Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Malscript and Computer slow


  • This topic is locked This topic is locked
20 replies to this topic

#1 arunan

arunan

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 26 September 2011 - 06:42 PM

My computer is being really slow and My nortan anti-virus keeping quarantining "Trojan Malscript". this message is fluding nortan logger

Is anyone of you guys familier with this problem? can anyone help me out?

Thank you
Arunan

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,959 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:27 PM

Posted 26 September 2011 - 11:56 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 arunan

arunan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 29 September 2011 - 06:14 PM

Here are my log files...

Thank you guys for doing this... i would be lost with computer virus problem with out bleepingcomputers
:clapping: :clapping: :clapping:
thnks :clapping:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Arunan at 21:00:22 on 2011-09-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3933.2339 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Interactive Intelligence\ICUserApps\inin_qos_service-w32r-1-1.exe
C:\Program Files (x86)\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe
C:\Program Files (x86)\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Real\realplayer\update\realsched.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.pizzapizza.ca/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{85DC11A8-A093-4B8D-BF19-65206CD3743B} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arunan\AppData\Roaming\Mozilla\Firefox\Profiles\qs4bclmq.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.msn.com/?rd=1
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-7-17 181616]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 ININ QoS;ININ QoS Service;C:\Program Files (x86)\Interactive Intelligence\ICUserApps\inin_qos_service-w32r-1-1.exe [2009-7-3 53248]
R2 ININ Tracing;ININ Tracing Initialization;C:\Program Files (x86)\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe [2009-6-8 45056]
R2 Interactive Update Client;Interactive Update Client;C:\Program Files (x86)\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe [2009-6-16 278824]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-8-27 1822296]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-30 136824]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys --> C:\windows\system32\drivers\IntcHdmi.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-12 51512]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-09-26 23:31:20 -------- d-----w- C:\Users\Arunan\AppData\Local\{FBAA2688-CF57-430B-A046-548C734A84F2}
2011-09-26 23:31:07 -------- d-----w- C:\Users\Arunan\AppData\Local\{0E9DA5BF-005F-458D-9170-B5777DD5F6BC}
2011-09-24 12:35:31 -------- d-----w- C:\Users\Arunan\AppData\Local\{4A1D0514-065C-489F-87DF-ED43788F3974}
2011-09-24 12:35:11 -------- d-----w- C:\Users\Arunan\AppData\Local\{06AC24DC-AF63-4FE4-9172-9D98D087B102}
2011-09-23 16:01:14 -------- d-----w- C:\Users\Arunan\AppData\Local\{D595E865-2976-42E4-B59E-83FCC1C51A10}
2011-09-23 16:01:02 -------- d-----w- C:\Users\Arunan\AppData\Local\{0052ABEB-3FD6-441C-904F-E69941E92A5B}
2011-09-18 18:02:03 -------- d-----w- C:\Users\Arunan\AppData\Local\{D76C751E-51FE-4890-871A-8516387E038C}
2011-09-18 18:01:45 -------- d-----w- C:\Users\Arunan\AppData\Local\{A03C020E-8398-4945-8A25-6AE1E0CF4854}
2011-09-17 20:17:00 -------- d-----w- C:\Users\Arunan\AppData\Local\{0B85C1DC-212E-4267-A351-47A8F4C29E16}
