicked the Google Chrome Icon that said that the registry value was marked for deletion and asked if I wanted to remove the item. I selected no. This was when the ComboFix was completed and the log was done. And unfortunately I'm still getting redirected.

Here's the log. Thanks again for your help.

ComboFix 12-03-31.02 - Chuck 03/31/2012 11:16:11.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.1588 [GMT -7:00]
Running from: c:\users\Chuck\Downloads\ComboFix.exe
Command switches used :: c:\users\Chuck\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 18:20 . 2012-03-31 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-31 18:20 . 2012-03-31 18:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-28 19:36 . 2012-03-28 19:36 -------- d-----w- c:\program files\CCleaner
2012-03-28 18:58 . 2012-03-28 20:24 -------- d-----w- c:\programdata\iolo
2012-03-28 18:56 . 2012-03-28 18:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-28 18:56 . 2012-03-28 18:56 -------- d-----w- c:\program files (x86)\Java
2012-03-28 15:26 . 2012-03-28 17:43 -------- d-----w- c:\program files (x86)\Anvisoft
2012-03-28 12:48 . 2003-02-03 02:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-03-28 12:48 . 2002-03-06 07:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-03-27 21:27 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-03-27 20:27 . 2012-03-27 20:42 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-03-27 19:13 . 2012-03-27 19:13 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-27 18:44 . 2012-03-28 14:21 -------- d-----w- c:\users\Chuck\AppData\Roaming\QuickScan
2012-03-27 18:00 . 2012-03-27 18:00 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-27 17:57 . 2012-03-27 19:53 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-27 17:57 . 2012-02-24 17:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-03-27 17:57 . 2012-03-27 19:50 -------- d-----w- c:\programdata\PC Tools
2012-03-27 17:57 . 2012-03-27 17:57 -------- d-----w- c:\users\Chuck\AppData\Roaming\TestApp
2012-03-27 16:36 . 2012-03-27 19:51 -------- d-----w- c:\program files\HitmanPro
2012-03-27 13:22 . 2012-03-27 19:13 -------- d-----w- c:\programdata\HitmanPro
2012-03-27 02:32 . 2012-03-27 02:32 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-27 02:32 . 2012-03-27 02:32 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-27 02:32 . 2012-03-27 02:32 -------- d-----w- c:\program files\Java
2012-03-26 22:48 . 2012-03-28 16:07 -------- d-----w- c:\users\Chuck\AppData\Local\NPE
2012-03-26 21:34 . 2012-03-26 21:34 -------- d-----w- c:\users\Chuck\AppData\Roaming\Malwarebytes
2012-03-26 21:34 . 2012-03-26 21:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 21:34 . 2012-03-26 21:34 -------- d-----w- c:\programdata\Malwarebytes
2012-03-26 21:34 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 00:31 . 2012-03-24 00:31 -------- d-----w- c:\programdata\Book Place
2012-03-23 20:24 . 2012-03-23 20:24 -------- d-----w- c:\users\Public\Book Place
2012-03-23 20:11 . 2012-03-24 00:29 -------- d-----w- c:\users\Chuck\AppData\Local\Kjs.AppLife.Update
2012-03-23 20:09 . 2012-03-24 00:30 -------- d-----w- c:\users\Chuck\AppData\Roaming\Book Place
2012-03-17 01:58 . 2012-03-19 15:39 -------- d-----w- c:\users\Chuck\AppData\Local\Research In Motion
2012-03-17 01:57 . 2011-07-20 21:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-03-16 22:23 . 2012-03-16 22:23 -------- d-----w- c:\users\Chuck\AppData\Roaming\Amazon
2012-03-16 22:20 . 2012-03-16 22:20 -------- d-----w- c:\program files (x86)\Amazon
2012-03-16 22:17 . 2012-03-16 22:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-16 22:17 . 2012-03-16 22:17 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-16 22:17 . 2012-03-16 22:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-16 22:17 . 2012-03-16 22:17 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-14 10:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 10:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 07:16 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:16 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:16 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 07:15 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:15 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:15 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:15 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 07:15 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:15 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 16:11 . 2012-03-13 16:11 -------- d-----w- c:\users\Chuck\AppData\Roaming\com.desktoplightning.airapp.E46A8636380668D0309964F39136B84A726B34C4.1
2012-03-08 18:21 . 2012-03-24 00:44 -------- d-----w- c:\program files\Symantec
2012-03-08 18:21 . 2012-03-24 00:44 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-08 18:21 . 2012-03-08 18:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-03-08 18:20 . 2012-03-26 20:55 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-03-08 18:20 . 2012-03-08 18:20 -------- d-----w- c:\program files (x86)\Norton 360
2012-03-08 18:18 . 2012-03-08 18:18 -------- d-----w- c:\programdata\PCSettings
2012-03-03 05:16 . 2012-03-27 02:46 -------- d-----w- c:\users\Chuck\AppData\Local\CrashDumps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 18:56 . 2011-11-03 12:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-21 21:16 . 2012-02-21 21:16 205698 ----a-w- c:\windows\XHeader Uninstaller.exe
2012-02-18 15:16 . 2012-02-18 15:16 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2012-02-18 15:16 . 2012-02-18 15:16 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
2012-02-12 22:38 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-04 10:44 . 2012-02-14 22:38 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-14 22:38 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-31_13.36.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-03-31 13:42 47988 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-31 13:42 37512 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-13 22:57 . 2012-03-31 13:42 8102 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3756181420-1093040515-1656055723-1000_UserData.bin
- 2012-03-31 13:35 . 2012-03-31 13:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-31 18:24 . 2012-03-31 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-31 13:35 . 2012-03-31 13:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-31 18:24 . 2012-03-31 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-13 06:54 . 2012-03-31 18:10 254336 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-03-31 13:45 660318 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-29 12:34 660318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-31 13:45 121214 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-29 12:34 121214 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-31 13:34 389900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-31 18:23 389900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-02-13 22:52 . 2012-03-31 13:34 56508472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3756181420-1093040515-1656055723-1000-8192.dat
+ 2012-02-13 22:52 . 2012-03-31 18:23 56508472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3756181420-1093040515-1656055723-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-11-02 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-19 39408]
"Verizon Media Manager"="c:\program files (x86)\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" [2012-02-24 1519616]
"MultiScreen"="c:\program files (x86)\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-19 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-03 1157240]
S3 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-14 138360]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120330.002\IDSvia64.sys [2012-03-08 488568]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 05:34]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 05:34]
.
2012-03-31 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-02-26 18:30]
.
2012-03-28 c:\windows\Tasks\WebReg HP Photosmart Premium C309g-m.job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2009-11-18 08:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-07 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-07 392472]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://foxnews.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-31 11:27:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 18:27
ComboFix2.txt 2012-03-31 13:38
.
Pre-Run: 434,986,033,152 bytes free
Post-Run: 435,016,327,168 bytes free
.
- - End Of File - - AF95DB8219E83299F3E487D66A90D7E0

