Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU spikes randomly to 100% when connected to internet


  • This topic is locked This topic is locked
19 replies to this topic

#1 7buttons

7buttons

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 21 May 2012 - 01:17 AM

When I'm connected to the internet, CPU randomly spikes to 100% then tends to stay around 40%-60% for a few minutes, then will spike to 100%. Have tried Malwarebytes, avast boot time scan, and many many others. At first TDSS Killer found this:

17:52:35.0578 1512 Detected object count: 16
17:52:35.0578 1512 Actual detected object count: 16
17:53:57.0783 1512 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - copied to quarantine
17:53:57.0859 1512 HKLM\SYSTEM\ControlSet001\services\CFSvcs - will be deleted on reboot
17:53:57.0892 1512 HKLM\SYSTEM\ControlSet002\services\CFSvcs - will be deleted on reboot
17:53:57.0934 1512 HKLM\SYSTEM\ControlSet003\services\CFSvcs - will be deleted on reboot
17:53:57.0973 1512 HKLM\SYSTEM\ControlSet004\services\CFSvcs - will be deleted on reboot
17:53:58.0017 1512 HKLM\SYSTEM\ControlSet005\services\CFSvcs - will be deleted on reboot
17:53:58.0057 1512 HKLM\SYSTEM\ControlSet006\services\CFSvcs - will be deleted on reboot
17:53:58.0078 1512 HKLM\SYSTEM\ControlSet007\services\CFSvcs - will be deleted on reboot
17:53:58.0102 1512 HKLM\SYSTEM\ControlSet008\services\CFSvcs - will be deleted on reboot
17:53:58.0122 1512 HKLM\SYSTEM\ControlSet009\services\CFSvcs - will be deleted on reboot
17:53:58.0153 1512 HKLM\SYSTEM\ControlSet010\services\CFSvcs - will be deleted on reboot
17:53:58.0227 1512 HKLM\SYSTEM\ControlSet011\services\CFSvcs - will be deleted on reboot
17:53:58.0267 1512 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - will be deleted on reboot
17:53:58.0267 1512 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:53:58.0443 1512 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - copied to quarantine
17:53:58.0575 1512 HKLM\SYSTEM\ControlSet001\services\EvtEng - will be deleted on reboot
17:53:58.0598 1512 HKLM\SYSTEM\ControlSet002\services\EvtEng - will be deleted on reboot
17:53:58.0616 1512 HKLM\SYSTEM\ControlSet003\services\EvtEng - will be deleted on reboot
17:53:58.0632 1512 HKLM\SYSTEM\ControlSet004\services\EvtEng - will be deleted on reboot
17:53:58.0644 1512 HKLM\SYSTEM\ControlSet005\services\EvtEng - will be deleted on reboot
17:53:58.0652 1512 HKLM\SYSTEM\ControlSet006\services\EvtEng - will be deleted on reboot
17:53:58.0660 1512 HKLM\SYSTEM\ControlSet007\services\EvtEng - will be deleted on reboot
17:53:58.0669 1512 HKLM\SYSTEM\ControlSet008\services\EvtEng - will be deleted on reboot
17:53:58.0675 1512 HKLM\SYSTEM\ControlSet009\services\EvtEng - will be deleted on reboot
17:53:58.0686 1512 HKLM\SYSTEM\ControlSet010\services\EvtEng - will be deleted on reboot
17:53:58.0699 1512 HKLM\SYSTEM\ControlSet011\services\EvtEng - will be deleted on reboot
17:53:58.0706 1512 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - will be deleted on reboot
17:53:58.0706 1512 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:53:58.0813 1512 C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe - copied to quarantine
17:53:58.0857 1512 HKLM\SYSTEM\ControlSet001\services\IDriverT - will be deleted on reboot
17:53:58.0858 1512 HKLM\SYSTEM\ControlSet002\services\IDriverT - will be deleted on reboot
17:53:58.0888 1512 HKLM\SYSTEM\ControlSet003\services\IDriverT - will be deleted on reboot
17:53:58.0904 1512 HKLM\SYSTEM\ControlSet004\services\IDriverT - will be deleted on reboot
17:53:58.0916 1512 HKLM\SYSTEM\ControlSet005\services\IDriverT - will be deleted on reboot
17:53:58.0924 1512 HKLM\SYSTEM\ControlSet006\services\IDriverT - will be deleted on reboot
17:53:58.0932 1512 HKLM\SYSTEM\ControlSet007\services\IDriverT - will be deleted on reboot
17:53:58.0941 1512 HKLM\SYSTEM\ControlSet008\services\IDriverT - will be deleted on reboot
17:53:58.0947 1512 HKLM\SYSTEM\ControlSet009\services\IDriverT - will be deleted on reboot
17:53:58.0959 1512 HKLM\SYSTEM\ControlSet010\services\IDriverT - will be deleted on reboot
17:53:58.0977 1512 HKLM\SYSTEM\ControlSet011\services\IDriverT - will be deleted on reboot
17:53:58.0984 1512 C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe - will be deleted on reboot
17:53:58.0984 1512 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:53:59.0117 1512 C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE - copied to quarantine
17:53:59.0176 1512 HKLM\SYSTEM\ControlSet001\services\IJPLMSVC - will be deleted on reboot
17:53:59.0179 1512 HKLM\SYSTEM\ControlSet010\services\IJPLMSVC - will be deleted on reboot
17:53:59.0181 1512 HKLM\SYSTEM\ControlSet011\services\IJPLMSVC - will be deleted on reboot
17:53:59.0188 1512 C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE - will be deleted on reboot
17:53:59.0188 1512 IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:53:59.0809 1512 C:\Windows\system32\drivers\kr10i.sys - copied to quarantine
17:54:00.0041 1512 HKLM\SYSTEM\ControlSet001\services\KR10I - will be deleted on reboot
17:54:00.0071 1512 HKLM\SYSTEM\ControlSet002\services\KR10I - will be deleted on reboot
17:54:00.0072 1512 HKLM\SYSTEM\ControlSet003\services\KR10I - will be deleted on reboot
17:54:00.0072 1512 HKLM\SYSTEM\ControlSet004\services\KR10I - will be deleted on reboot
17:54:00.0073 1512 HKLM\SYSTEM\ControlSet005\services\KR10I - will be deleted on reboot
17:54:00.0073 1512 HKLM\SYSTEM\ControlSet006\services\KR10I - will be deleted on reboot
17:54:00.0074 1512 HKLM\SYSTEM\ControlSet007\services\KR10I - will be deleted on reboot
17:54:00.0074 1512 HKLM\SYSTEM\ControlSet008\services\KR10I - will be deleted on reboot
17:54:00.0075 1512 HKLM\SYSTEM\ControlSet009\services\KR10I - will be deleted on reboot
17:54:00.0088 1512 HKLM\SYSTEM\ControlSet010\services\KR10I - will be deleted on reboot
17:54:00.0090 1512 HKLM\SYSTEM\ControlSet011\services\KR10I - will be deleted on reboot
17:54:00.0097 1512 C:\Windows\system32\drivers\kr10i.sys - will be deleted on reboot
17:54:00.0097 1512 KR10I ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:54:00.0179 1512 C:\Windows\system32\drivers\kr10n.sys - copied to quarantine
17:54:00.0283 1512 HKLM\SYSTEM\ControlSet001\services\KR10N - will be deleted on reboot
17:54:00.0284 1512 HKLM\SYSTEM\ControlSet002\services\KR10N - will be deleted on reboot
17:54:00.0284 1512 HKLM\SYSTEM\ControlSet003\services\KR10N - will be deleted on reboot
17:54:00.0285 1512 HKLM\SYSTEM\ControlSet004\services\KR10N - will be deleted on reboot
17:54:00.0285 1512 HKLM\SYSTEM\ControlSet005\services\KR10N - will be deleted on reboot
17:54:00.0286 1512 HKLM\SYSTEM\ControlSet006\services\KR10N - will be deleted on reboot
17:54:00.0286 1512 HKLM\SYSTEM\ControlSet007\services\KR10N - will be deleted on reboot
17:54:00.0287 1512 HKLM\SYSTEM\ControlSet008\services\KR10N - will be deleted on reboot
17:54:00.0287 1512 HKLM\SYSTEM\ControlSet009\services\KR10N - will be deleted on reboot
17:54:00.0288 1512 HKLM\SYSTEM\ControlSet010\services\KR10N - will be deleted on reboot
17:54:00.0289 1512 HKLM\SYSTEM\ControlSet011\services\KR10N - will be deleted on reboot
17:54:00.0296 1512 C:\Windows\system32\drivers\kr10n.sys - will be deleted on reboot
17:54:00.0296 1512 KR10N ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:54:00.0437 1512 C:\Windows\system32\drivers\kr3npxp.sys - copied to quarantine
17:54:00.0522 1512 HKLM\SYSTEM\ControlSet001\services\KR3NPXP - will be deleted on reboot
17:54:00.0524 1512 HKLM\SYSTEM\ControlSet002\services\KR3NPXP - will be deleted on reboot
17:54:00.0524 1512 HKLM\SYSTEM\ControlSet003\services\KR3NPXP - will be deleted on reboot
17:54:00.0525 1512 HKLM\SYSTEM\ControlSet004\services\KR3NPXP - will be deleted on reboot
17:54:00.0525 1512 HKLM\SYSTEM\ControlSet005\services\KR3NPXP - will be deleted on reboot
17:54:00.0526 1512 HKLM\SYSTEM\ControlSet006\services\KR3NPXP - will be deleted on reboot
17:54:00.0526 1512 HKLM\SYSTEM\ControlSet007\services\KR3NPXP - will be deleted on reboot
17:54:00.0526 1512 HKLM\SYSTEM\ControlSet008\services\KR3NPXP - will be deleted on reboot
17:54:00.0527 1512 HKLM\SYSTEM\ControlSet009\services\KR3NPXP - will be deleted on reboot
17:54:00.0527 1512 HKLM\SYSTEM\ControlSet010\services\KR3NPXP - will be deleted on reboot
17:54:00.0529 1512 HKLM\SYSTEM\ControlSet011\services\KR3NPXP - will be deleted on reboot
17:54:00.0536 1512 C:\Windows\system32\drivers\kr3npxp.sys - will be deleted on reboot
17:54:00.0536 1512 KR3NPXP ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:54:00.0703 1512 C:\Program Files\Common Files\Motive\McciCMService.exe - copied to quarantine
17:54:00.0802 1512 HKLM\SYSTEM\ControlSet001\services\McciCMService - will be deleted on reboot
17:54:00.0805 1512 HKLM\SYSTEM\ControlSet010\services\McciCMService - will be deleted on reboot
17:54:00.0869 1512 HKLM\SYSTEM\ControlSet011\services\McciCMService - will be deleted on reboot