2011-09-17 20:16:37 -------- d-----w- C:\Users\Arunan\AppData\Local\{95FD2146-B2A5-4DCC-914B-8D08562E8D29}
2011-09-15 19:06:26 -------- d-----w- C:\Users\Arunan\AppData\Local\{0FE52D67-AE03-461D-8C8C-74DC8A386037}
2011-09-15 19:06:11 -------- d-----w- C:\Users\Arunan\AppData\Local\{ABD14BF2-1978-48EB-92F2-2CCB2AD48EED}
2011-09-14 23:31:14 -------- d-----w- C:\Users\Arunan\AppData\Local\{E20BB2E3-0E18-44A8-8CFC-C0EAE6071991}
2011-09-14 23:31:03 -------- d-----w- C:\Users\Arunan\AppData\Local\{03185B14-D767-494D-BAA9-489F7E1847EE}
2011-09-14 11:30:50 -------- d-----w- C:\Users\Arunan\AppData\Local\{A0D7D30E-E714-4AB9-B106-81096CC90B0B}
2011-09-14 11:30:38 -------- d-----w- C:\Users\Arunan\AppData\Local\{E95BAB9B-35AD-4094-B388-7768AB53554D}
2011-09-13 23:30:25 -------- d-----w- C:\Users\Arunan\AppData\Local\{B296414B-D0C3-4197-9114-86C7782C9665}
2011-09-12 21:59:45 -------- d-----w- C:\Users\Arunan\AppData\Local\{6C4A3EB1-F613-4E06-B2E7-9E8390DAED67}
2011-09-12 21:59:34 -------- d-----w- C:\Users\Arunan\AppData\Local\{F1AD4002-99C3-4991-B393-5274DD3C6E8C}
2011-09-11 19:47:44 -------- d-----w- C:\Users\Arunan\AppData\Local\{AB83AB27-A4FA-49D9-915C-0FDE2D373D66}
2011-09-11 19:47:33 -------- d-----w- C:\Users\Arunan\AppData\Local\{20A27072-AF0F-4F0A-B4D8-EF38F04F1B2D}
2011-09-10 15:59:24 -------- d-----w- C:\Users\Arunan\AppData\Local\{EBABC701-7C59-4D63-872A-2E0BA0670801}
2011-09-10 15:59:12 -------- d-----w- C:\Users\Arunan\AppData\Local\{DFB04B1C-C66C-41A7-B0C3-B8FCD924FFB7}
2011-09-09 14:03:28 -------- d-----w- C:\Users\Arunan\AppData\Local\{57FCEB93-6D62-4924-BDC4-AA5A561DA0E8}
2011-09-09 14:03:17 -------- d-----w- C:\Users\Arunan\AppData\Local\{C824DC08-DE40-4BB8-B55E-2EC99B19D22F}
2011-09-09 02:02:57 -------- d-----w- C:\Users\Arunan\AppData\Local\{2385013D-4304-4E93-BD23-89218C428022}
2011-09-09 02:02:36 -------- d-----w- C:\Users\Arunan\AppData\Local\{EE7F8957-0E3D-4D34-9B21-19B7DF3D2C31}
2011-09-08 11:23:43 -------- d-----w- C:\Users\Arunan\AppData\Local\{E30B19FB-2921-4466-8795-E18525259536}
2011-09-08 11:23:31 -------- d-----w- C:\Users\Arunan\AppData\Local\{F67BE1F8-E0D8-4CA2-A680-BDC0D96507B3}
2011-09-05 16:41:24 -------- d-----w- C:\Users\Arunan\AppData\Local\{56150DDF-F46C-4838-A9C7-242A58078EF4}
2011-09-05 16:41:12 -------- d-----w- C:\Users\Arunan\AppData\Local\{9B76383C-FE7A-4838-920D-0F0B775E5A9F}
2011-09-04 15:55:42 -------- d-----w- C:\Users\Arunan\AppData\Local\{C3AC1614-876F-4B2D-8320-F7E7331614BE}
2011-09-04 15:55:31 -------- d-----w- C:\Users\Arunan\AppData\Local\{B12CA26A-5DBD-4B78-8513-65911E539BBD}
2011-09-04 15:29:03 -------- d-----w- C:\windows\en
2011-09-04 15:24:34 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c017d6ac1cc6b1601\MeshBetaRemover.exe
2011-09-04 04:59:24 -------- d-----w- C:\Users\Arunan\AppData\Local\{668BD41C-B3ED-40DB-AAC8-0A9833D6BC2D}
2011-09-04 04:59:24 -------- d-----w- C:\Users\Arunan\AppData\Local\{5455BB0C-C1DE-47B0-B161-609195FEFDEE}
2011-09-04 04:59:09 -------- d-----w- C:\Users\Arunan\Tracing
2011-09-01 18:30:24 -------- d-----r- C:\Program Files (x86)\Skype
2011-09-01 02:30:36 -------- d-----w- C:\Users\Arunan\AppData\Local\Apple Computer
.
==================== Find3M ====================
.
2011-08-01 19:59:06 45416 ----a-w- C:\windows\System32\drivers\point64.sys
2011-07-22 05:42:23 2303488 ----a-w- C:\windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-15 20:35:20 225328 ----a-w- C:\windows\System32\drivers\wpshelper.sys
2011-07-09 05:26:20 2048 ----a-w- C:\windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-07-06 23:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 21:00:59.80 ===============