#8 gringo_pr

Bleepin Gringo

Malware Response Team
120,402 posts

Gender:Male
Location:Puerto rico

Posted 02 April 2012 - 09:47 AM

Hello

sorry about that!!

I want you to uninstall FireFox and Chrome and when asked about user data I want that removed also

Reinstall firefox and chrome and check if they redirect

also see if you still have the same problem with IE

gringo

#9 DDDuster

New Member

Members
9 posts

Posted 02 April 2012 - 11:09 AM

Hello,

I uninstalled both Chrome and Firefox but wasn't asked about removing the user data. Both removals were done through the Control Panel/Add remove programs. I restarted the computer and checked IE. There appears to be NO redirects on IE. I spent plenty of time searching and there was nothing unusual. I installed both Chrome and Firefox searched on both and they too appear to be free of the redirects! Got my fingers crossed, great job and thanks again for your help. I will be sure to donate to you for your help with this. Let me know if I should do anything else now that it's done.

Thanks again!

Edited by DDDuster, 02 April 2012 - 11:09 AM.

#10 gringo_pr

Bleepin Gringo

Malware Response Team
120,402 posts

Gender:Male
Location:Puerto rico

Posted 02 April 2012 - 11:31 AM

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.

Download CCleaner from here http://www.ccleaner.com/
Run the installer to install the application.
When it gives you the option to install Yahoo toolbar uncheck the box next to it.
Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
Click Run Cleaner.
Close CCleaner.

: Malwarebytes' Anti-Malware :

I would like you to rerun MBAM
Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidentally close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo

#11 DDDuster

New Member

Members
9 posts

Posted 02 April 2012 - 01:52 PM

Hello,

No problems. The computer seems to running well, Chrome performs better then Firefox and IE???? Here are the logs you requested.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.02.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chuck :: CHUCK-PC [administrator]

Protection: Disabled

4/2/2012 11:44:20 AM
mbam-log-2012-04-02 (11-44-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213553
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:48:23 AM, on 4/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
C:\Program Files (x86)\MultiScreen\MultiScreen.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~2\MICROS~3\Office12\OUTLOOK.EXE
C:\Users\Chuck\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Verizon Media Manager] C:\Program Files (x86)\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe 0
O4 - HKCU\..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11213 bytes

#12 gringo_pr

Bleepin Gringo

Malware Response Team
120,402 posts

Gender:Male
Location:Puerto rico

Posted 02 April 2012 - 02:03 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
- O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
  O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [Google Update] "C:\Users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe" /c
  O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

NOTE**You can research each of those lines >here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
- Click Start
When asked, allow the ActiveX control to install
- Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo

#13 DDDuster

New Member

Members
9 posts

Posted 02 April 2012 - 06:55 PM

Hello,

Here is the Eset log as requested. Thanks for your help.

C:\Users\Chuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk Win32/Adware.ADON application
C:\Users\Chuck\Documents\Downloads\Unlocker1.9.1.exe Win32/Adware.ADON application

#14 gringo_pr

Bleepin Gringo

Malware Response Team
120,402 posts

Gender:Male
Location:Puerto rico

Posted 03 April 2012 - 05:48 AM

Hello

There are some minor things in your online scan that should be removed.

delete files

Copy all text in the quote box (below)...to Notepad.

@echo off
del /f /s /q "C:\Users\Chuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk"
del /f /s /q "C:\Users\Chuck\Documents\Downloads\Unlocker1.9.1.exe"
del %0
Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this: <--XP<--vista
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

turn off all active protection software
push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box ComboFix /Uninstall and click OK.
Note the space between the X and the /Uninstall, it needs to be there.

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

Gringo

#15 DDDuster

New Member

Members
9 posts

Posted 03 April 2012 - 07:55 AM

Hello Gringo,

Great job, so far so good! I followed the steps you gave me and read the information provided regarding PC safety and security awareness. Can Microsoft Security Essentials be used in conjunction with Norton 360?

I appreciate your help and will be making a donation to you for your help in resolving this issue.

Thanks again.