17:54:00.0879 1512 C:\Program Files\Common Files\Motive\McciCMService.exe - will be deleted on reboot
17:54:00.0879 1512 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:54:00.0940 1512 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS - copied to quarantine
17:54:00.0981 1512 HKLM\SYSTEM\ControlSet001\services\MREMP50 - will be deleted on reboot
17:54:01.0003 1512 HKLM\SYSTEM\ControlSet010\services\MREMP50 - will be deleted on reboot
17:54:01.0006 1512 HKLM\SYSTEM\ControlSet011\services\MREMP50 - will be deleted on reboot
17:54:01.0013 1512 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS - will be deleted on reboot
17:54:01.0013 1512 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:54:01.0072 1512 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS - copied to quarantine
17:54:01.0087 1512 HKLM\SYSTEM\ControlSet001\services\MRESP50 - will be deleted on reboot
17:54:01.0090 1512 HKLM\SYSTEM\ControlSet010\services\MRESP50 - will be deleted on reboot
17:54:01.0091 1512 HKLM\SYSTEM\ControlSet011\services\MRESP50 - will be deleted on reboot
17:54:01.0099 1512 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS - will be deleted on reboot
17:54:01.0099 1512 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:54:01.0241 1512 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - copied to quarantine
17:54:01.0327 1512 HKLM\SYSTEM\ControlSet001\services\RegSrvc - will be deleted on reboot
17:54:01.0347 1512 HKLM\SYSTEM\ControlSet002\services\RegSrvc - will be deleted on reboot
17:54:01.0354 1512 HKLM\SYSTEM\ControlSet003\services\RegSrvc - will be deleted on reboot
17:54:01.0367 1512 HKLM\SYSTEM\ControlSet004\services\RegSrvc - will be deleted on reboot
17:54:01.0377 1512 HKLM\SYSTEM\ControlSet005\services\RegSrvc - will be deleted on reboot
17:54:01.0386 1512 HKLM\SYSTEM\ControlSet006\services\RegSrvc - will be deleted on reboot
17:54:01.0395 1512 HKLM\SYSTEM\ControlSet007\services\RegSrvc - will be deleted on reboot
17:54:01.0402 1512 HKLM\SYSTEM\ControlSet008\services\RegSrvc - will be deleted on reboot
17:54:01.0408 1512 HKLM\SYSTEM\ControlSet009\services\RegSrvc - will be deleted on reboot
17:54:01.0425 1512 HKLM\SYSTEM\ControlSet010\services\RegSrvc - will be deleted on reboot
17:54:01.0428 1512 HKLM\SYSTEM\ControlSet011\services\RegSrvc - will be deleted on reboot
17:54:01.0435 1512 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - will be deleted on reboot
17:54:01.0435 1512 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:54:01.0819 1512 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
17:54:01.0903 1512 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
17:54:01.0929 1512 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
17:54:01.0930 1512 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot
17:54:01.0930 1512 HKLM\SYSTEM\ControlSet004\services\sptd - will be deleted on reboot
17:54:01.0931 1512 HKLM\SYSTEM\ControlSet005\services\sptd - will be deleted on reboot
17:54:01.0931 1512 HKLM\SYSTEM\ControlSet006\services\sptd - will be deleted on reboot
17:54:01.0932 1512 HKLM\SYSTEM\ControlSet007\services\sptd - will be deleted on reboot
17:54:01.0932 1512 HKLM\SYSTEM\ControlSet008\services\sptd - will be deleted on reboot
17:54:01.0933 1512 HKLM\SYSTEM\ControlSet009\services\sptd - will be deleted on reboot
17:54:01.0999 1512 HKLM\SYSTEM\ControlSet010\services\sptd - will be deleted on reboot
17:54:02.0007 1512 HKLM\SYSTEM\ControlSet011\services\sptd - will be deleted on reboot
17:54:02.0015 1512 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
17:54:02.0015 1512 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
17:54:02.0106 1512 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe - copied to quarantine
17:54:02.0165 1512 HKLM\SYSTEM\ControlSet001\services\TNaviSrv - will be deleted on reboot
17:54:02.0166 1512 HKLM\SYSTEM\ControlSet002\services\TNaviSrv - will be deleted on reboot
17:54:02.0183 1512 HKLM\SYSTEM\ControlSet003\services\TNaviSrv - will be deleted on reboot
17:54:02.0267 1512 HKLM\SYSTEM\ControlSet004\services\TNaviSrv - will be deleted on reboot
17:54:02.0277 1512 HKLM\SYSTEM\ControlSet005\services\TNaviSrv - will be deleted on reboot
17:54:02.0285 1512 HKLM\SYSTEM\ControlSet006\services\TNaviSrv - will be deleted on reboot
17:54:02.0295 1512 HKLM\SYSTEM\ControlSet007\services\TNaviSrv - will be deleted on reboot
17:54:02.0302 1512 HKLM\SYSTEM\ControlSet008\services\TNaviSrv - will be deleted on reboot
17:54:02.0308 1512 HKLM\SYSTEM\ControlSet009\services\TNaviSrv - will be deleted on reboot
17:54:02.0315 1512 HKLM\SYSTEM\ControlSet010\services\TNaviSrv - will be deleted on reboot
17:54:02.0319 1512 HKLM\SYSTEM\ControlSet011\services\TNaviSrv - will be deleted on reboot
17:54:02.0326 1512 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe - will be deleted on reboot
17:54:02.0326 1512 TNaviSrv ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:54:02.0403 1512 C:\Windows\system32\TODDSrv.exe - copied to quarantine
17:54:02.0465 1512 HKLM\SYSTEM\ControlSet001\services\TODDSrv - will be deleted on reboot
17:54:02.0466 1512 HKLM\SYSTEM\ControlSet002\services\TODDSrv - will be deleted on reboot
17:54:02.0467 1512 HKLM\SYSTEM\ControlSet003\services\TODDSrv - will be deleted on reboot
17:54:02.0467 1512 HKLM\SYSTEM\ControlSet004\services\TODDSrv - will be deleted on reboot
17:54:02.0468 1512 HKLM\SYSTEM\ControlSet005\services\TODDSrv - will be deleted on reboot
17:54:02.0468 1512 HKLM\SYSTEM\ControlSet006\services\TODDSrv - will be deleted on reboot
17:54:02.0469 1512 HKLM\SYSTEM\ControlSet007\services\TODDSrv - will be deleted on reboot
17:54:02.0469 1512 HKLM\SYSTEM\ControlSet008\services\TODDSrv - will be deleted on reboot
17:54:02.0470 1512 HKLM\SYSTEM\ControlSet009\services\TODDSrv - will be deleted on reboot
17:54:02.0470 1512 HKLM\SYSTEM\ControlSet010\services\TODDSrv - will be deleted on reboot
17:54:02.0472 1512 HKLM\SYSTEM\ControlSet011\services\TODDSrv - will be deleted on reboot
17:54:02.0479 1512 C:\Windows\system32\TODDSrv.exe - will be deleted on reboot
17:54:02.0479 1512 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:54:02.0612 1512 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe - copied to quarantine
17:54:02.0679 1512 HKLM\SYSTEM\ControlSet001\services\UleadBurningHelper - will be deleted on reboot
17:54:02.0707 1512 HKLM\SYSTEM\ControlSet002\services\UleadBurningHelper - will be deleted on reboot
17:54:02.0708 1512 HKLM\SYSTEM\ControlSet003\services\UleadBurningHelper - will be deleted on reboot
17:54:02.0708 1512 HKLM\SYSTEM\ControlSet004\services\UleadBurningHelper - will be deleted on reboot
17:54:02.0709 1512 HKLM\SYSTEM\ControlSet005\services\UleadBurningHelper - will be deleted on reboot
17:54:02.0709 1512 HKLM\SYSTEM\ControlSet006\services\UleadBurningHelper - will be deleted on reboot
17:54:02.0709 1512 HKLM\SYSTEM\ControlSet007\services\UleadBurningHelper - will be deleted on reboot
17:54:02.0710 1512 HKLM\SYSTEM\ControlSet008\services\UleadBurningHelper - will be deleted on reboot
17:54:02.0710 1512 HKLM\SYSTEM\ControlSet009\services\UleadBurningHelper - will be deleted on reboot
17:54:02.0711 1512 HKLM\SYSTEM\ControlSet010\services\UleadBurningHelper - will be deleted on reboot
17:54:02.0712 1512 HKLM\SYSTEM\ControlSet011\services\UleadBurningHelper - will be deleted on reboot
17:54:02.0720 1512 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe - will be deleted on reboot
17:54:02.0720 1512 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:54:02.0806 1512 C:\Program Files\Viewpoint\Common\ViewpointService.exe - copied to quarantine
17:54:02.0846 1512 HKLM\SYSTEM\ControlSet001\services\Viewpoint Manager Service - will be deleted on reboot
17:54:02.0848 1512 HKLM\SYSTEM\ControlSet002\services\Viewpoint Manager Service - will be deleted on reboot
17:54:02.0883 1512 HKLM\SYSTEM\ControlSet003\services\Viewpoint Manager Service - will be deleted on reboot
17:54:02.0897 1512 HKLM\SYSTEM\ControlSet004\services\Viewpoint Manager Service - will be deleted on reboot
17:54:02.0907 1512 HKLM\SYSTEM\ControlSet005\services\Viewpoint Manager Service - will be deleted on reboot
17:54:02.0915 1512 HKLM\SYSTEM\ControlSet006\services\Viewpoint Manager Service - will be deleted on reboot
17:54:02.0925 1512 HKLM\SYSTEM\ControlSet007\services\Viewpoint Manager Service - will be deleted on reboot
17:54:02.0932 1512 HKLM\SYSTEM\ControlSet008\services\Viewpoint Manager Service - will be deleted on reboot
17:54:02.0938 1512 HKLM\SYSTEM\ControlSet009\services\Viewpoint Manager Service - will be deleted on reboot
17:54:02.0946 1512 HKLM\SYSTEM\ControlSet010\services\Viewpoint Manager Service - will be deleted on reboot
17:54:02.0950 1512 HKLM\SYSTEM\ControlSet011\services\Viewpoint Manager Service - will be deleted on reboot
17:54:02.0957 1512 C:\Program Files\Viewpoint\Common\ViewpointService.exe - will be deleted on reboot
17:54:02.0958 1512 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Delete
17:54:08.0932 4184 Deinitialize success