Attached File  Attach.txt   9KB   1 downloads
Attached File  Ark.log   330bytes   0 downloads

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 01 October 2011 - 06:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420628 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 arunan

arunan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 02 October 2011 - 02:34 AM

Here are my new scan report..

thank you guys


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Arunan at 3:24:47 on 2011-10-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3933.2239 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Interactive Intelligence\ICUserApps\inin_qos_service-w32r-1-1.exe
C:\Program Files (x86)\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe
C:\Program Files (x86)\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Real\realplayer\update\realsched.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.pizzapizza.ca/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{85DC11A8-A093-4B8D-BF19-65206CD3743B} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arunan\AppData\Roaming\Mozilla\Firefox\Profiles\qs4bclmq.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.msn.com/?rd=1
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-7-17 181616]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 ININ QoS;ININ QoS Service;C:\Program Files (x86)\Interactive Intelligence\ICUserApps\inin_qos_service-w32r-1-1.exe [2009-7-3 53248]
R2 ININ Tracing;ININ Tracing Initialization;C:\Program Files (x86)\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe [2009-6-8 45056]
R2 Interactive Update Client;Interactive Update Client;C:\Program Files (x86)\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe [2009-6-16 278824]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-8-27 1822296]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-30 136824]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys --> C:\windows\system32\drivers\IntcHdmi.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-12 51512]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-09-26 23:31:20 -------- d-----w- C:\Users\Arunan\AppData\Local\{FBAA2688-CF57-430B-A046-548C734A84F2}
2011-09-26 23:31:07 -------- d-----w- C:\Users\Arunan\AppData\Local\{0E9DA5BF-005F-458D-9170-B5777DD5F6BC}
2011-09-24 12:35:31 -------- d-----w- C:\Users\Arunan\AppData\Local\{4A1D0514-065C-489F-87DF-ED43788F3974}
2011-09-24 12:35:11 -------- d-----w- C:\Users\Arunan\AppData\Local\{06AC24DC-AF63-4FE4-9172-9D98D087B102}
2011-09-23 16:01:14 -------- d-----w- C:\Users\Arunan\AppData\Local\{D595E865-2976-42E4-B59E-83FCC1C51A10}
2011-09-23 16:01:02 -------- d-----w- C:\Users\Arunan\AppData\Local\{0052ABEB-3FD6-441C-904F-E69941E92A5B}
2011-09-18 18:02:03 -------- d-----w- C:\Users\Arunan\AppData\Local\{D76C751E-51FE-4890-871A-8516387E038C}
2011-09-18 18:01:45 -------- d-----w- C:\Users\Arunan\AppData\Local\{A03C020E-8398-4945-8A25-6AE1E0CF4854}
2011-09-17 20:17:00 -------- d-----w- C:\Users\Arunan\AppData\Local\{0B85C1DC-212E-4267-A351-47A8F4C29E16}
2011-09-17 20:16:37 -------- d-----w- C:\Users\Arunan\AppData\Local\{95FD2146-B2A5-4DCC-914B-8D08562E8D29}
2011-09-15 19:06:26 -------- d-----w- C:\Users\Arunan\AppData\Local\{0FE52D67-AE03-461D-8C8C-74DC8A386037}
2011-09-15 19:06:11 -------- d-----w- C:\Users\Arunan\AppData\Local\{ABD14BF2-1978-48EB-92F2-2CCB2AD48EED}
2011-09-14 23:31:14 -------- d-----w- C:\Users\Arunan\AppData\Local\{E20BB2E3-0E18-44A8-8CFC-C0EAE6071991}
2011-09-14 23:31:03 -------- d-----w- C:\Users\Arunan\AppData\Local\{03185B14-D767-494D-BAA9-489F7E1847EE}