And Malwarebytes found this:

Files Detected: 3
C:\Users\Brooke\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001ff (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Users\Brooke\AppData\Local\Temp\is1598539481\IWantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Brooke\Desktop\.junk\SoftonicDownloader_for_kaspersky-tdsskiller.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.

(end)
However I am still having CPU issues but Malwarebytes and other scans have found nothing. Here are the logs from DDS and GMER:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19222 BrowserJavaVersion: 1.6.0_29
Run by Brooke at 0:54:19 on 2012-05-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.873 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\locator.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Brooke\Desktop\Defogger.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://centurylink.net
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: AutorunsDisabled - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{1D3A962B-2713-4DFF-BC38-3B4EF66CDBE4} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A350C129-D04E-4AF1-B585-FEEC3633BD74} : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brooke\appdata\roaming\mozilla\firefox\profiles\ba3krz0f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centurylink.net/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-18 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-3 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-3 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-3 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-3 44768]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-17 1153368]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-6-12 7168]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-25 22344]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files\system explorer\service\SystemExplorerService.exe [2012-5-20 535000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-23 257696]
S4 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-5 21504]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-16 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-16 136176]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-25 654408]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-05-04 23:32:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 23:32:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-01 14:46:01 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-01 14:46:01 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:08:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-29 13:44:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-29 13:41:40 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 11:30:48 916992 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 11:25:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 11:25:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 11:25:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-02-28 11:25:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-28 10:07:57 385024 ----a-w- c:\windows\system32\html.iec
2012-02-28 08:12:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-28 08:08:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 0:56:48.35 ===============

I have also been using System Explorer and Process Explorer to look for what is taking up all that space occasionally. And usually it is an svchost.exe process or taskeng.exe process, other times it is explorer.exe or other Toshiba related processes. I feel like I have tried just about every rootkit, virus, or malware remover there is but they all find nothing and I am still having very high CPU spikes and very high CPU usage in general, averaging about 50-60%. Help please :)

PS. When I first noticed this was happened, I disabled a lot of my startup processes for fear that they were the cause of the issue, or at least contributing to it

Attached Files


Edited by 7buttons, 21 May 2012 - 01:19 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 21 May 2012 - 01:59 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 7buttons

7buttons
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 21 May 2012 - 09:48 PM

Thanks for your help yay! Computer is acting the same. No other problems. But CPU is still very high (90%-100%) at times and averaging around 40%-60% with dwm.exe and a few svchost.exe and either chrome.exe or firefox.exe (whichever I am using) and avastsvc.exe (even thought avast has been disabled)and explorer.exe taking up most of that usage.. Here are the logs:
Results of screen317's Security Check version 0.99.33
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 29
Java™ SE Runtime Environment 6
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (12.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Spybot Teatimer.exe is disabled!
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````




ComboFix 12-05-21.05 - Brooke 05/21/2012 20:14:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.832 [GMT -4:00]
Running from: c:\users\Brooke\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Brooke\Documents\~WRL0668.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 00:27 . 2012-05-22 00:28 -------- d-----w- c:\users\Brooke\AppData\Local\temp
2012-05-22 00:27 . 2012-05-22 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-21 04:39 . 2012-05-21 04:39 388096 ----a-r- c:\users\Brooke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-20 05:20 . 2012-05-20 05:20 -------- d-----w- c:\users\Brooke\AppData\Local\CRE
2012-05-20 05:19 . 2012-05-20 05:19 -------- d-----w- c:\program files\Conduit
2012-05-20 05:19 . 2012-05-20 05:19 -------- d-----w- c:\users\Brooke\AppData\Local\Conduit
2012-05-20 05:19 . 2012-05-20 05:19 -------- d-----w- c:\program files\uTorrentControl2
2012-05-20 04:02 . 2012-05-20 04:05 -------- d-----w- c:\programdata\SystemExplorer
2012-05-20 04:02 . 2012-05-20 04:02 -------- d-----w- c:\program files\System Explorer
2012-05-18 06:04 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F0FEC0B-DBA8-4982-ABC0-6563EF44B635}\mpengine.dll
2012-05-18 02:19 . 2012-05-18 02:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-18 02:19 . 2012-05-18 02:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-13 22:43 . 2012-05-13 22:43 -------- d-----w- c:\users\Brooke\AppData\Local\Apps
2012-05-13 21:50 . 2012-05-13 21:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 21:41 . 2012-05-13 23:42 -------- d-----w- c:\users\Brooke\AppData\Roaming\Systweak
2012-05-13 21:41 . 2011-08-04 18:59 17280 ----a-w- c:\windows\system32\roboot.exe
2012-05-12 20:44 . 2012-05-14 14:18 -------- d-----w- c:\windows\help
2012-05-12 00:55 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 00:55 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 00:55 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 21:19 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 21:19 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 21:19 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 21:19 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-11 21:19 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 21:19 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 21:19 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 21:19 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-11 21:19 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 21:18 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-11 21:18 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-11 21:18 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-11 21:18 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-25 23:24 . 2012-04-25 23:24 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 23:24 . 2012-04-25 23:24 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-24 03:18 . 2012-05-04 23:32 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-22 05:06 . 2012-04-22 05:06 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 23:32 . 2011-05-17 03:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-07-25 22:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2010-10-03 13:33 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2009-10-03 04:48 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-05-18 20:44 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2009-10-03 04:48 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2009-10-03 04:49 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2009-10-03 04:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2009-10-03 04:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2009-10-03 04:48 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-29 15:11 . 2012-04-11 07:24 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-11 07:24 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-11 07:24 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-11 07:24 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 11:30 . 2012-04-10 21:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 11:25 . 2012-04-10 21:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 11:25 . 2012-04-10 21:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 11:25 . 2012-04-10 21:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-02-28 11:25 . 2012-04-10 21:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-28 10:07 . 2012-04-10 21:56 385024 ----a-w- c:\windows\system32\html.iec
2012-02-28 08:12 . 2012-04-10 21:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-28 08:08 . 2012-04-10 21:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 14:18 . 2009-10-03 08:58 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-25 23:24 . 2011-03-24 17:57 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Brooke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Brooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-05-22 23:32 538744 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 14:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 23:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-05-25 20:55 154392 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-07 23:49 55416 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-05-25 20:55 142104 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBUCATS]
2007-02-22 10:12 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbutime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-05-25 20:55 138008 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 17:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-13 22:36 1822720 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-03-22 18:46 448632 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2007-03-29 17:39 411192 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FXRIRKOC
*Deregistered* - fxrirkoc
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 23:32]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 19:21]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 19:21]
.
2012-05-20 c:\windows\Tasks\Norton Security Scan for Brooke.job
- c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-28 06:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://centurylink.net
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Brooke\AppData\Roaming\Mozilla\Firefox\Profiles\ba3krz0f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centurylink.net/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-37999831.sys
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-EmbarqVALite_McciTrayApp - c:\program files\EmbarqVALite\EMBARQHelpHelper.exe
MSConfigStartUp-Google Update - c:\users\Brooke\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-Windows Mobile Device Center - c:\windows\WindowsMobile\wmdc.exe
AddRemove-Lexmark 6200 Series - c:\program files\Lexmark 6200 Series\Install\x86\Uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-21 20:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-21 20:32:47
ComboFix-quarantined-files.txt 2012-05-22 00:32
.
Pre-Run: 55,450,640,384 bytes free
Post-Run: 55,437,307,904 bytes free
.
- - End Of File - - DF0BA657293A8484654DC7E88D9A7637

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 21 May 2012 - 10:02 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 7buttons

7buttons
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 23 May 2012 - 01:13 AM

CPU seems to be getting lower now, running at an average of about 20-30%. I haven't had too much time in the past few days to watch for the random spikes of 100% but I have seen it up to about a 60% spike. Also, I know I didnt mention this earlier, but over the past few weeks I have been getting the blue screen every once in a while, but it always restarts just fine..anyway here are the logs. thanks so much for your help!

00:34:27.0833 3132 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
00:34:28.0343 3132 ============================================================
00:34:28.0343 3132 Current date / time: 2012/05/23 00:34:28.0343
00:34:28.0343 3132 SystemInfo:
00:34:28.0343 3132
00:34:28.0343 3132 OS Version: 6.0.6002 ServicePack: 2.0
00:34:28.0343 3132 Product type: Workstation
00:34:28.0343 3132 ComputerName: BROOKESLAPTOP
00:34:28.0344 3132 UserName: Brooke
00:34:28.0344 3132 Windows directory: C:\Windows
00:34:28.0344 3132 System windows directory: C:\Windows
00:34:28.0344 3132 Processor architecture: Intel x86
00:34:28.0344 3132 Number of processors: 2
00:34:28.0344 3132 Page size: 0x1000
00:34:28.0344 3132 Boot type: Normal boot
00:34:28.0344 3132 ============================================================
00:34:31.0870 3132 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:34:32.0029 3132 ============================================================
00:34:32.0029 3132 \Device\Harddisk0\DR0:
00:34:32.0063 3132 MBR partitions:
00:34:32.0063 3132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x171AF000
00:34:32.0064 3132 ============================================================
00:34:32.0095 3132 C: <-> \Device\Harddisk0\DR0\Partition0
00:34:32.0096 3132 ============================================================
00:34:32.0096 3132 Initialize success
00:34:32.0096 3132 ============================================================
00:34:36.0945 3816 ============================================================
00:34:36.0945 3816 Scan started
00:34:36.0945 3816 Mode: Manual;
00:34:36.0945 3816 ============================================================
00:34:37.0911 3816 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:34:37.0920 3816 ACPI - ok
00:34:38.0041 3816 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:34:38.0049 3816 AdobeFlashPlayerUpdateSvc - ok
00:34:38.0166 3816 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
00:34:38.0180 3816 adp94xx - ok
00:34:38.0258 3816 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
00:34:38.0269 3816 adpahci - ok
00:34:38.0304 3816 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
00:34:38.0309 3816 adpu160m - ok
00:34:38.0348 3816 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
00:34:38.0355 3816 adpu320 - ok
00:34:38.0409 3816 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
00:34:38.0411 3816 AeLookupSvc - ok
00:34:38.0520 3816 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:34:38.0530 3816 AFD - ok
00:34:38.0567 3816 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
00:34:38.0570 3816 AgereModemAudio - ok
00:34:38.0803 3816 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
00:34:38.0841 3816 AgereSoftModem - ok
00:34:38.0914 3816 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
00:34:38.0917 3816 agp440 - ok
00:34:38.0987 3816 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:34:38.0992 3816 aic78xx - ok
00:34:39.0055 3816 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
00:34:39.0059 3816 ALG - ok
00:34:39.0077 3816 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
00:34:39.0080 3816 aliide - ok
00:34:39.0115 3816 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
00:34:39.0119 3816 amdagp - ok
00:34:39.0141 3816 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
00:34:39.0144 3816 amdide - ok
00:34:39.0172 3816 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
00:34:39.0175 3816 AmdK7 - ok
00:34:39.0209 3816 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
00:34:39.0212 3816 AmdK8 - ok
00:34:39.0271 3816 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
00:34:39.0273 3816 Appinfo - ok
00:34:39.0431 3816 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:34:39.0435 3816 Apple Mobile Device - ok
00:34:39.0509 3816 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
00:34:39.0514 3816 arc - ok
00:34:39.0546 3816 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
00:34:39.0550 3816 arcsas - ok
00:34:39.0636 3816 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
00:34:39.0639 3816 aswFsBlk - ok
00:34:39.0729 3816 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
00:34:39.0732 3816 aswMonFlt - ok
00:34:39.0809 3816 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
00:34:39.0813 3816 aswRdr - ok
00:34:39.0989 3816 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
00:34:40.0010 3816 aswSnx - ok
00:34:40.0135 3816 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
00:34:40.0148 3816 aswSP - ok
00:34:40.0208 3816 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
00:34:40.0212 3816 aswTdi - ok
00:34:40.0272 3816 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:34:40.0274 3816 AsyncMac - ok
00:34:40.0310 3816 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:34:40.0311 3816 atapi - ok
00:34:40.0420 3816 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:34:40.0431 3816 AudioEndpointBuilder - ok
00:34:40.0439 3816 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:34:40.0444 3816 Audiosrv - ok
00:34:40.0598 3816 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
00:34:40.0599 3816 avast! Antivirus - ok
00:34:40.0636 3816 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:34:40.0638 3816 Beep - ok
00:34:40.0752 3816 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
00:34:40.0765 3816 BFE - ok
00:34:40.0958 3816 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
00:34:41.0001 3816 BITS - ok
00:34:41.0009 3816 blbdrive - ok
00:34:41.0195 3816 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
00:34:41.0208 3816 Bonjour Service - ok
00:34:41.0249 3816 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:34:41.0253 3816 bowser - ok
00:34:41.0306 3816 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:34:41.0309 3816 BrFiltLo - ok
00:34:41.0330 3816 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:34:41.0332 3816 BrFiltUp - ok
00:34:41.0385 3816 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
00:34:41.0390 3816 Browser - ok
00:34:41.0471 3816 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:34:41.0476 3816 Brserid - ok
00:34:41.0511 3816 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:34:41.0515 3816 BrSerWdm - ok
00:34:41.0540 3816 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:34:41.0543 3816 BrUsbMdm - ok
00:34:41.0558 3816 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:34:41.0561 3816 BrUsbSer - ok
00:34:41.0617 3816 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:34:41.0620 3816 BTHMODEM - ok
00:34:41.0686 3816 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
00:34:41.0689 3816 BthServ - ok
00:34:41.0808 3816 catchme - ok
00:34:41.0872 3816 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:34:41.0877 3816 cdfs - ok
00:34:41.0929 3816 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:34:41.0933 3816 cdrom - ok
00:34:41.0992 3816 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:34:41.0999 3816 CertPropSvc - ok
00:34:42.0043 3816 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
00:34:42.0047 3816 circlass - ok
00:34:42.0129 3816 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:34:42.0137 3816 CLFS - ok
00:34:42.0270 3816 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:34:42.0275 3816 clr_optimization_v2.0.50727_32 - ok
00:34:42.0457 3816 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:34:42.0463 3816 clr_optimization_v4.0.30319_32 - ok
00:34:42.0511 3816 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:34:42.0514 3816 CmBatt - ok
00:34:42.0540 3816 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
00:34:42.0543 3816 cmdide - ok
00:34:42.0572 3816 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:34:42.0576 3816 Compbatt - ok
00:34:42.0582 3816 COMSysApp - ok
00:34:42.0674 3816 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
00:34:42.0677 3816 crcdisk - ok
00:34:42.0712 3816 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
00:34:42.0716 3816 Crusoe - ok
00:34:42.0794 3816 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
00:34:42.0800 3816 CryptSvc - ok
00:34:42.0950 3816 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:34:42.0976 3816 DcomLaunch - ok
00:34:43.0030 3816 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:34:43.0035 3816 DfsC - ok
00:34:43.0456 3816 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
00:34:43.0523 3816 DFSR - ok
00:34:43.0862 3816 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
00:34:43.0866 3816 Dhcp - ok
00:34:43.0944 3816 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:34:43.0948 3816 disk - ok
00:34:44.0016 3816 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
00:34:44.0023 3816 Dnscache - ok
00:34:44.0094 3816 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
00:34:44.0103 3816 dot3svc - ok
00:34:44.0175 3816 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
00:34:44.0182 3816 DPS - ok
00:34:44.0226 3816 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:34:44.0229 3816 drmkaud - ok
00:34:44.0387 3816 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:34:44.0409 3816 DXGKrnl - ok
00:34:44.0489 3816 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:34:44.0494 3816 E1G60 - ok
00:34:44.0538 3816 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
00:34:44.0543 3816 EapHost - ok
00:34:44.0634 3816 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:34:44.0640 3816 Ecache - ok
00:34:44.0757 3816 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
00:34:44.0768 3816 ehRecvr - ok
00:34:44.0826 3816 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
00:34:44.0831 3816 ehSched - ok
00:34:44.0852 3816 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
00:34:44.0855 3816 ehstart - ok
00:34:44.0977 3816 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
00:34:44.0989 3816 elxstor - ok
00:34:45.0137 3816 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
00:34:45.0156 3816 EMDMgmt - ok
00:34:45.0232 3816 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
00:34:45.0244 3816 EventSystem - ok
00:34:45.0321 3816 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:34:45.0328 3816 exfat - ok
00:34:45.0392 3816 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:34:45.0398 3816 fastfat - ok
00:34:45.0435 3816 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
00:34:45.0439 3816 fdc - ok
00:34:45.0482 3816 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
00:34:45.0486 3816 fdPHost - ok
00:34:45.0514 3816 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
00:34:45.0519 3816 FDResPub - ok
00:34:45.0564 3816 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:34:45.0567 3816 FileInfo - ok
00:34:45.0616 3816 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:34:45.0619 3816 Filetrace - ok
00:34:45.0644 3816 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
00:34:45.0647 3816 flpydisk - ok
00:34:45.0718 3816 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:34:45.0725 3816 FltMgr - ok
00:34:45.0942 3816 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
00:34:45.0971 3816 FontCache - ok
00:34:46.0084 3816 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:34:46.0088 3816 FontCache3.0.0.0 - ok
00:34:46.0130 3816 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