2011-09-14 11:30:50 -------- d-----w- C:\Users\Arunan\AppData\Local\{A0D7D30E-E714-4AB9-B106-81096CC90B0B}
2011-09-14 11:30:38 -------- d-----w- C:\Users\Arunan\AppData\Local\{E95BAB9B-35AD-4094-B388-7768AB53554D}
2011-09-13 23:30:25 -------- d-----w- C:\Users\Arunan\AppData\Local\{B296414B-D0C3-4197-9114-86C7782C9665}
2011-09-12 21:59:45 -------- d-----w- C:\Users\Arunan\AppData\Local\{6C4A3EB1-F613-4E06-B2E7-9E8390DAED67}
2011-09-12 21:59:34 -------- d-----w- C:\Users\Arunan\AppData\Local\{F1AD4002-99C3-4991-B393-5274DD3C6E8C}
2011-09-11 19:47:44 -------- d-----w- C:\Users\Arunan\AppData\Local\{AB83AB27-A4FA-49D9-915C-0FDE2D373D66}
2011-09-11 19:47:33 -------- d-----w- C:\Users\Arunan\AppData\Local\{20A27072-AF0F-4F0A-B4D8-EF38F04F1B2D}
2011-09-10 15:59:24 -------- d-----w- C:\Users\Arunan\AppData\Local\{EBABC701-7C59-4D63-872A-2E0BA0670801}
2011-09-10 15:59:12 -------- d-----w- C:\Users\Arunan\AppData\Local\{DFB04B1C-C66C-41A7-B0C3-B8FCD924FFB7}
2011-09-09 14:03:28 -------- d-----w- C:\Users\Arunan\AppData\Local\{57FCEB93-6D62-4924-BDC4-AA5A561DA0E8}
2011-09-09 14:03:17 -------- d-----w- C:\Users\Arunan\AppData\Local\{C824DC08-DE40-4BB8-B55E-2EC99B19D22F}
2011-09-09 02:02:57 -------- d-----w- C:\Users\Arunan\AppData\Local\{2385013D-4304-4E93-BD23-89218C428022}
2011-09-09 02:02:36 -------- d-----w- C:\Users\Arunan\AppData\Local\{EE7F8957-0E3D-4D34-9B21-19B7DF3D2C31}
2011-09-08 11:23:43 -------- d-----w- C:\Users\Arunan\AppData\Local\{E30B19FB-2921-4466-8795-E18525259536}
2011-09-08 11:23:31 -------- d-----w- C:\Users\Arunan\AppData\Local\{F67BE1F8-E0D8-4CA2-A680-BDC0D96507B3}
2011-09-05 16:41:24 -------- d-----w- C:\Users\Arunan\AppData\Local\{56150DDF-F46C-4838-A9C7-242A58078EF4}
2011-09-05 16:41:12 -------- d-----w- C:\Users\Arunan\AppData\Local\{9B76383C-FE7A-4838-920D-0F0B775E5A9F}
2011-09-04 15:55:42 -------- d-----w- C:\Users\Arunan\AppData\Local\{C3AC1614-876F-4B2D-8320-F7E7331614BE}
2011-09-04 15:55:31 -------- d-----w- C:\Users\Arunan\AppData\Local\{B12CA26A-5DBD-4B78-8513-65911E539BBD}
2011-09-04 15:29:03 -------- d-----w- C:\windows\en
2011-09-04 15:24:34 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c017d6ac1cc6b1601\MeshBetaRemover.exe
2011-09-04 04:59:24 -------- d-----w- C:\Users\Arunan\AppData\Local\{668BD41C-B3ED-40DB-AAC8-0A9833D6BC2D}
2011-09-04 04:59:24 -------- d-----w- C:\Users\Arunan\AppData\Local\{5455BB0C-C1DE-47B0-B161-609195FEFDEE}
2011-09-04 04:59:09 -------- d-----w- C:\Users\Arunan\Tracing
.
==================== Find3M ====================
.
2011-08-01 19:59:06 45416 ----a-w- C:\windows\System32\drivers\point64.sys
2011-07-22 05:42:23 2303488 ----a-w- C:\windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-15 20:35:20 225328 ----a-w- C:\windows\System32\drivers\wpshelper.sys
2011-07-09 05:26:20 2048 ----a-w- C:\windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-07-06 23:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 3:25:26.85 ===============
Attached File  DDS.txt   23.99KB   0 downloads
Attached File  Attach.txt   9.4KB   1 downloads

#6 arunan

arunan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 02 October 2011 - 02:38 AM

Sorry... for got to add the GMER

Attached File  Ark.log   330bytes   1 downloads

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:27 PM

Posted 02 October 2011 - 09:16 AM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------


NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 arunan

arunan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 02 October 2011 - 08:37 PM

Hi CatByte

I ran the combofix and I am uploading the log created by it

I appreciate your help and thanks for your time...