00:34:46.0133 3816 Fs_Rec - ok
00:34:46.0161 3816 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
00:34:46.0164 3816 FwLnk - ok
00:34:46.0190 3816 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
00:34:46.0194 3816 gagp30kx - ok
00:34:46.0240 3816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:34:46.0244 3816 GEARAspiWDM - ok
00:34:46.0380 3816 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
00:34:46.0402 3816 gpsvc - ok
00:34:46.0540 3816 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:34:46.0546 3816 gupdate - ok
00:34:46.0586 3816 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:34:46.0589 3816 gupdatem - ok
00:34:46.0646 3816 gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:34:46.0653 3816 gusvc - ok
00:34:46.0744 3816 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:34:46.0753 3816 HdAudAddService - ok
00:34:46.0889 3816 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:34:46.0909 3816 HDAudBus - ok
00:34:46.0943 3816 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:34:46.0947 3816 HidBth - ok
00:34:46.0969 3816 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:34:46.0972 3816 HidIr - ok
00:34:47.0018 3816 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
00:34:47.0023 3816 hidserv - ok
00:34:47.0069 3816 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:34:47.0072 3816 HidUsb - ok
00:34:47.0114 3816 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
00:34:47.0123 3816 hkmsvc - ok
00:34:47.0170 3816 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
00:34:47.0174 3816 HpCISSs - ok
00:34:47.0288 3816 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:34:47.0303 3816 HTTP - ok
00:34:47.0327 3816 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
00:34:47.0330 3816 i2omp - ok
00:34:47.0397 3816 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:34:47.0401 3816 i8042prt - ok
00:34:47.0537 3816 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
00:34:47.0546 3816 iaStorV - ok
00:34:47.0789 3816 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:34:47.0818 3816 idsvc - ok
00:34:48.0182 3816 igfx (f93a6b133a2fa961cd49ddbcc16449bb) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:34:48.0240 3816 igfx - ok
00:34:48.0539 3816 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:34:48.0542 3816 iirsp - ok
00:34:48.0666 3816 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
00:34:48.0684 3816 IKEEXT - ok
00:34:49.0079 3816 IntcAzAudAddService (b84732d9f8459abf6323d28a3270dc19) C:\Windows\system32\drivers\RTKVHDA.sys
00:34:49.0137 3816 IntcAzAudAddService - ok
00:34:49.0453 3816 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:34:49.0456 3816 intelide - ok
00:34:49.0502 3816 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:34:49.0505 3816 intelppm - ok
00:34:49.0628 3816 IntuitUpdateService (7bdb4e00e1cb174b56e5b2c31dde68a7) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
00:34:49.0631 3816 IntuitUpdateService - ok
00:34:49.0673 3816 IO_Memory - ok
00:34:49.0724 3816 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
00:34:49.0732 3816 IPBusEnum - ok
00:34:49.0784 3816 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:34:49.0787 3816 IpFilterDriver - ok
00:34:49.0860 3816 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
00:34:49.0871 3816 iphlpsvc - ok
00:34:49.0897 3816 IpInIp - ok
00:34:49.0945 3816 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
00:34:49.0949 3816 IPMIDRV - ok
00:34:50.0000 3816 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:34:50.0005 3816 IPNAT - ok
00:34:50.0192 3816 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
00:34:50.0218 3816 iPod Service - ok
00:34:50.0253 3816 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:34:50.0256 3816 IRENUM - ok
00:34:50.0288 3816 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
00:34:50.0292 3816 isapnp - ok
00:34:50.0384 3816 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:34:50.0391 3816 iScsiPrt - ok
00:34:50.0435 3816 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:34:50.0438 3816 iteatapi - ok
00:34:50.0471 3816 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:34:50.0474 3816 iteraid - ok
00:34:50.0526 3816 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:34:50.0529 3816 kbdclass - ok
00:34:50.0556 3816 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
00:34:50.0559 3816 kbdhid - ok
00:34:50.0593 3816 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:34:50.0599 3816 KeyIso - ok
00:34:50.0718 3816 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
00:34:50.0734 3816 KSecDD - ok
00:34:50.0849 3816 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
00:34:50.0867 3816 KtmRm - ok
00:34:50.0998 3816 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
00:34:51.0011 3816 LanmanServer - ok
00:34:51.0099 3816 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
00:34:51.0116 3816 LanmanWorkstation - ok
00:34:51.0702 3816 LiveUpdate (3c7fcbbc35e0a52ce9b12e9cc4f5b991) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
00:34:51.0784 3816 LiveUpdate - ok
00:34:52.0074 3816 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:34:52.0078 3816 lltdio - ok
00:34:52.0155 3816 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
00:34:52.0167 3816 lltdsvc - ok
00:34:52.0200 3816 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
00:34:52.0206 3816 lmhosts - ok
00:34:52.0267 3816 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
00:34:52.0272 3816 LSI_FC - ok
00:34:52.0317 3816 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
00:34:52.0321 3816 LSI_SAS - ok
00:34:52.0362 3816 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
00:34:52.0367 3816 LSI_SCSI - ok
00:34:52.0423 3816 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:34:52.0428 3816 luafv - ok
00:34:52.0464 3816 lxbu_device - ok
00:34:52.0510 3816 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
00:34:52.0513 3816 MBAMProtector - ok
00:34:52.0761 3816 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:34:52.0783 3816 MBAMService - ok
00:34:52.0834 3816 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
00:34:52.0842 3816 Mcx2Svc - ok
00:34:52.0877 3816 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
00:34:52.0881 3816 megasas - ok
00:34:53.0043 3816 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
00:34:53.0047 3816 Microsoft Office Groove Audit Service - ok
00:34:53.0082 3816 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:34:53.0090 3816 MMCSS - ok
00:34:53.0138 3816 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:34:53.0142 3816 Modem - ok
00:34:53.0209 3816 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:34:53.0212 3816 monitor - ok
00:34:53.0257 3816 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:34:53.0260 3816 mouclass - ok
00:34:53.0290 3816 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:34:53.0294 3816 mouhid - ok
00:34:53.0340 3816 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:34:53.0343 3816 MountMgr - ok
00:34:53.0421 3816 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
00:34:53.0426 3816 mpio - ok
00:34:53.0482 3816 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:34:53.0486 3816 mpsdrv - ok
00:34:53.0603 3816 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
00:34:53.0622 3816 MpsSvc - ok
00:34:53.0652 3816 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:34:53.0656 3816 Mraid35x - ok
00:34:53.0688 3816 MREMPR5 - ok
00:34:53.0698 3816 MRENDIS5 - ok
00:34:53.0750 3816 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:34:53.0755 3816 MRxDAV - ok
00:34:53.0814 3816 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:34:53.0819 3816 mrxsmb - ok
00:34:53.0900 3816 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:34:53.0909 3816 mrxsmb10 - ok
00:34:53.0943 3816 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:34:53.0947 3816 mrxsmb20 - ok
00:34:54.0006 3816 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
00:34:54.0009 3816 msahci - ok
00:34:54.0064 3816 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
00:34:54.0069 3816 msdsm - ok
00:34:54.0123 3816 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
00:34:54.0133 3816 MSDTC - ok
00:34:54.0218 3816 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:34:54.0221 3816 Msfs - ok
00:34:54.0284 3816 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:34:54.0288 3816 msisadrv - ok
00:34:54.0360 3816 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
00:34:54.0369 3816 MSiSCSI - ok
00:34:54.0376 3816 msiserver - ok
00:34:54.0526 3816 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:34:54.0529 3816 MSKSSRV - ok
00:34:54.0580 3816 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:34:54.0583 3816 MSPCLOCK - ok
00:34:54.0608 3816 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:34:54.0611 3816 MSPQM - ok
00:34:54.0676 3816 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:34:54.0684 3816 MsRPC - ok
00:34:54.0732 3816 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:34:54.0736 3816 mssmbios - ok
00:34:54.0763 3816 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:34:54.0766 3816 MSTEE - ok
00:34:54.0798 3816 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:34:54.0802 3816 Mup - ok
00:34:54.0891 3816 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
00:34:54.0908 3816 napagent - ok
00:34:54.0981 3816 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:34:54.0988 3816 NativeWifiP - ok
00:34:55.0118 3816 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:34:55.0136 3816 NDIS - ok
00:34:55.0177 3816 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:34:55.0180 3816 NdisTapi - ok
00:34:55.0230 3816 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:34:55.0233 3816 Ndisuio - ok
00:34:55.0276 3816 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:34:55.0282 3816 NdisWan - ok
00:34:55.0328 3816 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:34:55.0332 3816 NDProxy - ok
00:34:55.0361 3816 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:34:55.0364 3816 NetBIOS - ok
00:34:55.0448 3816 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:34:55.0456 3816 netbt - ok
00:34:55.0497 3816 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:34:55.0503 3816 Netlogon - ok
00:34:55.0595 3816 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
00:34:55.0611 3816 Netman - ok
00:34:55.0682 3816 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
00:34:55.0693 3816 netprofm - ok
00:34:55.0797 3816 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:34:55.0803 3816 NetTcpPortSharing - ok
00:34:56.0225 3816 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
00:34:56.0283 3816 NETw3v32 - ok
00:34:57.0157 3816 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
00:34:57.0323 3816 NETw4v32 - ok
00:34:57.0607 3816 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:34:57.0611 3816 nfrd960 - ok
00:34:57.0673 3816 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
00:34:57.0686 3816 NlaSvc - ok
00:34:57.0751 3816 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:34:57.0754 3816 Npfs - ok
00:34:57.0793 3816 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
00:34:57.0802 3816 nsi - ok
00:34:57.0830 3816 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:34:57.0834 3816 nsiproxy - ok
00:34:58.0072 3816 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:34:58.0108 3816 Ntfs - ok
00:34:58.0144 3816 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:34:58.0148 3816 ntrigdigi - ok
00:34:58.0204 3816 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:34:58.0207 3816 Null - ok
00:34:58.0245 3816 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
00:34:58.0250 3816 nvraid - ok
00:34:58.0276 3816 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
00:34:58.0280 3816 nvstor - ok
00:34:58.0319 3816 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
00:34:58.0325 3816 nv_agp - ok
00:34:58.0334 3816 NwlnkFlt - ok
00:34:58.0344 3816 NwlnkFwd - ok
00:34:58.0682 3816 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:34:58.0700 3816 odserv - ok
00:34:58.0762 3816 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:34:58.0765 3816 ohci1394 - ok
00:34:58.0847 3816 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:34:58.0853 3816 ose - ok
00:34:59.0022 3816 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:34:59.0050 3816 p2pimsvc - ok
00:34:59.0064 3816 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:34:59.0080 3816 p2psvc - ok
00:34:59.0125 3816 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:34:59.0130 3816 Parport - ok
00:34:59.0183 3816 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
00:34:59.0187 3816 partmgr - ok
00:34:59.0208 3816 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:34:59.0212 3816 Parvdm - ok
00:34:59.0258 3816 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
00:34:59.0267 3816 PcaSvc - ok
00:34:59.0329 3816 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:34:59.0336 3816 pci - ok
00:34:59.0359 3816 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
00:34:59.0363 3816 pciide - ok
00:34:59.0429 3816 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
00:34:59.0437 3816 pcmcia - ok
00:34:59.0667 3816 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:34:59.0730 3816 PEAUTH - ok
00:34:59.0850 3816 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\TOSHIBA\IVP\ISM\pinger.exe
00:34:59.0856 3816 pinger - ok
00:35:00.0172 3816 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
00:35:00.0231 3816 pla - ok
00:35:00.0597 3816 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
00:35:00.0614 3816 PlugPlay - ok
00:35:00.0810 3816 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:35:00.0825 3816 PNRPAutoReg - ok
00:35:00.0839 3816 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:35:00.0854 3816 PNRPsvc - ok
00:35:01.0084 3816 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
00:35:01.0100 3816 PolicyAgent - ok
00:35:01.0214 3816 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:35:01.0218 3816 PptpMiniport - ok
00:35:01.0263 3816 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
00:35:01.0267 3816 Processor - ok
00:35:01.0320 3816 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
00:35:01.0334 3816 ProfSvc - ok
00:35:01.0363 3816 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:35:01.0369 3816 ProtectedStorage - ok
00:35:01.0417 3816 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:35:01.0421 3816 PSched - ok
00:35:01.0451 3816 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
00:35:01.0456 3816 PxHelp20 - ok
00:35:01.0733 3816 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
00:35:01.0763 3816 ql2300 - ok
00:35:01.0828 3816 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:35:01.0834 3816 ql40xx - ok
00:35:01.0928 3816 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
00:35:01.0944 3816 QWAVE - ok
00:35:01.0995 3816 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:35:01.0998 3816 QWAVEdrv - ok
00:35:02.0091 3816 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
00:35:02.0098 3816 RapiMgr - ok
00:35:02.0120 3816 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:35:02.0124 3816 RasAcd - ok
00:35:02.0169 3816 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
00:35:02.0181 3816 RasAuto - ok
00:35:02.0232 3816 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:35:02.0237 3816 Rasl2tp - ok
00:35:02.0332 3816 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
00:35:02.0349 3816 RasMan - ok
00:35:02.0396 3816 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:35:02.0401 3816 RasPppoe - ok
00:35:02.0475 3816 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:35:02.0480 3816 RasSstp - ok
00:35:02.0557 3816 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:35:02.0566 3816 rdbss - ok
00:35:02.0605 3816 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:35:02.0607 3816 RDPCDD - ok
00:35:02.0691 3816 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
00:35:02.0701 3816 rdpdr - ok
00:35:02.0714 3816 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:35:02.0718 3816 RDPENCDD - ok
00:35:02.0795 3816 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
00:35:02.0802 3816 RDPWD - ok
00:35:02.0876 3816 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
00:35:02.0885 3816 RemoteAccess - ok
00:35:02.0946 3816 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
00:35:02.0958 3816 RemoteRegistry - ok
00:35:02.0992 3816 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
00:35:02.0997 3816 RpcLocator - ok
00:35:03.0136 3816 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:35:03.0151 3816 RpcSs - ok
00:35:03.0210 3816 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:35:03.0214 3816 rspndr - ok
00:35:03.0239 3816 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:35:03.0245 3816 SamSs - ok
00:35:03.0300 3816 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:35:03.0305 3816 sbp2port - ok
00:35:03.0710 3816 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
00:35:03.0747 3816 SBSDWSCService - ok
00:35:04.0024 3816 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
00:35:04.0036 3816 SCardSvr - ok
00:35:04.0193 3816 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
00:35:04.0222 3816 Schedule - ok
00:35:04.0262 3816 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:35:04.0264 3816 SCPolicySvc - ok
00:35:04.0381 3816 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
00:35:04.0386 3816 sdbus - ok
00:35:04.0451 3816 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
00:35:04.0464 3816 SDRSVC - ok
00:35:04.0496 3816 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:35:04.0500 3816 secdrv - ok
00:35:04.0532 3816 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
00:35:04.0543 3816 seclogon - ok
00:35:04.0585 3816 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
00:35:04.0596 3816 SENS - ok
00:35:04.0617 3816 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:35:04.0620 3816 Serenum - ok
00:35:04.0658 3816 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:35:04.0663 3816 Serial - ok
00:35:04.0703 3816 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:35:04.0707 3816 sermouse - ok
00:35:04.0778 3816 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
00:35:04.0790 3816 SessionEnv - ok
00:35:04.0830 3816 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
00:35:04.0834 3816 sffdisk - ok
00:35:04.0873 3816 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
00:35:04.0877 3816 sffp_mmc - ok
00:35:04.0904 3816 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:35:04.0908 3816 sffp_sd - ok
00:35:04.0937 3816 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:35:04.0941 3816 sfloppy - ok
00:35:05.0022 3816 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
00:35:05.0035 3816 SharedAccess - ok
00:35:05.0124 3816 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
00:35:05.0140 3816 ShellHWDetection - ok
00:35:05.0167 3816 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
00:35:05.0171 3816 sisagp - ok
00:35:05.0208 3816 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
00:35:05.0212 3816 SiSRaid2 - ok
00:35:05.0247 3816 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
00:35:05.0252 3816 SiSRaid4 - ok
00:35:06.0070 3816 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
00:35:06.0207 3816 slsvc - ok
00:35:06.0493 3816 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
00:35:06.0504 3816 SLUINotify - ok
00:35:06.0603 3816 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:35:06.0608 3816 Smb - ok
00:35:06.0655 3816 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
00:35:06.0665 3816 SNMPTRAP - ok
00:35:06.0709 3816 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:35:06.0713 3816 spldr - ok
00:35:06.0765 3816 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
00:35:06.0778 3816 Spooler - ok
00:35:06.0868 3816 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:35:06.0892 3816 srv - ok
00:35:06.0958 3816 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:35:06.0965 3816 srv2 - ok
00:35:07.0005 3816 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:35:07.0011 3816 srvnet - ok
00:35:07.0085 3816 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
00:35:07.0100 3816 SSDPSRV - ok
00:35:07.0201 3816 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
00:35:07.0214 3816 SstpSvc - ok
00:35:07.0359 3816 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
00:35:07.0384 3816 stisvc - ok
00:35:07.0438 3816 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:35:07.0442 3816 swenum - ok
00:35:07.0552 3816 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
00:35:07.0571 3816 swprv - ok
00:35:07.0646 3816 Swupdtmr (327786c5d6bcf284fab14c2b5751f514) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
00:35:07.0650 3816 Swupdtmr - ok
00:35:07.0683 3816 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:35:07.0686 3816 Symc8xx - ok
00:35:07.0707 3816 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:35:07.0711 3816 Sym_hi - ok
00:35:07.0745 3816 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:35:07.0749 3816 Sym_u3 - ok
00:35:07.0834 3816 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
00:35:07.0843 3816 SynTP - ok
00:35:07.0987 3816 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
00:35:08.0015 3816 SysMain - ok
00:35:08.0245 3816 SystemExplorerHelpService (bd24dfc2382a2dadbfb5a15fcd53538e) C:\Program Files\System Explorer\service\SystemExplorerService.exe
00:35:08.0264 3816 SystemExplorerHelpService - ok
00:35:08.0313 3816 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
00:35:08.0326 3816 TabletInputService - ok
00:35:08.0412 3816 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
00:35:08.0429 3816 TapiSrv - ok
00:35:08.0485 3816 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
00:35:08.0496 3816 TBS - ok
00:35:08.0746 3816 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
00:35:08.0775 3816 Tcpip - ok
00:35:08.0796 3816 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
00:35:08.0809 3816 Tcpip6 - ok
00:35:08.0865 3816 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:35:08.0869 3816 tcpipreg - ok
00:35:08.0908 3816 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
00:35:08.0911 3816 tdcmdpst - ok
00:35:08.0959 3816 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:35:08.0962 3816 TDPIPE - ok