ComboFix 11-10-02.03 - Arunan 02/10/2011 21:03:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3933.2445 [GMT -4:00]
Running from: c:\users\Arunan\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 01:09 . 2011-10-03 01:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-04 15:29 . 2011-09-04 15:29 -------- d-----w- c:\windows\en
2011-09-04 15:24 . 2011-09-04 15:24 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c017d6ac1cc6b1601\MeshBetaRemover.exe
2011-09-04 04:59 . 2011-10-03 00:50 -------- d-----w- c:\users\Arunan\Tracing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-04 15:26 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-01 19:59 . 2011-08-01 19:59 45416 ----a-w- c:\windows\system32\drivers\point64.sys
2011-07-22 05:42 . 2011-08-10 07:00 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-10 07:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-10 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-10 07:00 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-10 07:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-10 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-10 05:30 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 05:30 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 05:30 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 05:30 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 05:30 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 05:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-10 05:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-10 05:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-10 05:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-10 05:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-10 05:30 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 05:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 05:30 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-10 05:30 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-10 05:30 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 05:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 05:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 05:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-15 20:35 . 2010-10-12 18:18 225328 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-07-09 05:26 . 2011-08-24 06:23 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 04:29 . 2011-08-24 06:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-09 02:46 . 2011-08-10 05:30 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-06 23:52 . 2011-08-01 16:45 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-08-01 16:45 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-09-23 27763336]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-08-27 115560]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 ININ QoS;ININ QoS Service;c:\program files (x86)\Interactive Intelligence\ICUserApps\inin_qos_service-w32r-1-1.exe [2009-07-03 53248]
S2 ININ Tracing;ININ Tracing Initialization;c:\program files (x86)\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe [2009-06-08 45056]
S2 Interactive Update Client;Interactive Update Client;c:\program files (x86)\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe [2009-06-16 278824]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-27 136824]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 19:09]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 19:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Arunan\AppData\Roaming\Mozilla\Firefox\Profiles\qs4bclmq.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.msn.com/?rd=1
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2011-10-02 21:22:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-03 01:22
.
Pre-Run: 291,544,809,472 bytes free
Post-Run: 291,642,814,464 bytes free
.
- - End Of File - - 3909EA0DE705E60921F6DAA3ADAE3ADD

Attached Files



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:27 PM

Posted 03 October 2011 - 01:14 AM

Hi

Please do the following:



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 arunan

arunan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 03 October 2011 - 08:50 PM

Hi CatByte

so i did all three scans and here are the reports

I am also attaching the log files as well

once again thank you

Attached File  mbam-log-2011-10-03 (20-03-15).txt   902bytes   0 downloads
Attached File  TDSSKiller.2.6.4.0_03.10.2011_19.56.18_log.txt   150.53KB   0 downloads
Attached File  ESETSCAN.txt   331bytes   0 downloads

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7859

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

03/10/2011 8:03:15 PM
mbam-log-2011-10-03 (20-03-15).txt

Scan type: Quick scan
Objects scanned: 181956
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