00:35:08.0984 3816 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:35:08.0988 3816 TDTCP - ok
00:35:09.0052 3816 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:35:09.0058 3816 tdx - ok
00:35:09.0098 3816 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:35:09.0103 3816 TermDD - ok
00:35:09.0215 3816 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
00:35:09.0240 3816 TermService - ok
00:35:09.0325 3816 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
00:35:09.0337 3816 Themes - ok
00:35:09.0381 3816 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:35:09.0387 3816 THREADORDER - ok
00:35:09.0490 3816 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
00:35:09.0502 3816 tifm21 - ok
00:35:09.0605 3816 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
00:35:09.0610 3816 TomTomHOMEService - ok
00:35:09.0779 3816 TosCoSrv (6a54c28b53c6b50d333c8ee974c6b208) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
00:35:09.0794 3816 TosCoSrv - ok
00:35:09.0904 3816 TOSHIBA Bluetooth Service (87843b2da99051bc66e2d6c211e3d6a4) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
00:35:09.0910 3816 TOSHIBA Bluetooth Service - ok
00:35:09.0939 3816 Tosrfcom - ok
00:35:10.0031 3816 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
00:35:10.0042 3816 tos_sps32 - ok
00:35:10.0099 3816 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
00:35:10.0112 3816 TrkWks - ok
00:35:10.0193 3816 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
00:35:10.0195 3816 TrustedInstaller - ok
00:35:10.0243 3816 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:35:10.0247 3816 tssecsrv - ok
00:35:10.0308 3816 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:35:10.0311 3816 tunmp - ok
00:35:10.0358 3816 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:35:10.0362 3816 tunnel - ok
00:35:10.0428 3816 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
00:35:10.0432 3816 TVALZ - ok
00:35:10.0482 3816 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
00:35:10.0486 3816 uagp35 - ok
00:35:10.0572 3816 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:35:10.0581 3816 udfs - ok
00:35:10.0627 3816 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
00:35:10.0638 3816 UI0Detect - ok
00:35:10.0671 3816 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
00:35:10.0676 3816 uliagpkx - ok
00:35:10.0747 3816 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
00:35:10.0756 3816 uliahci - ok
00:35:10.0795 3816 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:35:10.0801 3816 UlSata - ok
00:35:10.0839 3816 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:35:10.0845 3816 ulsata2 - ok
00:35:10.0890 3816 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:35:10.0894 3816 umbus - ok
00:35:11.0047 3816 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
00:35:11.0066 3816 upnphost - ok
00:35:11.0125 3816 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
00:35:11.0129 3816 USBAAPL - ok
00:35:11.0185 3816 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:35:11.0190 3816 usbccgp - ok
00:35:11.0252 3816 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:35:11.0257 3816 usbcir - ok
00:35:11.0322 3816 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:35:11.0326 3816 usbehci - ok
00:35:11.0400 3816 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:35:11.0409 3816 usbhub - ok
00:35:11.0443 3816 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:35:11.0446 3816 usbohci - ok
00:35:11.0474 3816 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:35:11.0478 3816 usbprint - ok
00:35:11.0532 3816 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:35:11.0537 3816 usbscan - ok
00:35:11.0598 3816 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:35:11.0603 3816 USBSTOR - ok
00:35:11.0670 3816 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:35:11.0681 3816 usbuhci - ok
00:35:11.0758 3816 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
00:35:11.0767 3816 usbvideo - ok
00:35:11.0837 3816 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
00:35:11.0841 3816 usb_rndisx - ok
00:35:11.0898 3816 UVCFTR (3b929a72aaea96dc0150d3a6da268c89) C:\Windows\system32\Drivers\UVCFTR_S.SYS
00:35:11.0902 3816 UVCFTR - ok
00:35:11.0945 3816 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
00:35:11.0956 3816 UxSms - ok
00:35:12.0062 3816 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
00:35:12.0085 3816 vds - ok
00:35:12.0119 3816 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
00:35:12.0123 3816 vga - ok
00:35:12.0160 3816 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:35:12.0163 3816 VgaSave - ok
00:35:12.0205 3816 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
00:35:12.0209 3816 viaagp - ok
00:35:12.0231 3816 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
00:35:12.0236 3816 ViaC7 - ok
00:35:12.0258 3816 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
00:35:12.0262 3816 viaide - ok
00:35:12.0314 3816 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:35:12.0318 3816 volmgr - ok
00:35:12.0430 3816 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:35:12.0443 3816 volmgrx - ok
00:35:12.0564 3816 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:35:12.0574 3816 volsnap - ok
00:35:12.0622 3816 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
00:35:12.0628 3816 vsmraid - ok
00:35:12.0858 3816 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
00:35:12.0903 3816 VSS - ok
00:35:12.0995 3816 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
00:35:13.0015 3816 W32Time - ok
00:35:13.0078 3816 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:35:13.0082 3816 WacomPen - ok
00:35:13.0131 3816 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:35:13.0136 3816 Wanarp - ok
00:35:13.0162 3816 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:35:13.0166 3816 Wanarpv6 - ok
00:35:13.0335 3816 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
00:35:13.0354 3816 WcesComm - ok
00:35:13.0520 3816 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
00:35:13.0544 3816 wcncsvc - ok
00:35:13.0585 3816 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
00:35:13.0597 3816 WcsPlugInService - ok
00:35:13.0641 3816 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
00:35:13.0645 3816 Wd - ok
00:35:13.0782 3816 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:35:13.0800 3816 Wdf01000 - ok
00:35:13.0855 3816 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:35:13.0868 3816 WdiServiceHost - ok
00:35:13.0875 3816 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:35:13.0887 3816 WdiSystemHost - ok
00:35:13.0971 3816 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
00:35:13.0988 3816 WebClient - ok
00:35:14.0054 3816 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
00:35:14.0070 3816 Wecsvc - ok
00:35:14.0128 3816 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
00:35:14.0142 3816 wercplsupport - ok
00:35:14.0212 3816 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
00:35:14.0226 3816 WerSvc - ok
00:35:14.0355 3816 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
00:35:14.0365 3816 WinDefend - ok
00:35:14.0376 3816 WinHttpAutoProxySvc - ok
00:35:14.0510 3816 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
00:35:14.0517 3816 Winmgmt - ok
00:35:14.0786 3816 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
00:35:14.0837 3816 WinRM - ok
00:35:14.0968 3816 WINUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
00:35:14.0972 3816 WINUSB - ok
00:35:15.0111 3816 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
00:35:15.0142 3816 Wlansvc - ok
00:35:15.0171 3816 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
00:35:15.0175 3816 WmiAcpi - ok
00:35:15.0297 3816 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
00:35:15.0303 3816 wmiApSrv - ok
00:35:15.0604 3816 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:35:15.0634 3816 WMPNetworkSvc - ok
00:35:15.0683 3816 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
00:35:15.0699 3816 WPCSvc - ok
00:35:15.0745 3816 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
00:35:15.0759 3816 WPDBusEnum - ok
00:35:15.0860 3816 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:35:15.0864 3816 WpdUsb - ok
00:35:16.0211 3816 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:35:16.0237 3816 WPFFontCache_v0400 - ok
00:35:16.0284 3816 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:35:16.0288 3816 ws2ifsl - ok
00:35:16.0322 3816 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
00:35:16.0336 3816 wscsvc - ok
00:35:16.0344 3816 WSearch - ok
00:35:16.0755 3816 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
00:35:16.0828 3816 wuauserv - ok
00:35:17.0110 3816 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:35:17.0116 3816 WUDFRd - ok
00:35:17.0184 3816 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
00:35:17.0199 3816 wudfsvc - ok
00:35:17.0329 3816 yukonwlh (1dd951cf8a69fa2bea82f3e3a811fa95) C:\Windows\system32\DRIVERS\yk60x86.sys
00:35:17.0341 3816 yukonwlh - ok
00:35:17.0405 3816 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
00:35:18.0001 3816 \Device\Harddisk0\DR0 - ok
00:35:18.0007 3816 Boot (0x1200) (b9bcb9aa153ec5960e2cc028d27884eb) \Device\Harddisk0\DR0\Partition0
00:35:18.0011 3816 \Device\Harddisk0\DR0\Partition0 - ok
00:35:18.0012 3816 ============================================================
00:35:18.0012 3816 Scan finished
00:35:18.0012 3816 ============================================================
00:35:18.0162 2972 Detected object count: 0
00:35:18.0162 2972 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-23 00:37:16
-----------------------------
00:37:16.398 OS Version: Windows 6.0.6002 Service Pack 2
00:37:16.399 Number of processors: 2 586 0xF0D
00:37:16.400 ComputerName: BROOKESLAPTOP UserName: Brooke
00:37:25.236 Initialize success
00:37:28.157 AVAST engine defs: 12052201
00:40:49.982 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
00:40:50.030 Disk 0 Vendor: TOSHIBA_MK2035GSS DK020M Size: 190782MB BusType: 3
00:40:50.252 Disk 0 MBR read successfully
00:40:50.303 Disk 0 MBR scan
00:40:50.819 Disk 0 Windows VISTA default MBR code
00:40:50.888 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
00:40:51.289 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 189278 MB offset 3074048
00:40:51.437 Disk 0 scanning sectors +390715392
00:40:52.080 Disk 0 scanning C:\Windows\system32\drivers
00:42:21.143 Service scanning
00:42:57.578 Modules scanning
00:44:35.216 Disk 0 trace - called modules:
00:44:35.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys
00:44:35.649 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ac1570]
00:44:35.658 3 CLASSPNP.SYS[8410f8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8629a8a0]
00:44:37.909 AVAST engine scan C:\Windows
00:46:26.260 AVAST engine scan C:\Windows\system32
01:07:26.644 AVAST engine scan C:\Windows\system32\drivers
01:09:59.749 AVAST engine scan C:\Users\Brooke
01:41:09.774 AVAST engine scan C:\ProgramData
02:01:00.690 Scan finished successfully
02:11:57.004 Disk 0 MBR has been saved successfully to "C:\Users\Brooke\Desktop\MBR.dat"
02:11:57.014 The log file has been saved successfully to "C:\Users\Brooke\Desktop\aswMBR.txt"

Edited by 7buttons, 23 May 2012 - 01:22 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 23 May 2012 - 08:01 AM

Greetings 7buttons

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Conduit
c:\users\Brooke\AppData\Local\Conduit
c:\program files\uTorrentControl2

Firefox::
FF - ProfilePath - c:\users\Brooke\AppData\Roaming\Mozilla\Firefox\Profiles\ba3krz0f.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 7buttons

7buttons
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 23 May 2012 - 11:11 PM

Still having problems with cpu going up to 30%-60% randomly, especially when I have google chrome open and sometimes when I have firefox open. Also, it seems there are still a lot of weird processes running that never used to be there. Before I posted here, about two weeks ago, I had disabled a lot of start up items (the ones that were hogging cpu) and occasionally some of these items show up in my process explorer long after startup and this is still happening. Should I enable these? I am still having basically the same issues, however the spiking to 100% seems to have dwindled to about 60% and averaging about 20%-30%. here is the log after the script: (Thanks again for your help and super fast responses :) )


ComboFix 12-05-23.05 - Brooke 05/23/2012 19:44:58.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1029 [GMT -4:00]
Running from: c:\users\Brooke\Desktop\ComboFix.exe
Command switches used :: c:\users\Brooke\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\program files\uTorrentControl2
c:\program files\uTorrentControl2\GottenAppsContextMenu.xml
c:\program files\uTorrentControl2\ldrtbuTor.dll
c:\program files\uTorrentControl2\OtherAppsContextMenu.xml
c:\program files\uTorrentControl2\prxtbuTor.dll
c:\program files\uTorrentControl2\SharedAppsContextMenu.xml
c:\program files\uTorrentControl2\tbuTor.dll
c:\program files\uTorrentControl2\toolbar.cfg
c:\program files\uTorrentControl2\ToolbarContextMenu.xml
c:\program files\uTorrentControl2\uninstall.exe
c:\program files\uTorrentControl2\uTorrentControl2ToolbarHelper.exe
c:\users\Brooke\AppData\Local\Conduit
c:\users\Brooke\AppData\Local\Conduit\CT3072253\uTorrentControl2AutoUpdateHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 23:58 . 2012-05-23 23:58 -------- d-----w- c:\users\Brooke\AppData\Local\temp
2012-05-23 23:58 . 2012-05-23 23:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 21:47 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE057650-0B85-46FC-A357-658FF6EB3244}\mpengine.dll
2012-05-22 03:51 . 2012-05-23 19:29 -------- d-----w- C:\TEMP
2012-05-21 04:39 . 2012-05-21 04:39 388096 ----a-r- c:\users\Brooke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-20 05:20 . 2012-05-20 05:20 -------- d-----w- c:\users\Brooke\AppData\Local\CRE
2012-05-20 04:02 . 2012-05-20 04:05 -------- d-----w- c:\programdata\SystemExplorer
2012-05-20 04:02 . 2012-05-20 04:02 -------- d-----w- c:\program files\System Explorer
2012-05-18 02:19 . 2012-05-18 02:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-18 02:19 . 2012-05-18 02:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-13 22:43 . 2012-05-13 22:43 -------- d-----w- c:\users\Brooke\AppData\Local\Apps
2012-05-13 21:50 . 2012-05-13 21:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 21:41 . 2012-05-13 23:42 -------- d-----w- c:\users\Brooke\AppData\Roaming\Systweak
2012-05-13 21:41 . 2011-08-04 18:59 17280 ----a-w- c:\windows\system32\roboot.exe
2012-05-12 20:44 . 2012-05-14 14:18 -------- d-----w- c:\windows\help
2012-05-12 00:55 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 00:55 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 00:55 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 21:19 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 21:19 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 21:19 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 21:19 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-11 21:19 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 21:19 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 21:19 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 21:19 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-11 21:19 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 21:18 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-11 21:18 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-11 21:18 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-11 21:18 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-25 23:24 . 2012-04-25 23:24 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 23:24 . 2012-04-25 23:24 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-24 03:18 . 2012-05-04 23:32 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 23:32 . 2011-05-17 03:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-22 05:06 . 2012-04-22 05:06 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-04 19:56 . 2011-07-25 22:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2010-10-03 13:33 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2009-10-03 04:48 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-05-18 20:44 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2009-10-03 04:48 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2009-10-03 04:49 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2009-10-03 04:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2009-10-03 04:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2009-10-03 04:48 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-29 15:11 . 2012-04-11 07:24 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-11 07:24 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-11 07:24 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-11 07:24 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 11:30 . 2012-04-10 21:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 11:25 . 2012-04-10 21:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 11:25 . 2012-04-10 21:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 11:25 . 2012-04-10 21:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-02-28 11:25 . 2012-04-10 21:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-28 10:07 . 2012-04-10 21:56 385024 ----a-w- c:\windows\system32\html.iec
2012-02-28 08:12 . 2012-04-10 21:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-28 08:08 . 2012-04-10 21:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-25 23:24 . 2011-03-24 17:57 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Brooke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Brooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-05-22 23:32 538744 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 14:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 23:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-05-25 20:55 154392 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-07 23:49 55416 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-05-25 20:55 142104 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBUCATS]
2007-02-22 10:12 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbutime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-05-25 20:55 138008 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 17:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-13 22:36 1822720 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-03-22 18:46 448632 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 19:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2007-03-29 17:39 411192 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 23:32]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 19:21]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 19:21]
.
2012-05-20 c:\windows\Tasks\Norton Security Scan for Brooke.job
- c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-28 06:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://centurylink.net
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Brooke\AppData\Roaming\Mozilla\Firefox\Profiles\ba3krz0f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centurylink.net/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll
AddRemove-uTorrentControl2 Toolbar - c:\program files\uTorrentControl2\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-23 19:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-23 20:02:58
ComboFix-quarantined-files.txt 2012-05-24 00:02
ComboFix2.txt 2012-05-22 00:32
.
Pre-Run: 53,790,416,896 bytes free
Post-Run: 53,762,129,920 bytes free
.
- - End Of File - - 883C4A9CBD28C9256BD6F3F684B5E8CE

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 24 May 2012 - 09:34 AM

Hello

It is starting to look like it is not malware that is causing the issue

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.5.1
Java™ 6 Update 29
Java™ SE Runtime Environment 6
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 7buttons

7buttons
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 24 May 2012 - 08:50 PM

Ok I have performed all those steps...CPU is definitely getting better. Usually running between about 5%-10% with spikes between 25%-35%. I have a program that lists all the ports that certain processes are using and the remote address and state (listening, establish, etc) and there is a process on there that is named "unknown" and has no information other then the remote address and remote host name. What processes are supposed to be using ports, or "listening". There are a few processes on there with no process path, description, company or product name. Is this anything suspicious or are these normal occurrences?... As I am writing this I went to check on CPU usage and all of a sudden was spiked to 67%! Firefox and dwm.exe seemed to be using most of that spike that just happened. Anyway, here are the new logs:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.25.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
Brooke :: BROOKESLAPTOP [administrator]

5/24/2012 9:18:30 PM
mbam-log-2012-05-24 (21-18-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 194936
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:31:26 PM, on 5/24/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19222)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\notepad.exe
C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurylink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files\System Explorer\service\SystemExplorerService.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

--
End of file - 4936 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 24 May 2012 - 09:27 PM

Greetings

The ports I don't know about but sense you have seen firefox spike the cpu lets try uninstalling firefox and if asked about user data or settings remove them also restart the computer and reinstall firefox



:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 27 May 2012 - 06:25 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 7buttons

7buttons
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 27 May 2012 - 11:18 PM

Thanks for checking in. Today the spikes seems to be due to dwm.exe still and one of the many svchost.exe but mostly by system idle process and iexplorer.exe. and of course the onlinecmdlinescanner.exe as I am running it....Ok, so I have changed the groovemonitor.exe and adobearm.exe things by using hijack this, as you have said.... Now I did the ESET online scanner and here is the log from ESET scanner:

C:\Users\Brooke\Desktop\.junk\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Brooke\Desktop\.junk\cnet2_SystemExplorerSetup_388_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Brooke\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 27 May 2012 - 11:31 PM

Greetings

when you say spikes are they hurting performance? system idle is normal

the eset scan found very minor things and are not active on the computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 7buttons

7buttons
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 29 May 2012 - 10:01 PM

The spikes tend to slow down programs I am using, for example say if I'm using Word then all of a sudden what I'm typing or using will slow down and/or stop kind of like they're lagging. However, like I said, it has improved though and isn't happening constantly as it was before! :) So do we think I am all fixed then?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:23 AM

Posted 29 May 2012 - 10:09 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Brooke\Desktop\.junk\cnet2_ComboFix_exe.exe"
    del /f /s /q "C:\Users\Brooke\Desktop\.junk\cnet2_SystemExplorerSetup_388_exe.exe"
    del /f /s /q "C:\Users\Brooke\Downloads\winamp5623_full_emusic-7plus_en-us.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users