19:56:18.0129 0624 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
19:56:18.0457 0624 ============================================================
19:56:18.0457 0624 Current date / time: 2011/10/03 19:56:18.0457
19:56:18.0457 0624 SystemInfo:
19:56:18.0457 0624
19:56:18.0457 0624 OS Version: 6.1.7601 ServicePack: 1.0
19:56:18.0457 0624 Product type: Workstation
19:56:18.0457 0624 ComputerName: ARUNAN-PC
19:56:18.0457 0624 UserName: Arunan
19:56:18.0457 0624 Windows directory: C:\windows
19:56:18.0457 0624 System windows directory: C:\windows
19:56:18.0457 0624 Running under WOW64
19:56:18.0457 0624 Processor architecture: Intel x64
19:56:18.0457 0624 Number of processors: 2
19:56:18.0457 0624 Page size: 0x1000
19:56:18.0457 0624 Boot type: Normal boot
19:56:18.0457 0624 ============================================================
19:56:18.0893 0624 Initialize success
19:56:20.0563 5356 ============================================================
19:56:20.0563 5356 Scan started
19:56:20.0563 5356 Mode: Manual;
19:56:20.0563 5356 ============================================================
19:56:21.0374 5356 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:56:21.0374 5356 1394ohci - ok
19:56:21.0483 5356 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:56:21.0483 5356 ACPI - ok
19:56:21.0577 5356 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:56:21.0577 5356 AcpiPmi - ok
19:56:21.0686 5356 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:56:21.0701 5356 adp94xx - ok
19:56:21.0811 5356 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:56:21.0811 5356 adpahci - ok
19:56:21.0889 5356 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:56:21.0904 5356 adpu320 - ok
19:56:22.0013 5356 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
19:56:22.0029 5356 AFD - ok
19:56:22.0138 5356 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
19:56:22.0169 5356 AgereSoftModem - ok
19:56:22.0263 5356 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:56:22.0294 5356 agp440 - ok
19:56:22.0450 5356 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:56:22.0450 5356 aliide - ok
19:56:22.0528 5356 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:56:22.0528 5356 amdide - ok
19:56:22.0747 5356 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:56:22.0747 5356 AmdK8 - ok
19:56:22.0825 5356 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:56:22.0825 5356 AmdPPM - ok
19:56:22.0918 5356 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:56:22.0918 5356 amdsata - ok
19:56:23.0027 5356 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:56:23.0027 5356 amdsbs - ok
19:56:23.0121 5356 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:56:23.0121 5356 amdxata - ok
19:56:23.0215 5356 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:56:23.0215 5356 AppID - ok
19:56:23.0355 5356 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:56:23.0355 5356 arc - ok
19:56:23.0433 5356 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:56:23.0449 5356 arcsas - ok
19:56:23.0527 5356 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:56:23.0527 5356 AsyncMac - ok
19:56:23.0636 5356 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:56:23.0636 5356 atapi - ok
19:56:23.0745 5356 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:56:23.0761 5356 b06bdrv - ok
19:56:23.0854 5356 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:56:23.0854 5356 b57nd60a - ok
19:56:23.0963 5356 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:56:23.0963 5356 Beep - ok
19:56:24.0088 5356 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:56:24.0088 5356 blbdrive - ok
19:56:24.0182 5356 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:56:24.0197 5356 bowser - ok
19:56:24.0712 5356 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:56:24.0712 5356 BrFiltLo - ok
19:56:24.0790 5356 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:56:24.0790 5356 BrFiltUp - ok
19:56:24.0915 5356 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:56:24.0915 5356 Brserid - ok
19:56:25.0024 5356 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:56:25.0024 5356 BrSerWdm - ok
19:56:25.0102 5356 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:56:25.0102 5356 BrUsbMdm - ok
19:56:25.0196 5356 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:56:25.0196 5356 BrUsbSer - ok
19:56:25.0274 5356 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:56:25.0274 5356 BTHMODEM - ok
19:56:25.0305 5356 catchme - ok
19:56:25.0414 5356 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:56:25.0414 5356 cdfs - ok
19:56:25.0508 5356 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
19:56:25.0508 5356 cdrom - ok
19:56:25.0617 5356 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:56:25.0617 5356 circlass - ok
19:56:25.0695 5356 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:56:25.0711 5356 CLFS - ok
19:56:25.0820 5356 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:56:25.0820 5356 CmBatt - ok
19:56:25.0867 5356 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:56:25.0867 5356 cmdide - ok
19:56:25.0976 5356 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
19:56:25.0976 5356 CNG - ok
19:56:26.0085 5356 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:56:26.0085 5356 Compbatt - ok
19:56:26.0179 5356 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
19:56:26.0179 5356 CompositeBus - ok
19:56:26.0335 5356 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:56:26.0335 5356 crcdisk - ok
19:56:26.0475 5356 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:56:26.0475 5356 DfsC - ok
19:56:26.0647 5356 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:56:26.0647 5356 discache - ok
19:56:26.0740 5356 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:56:26.0740 5356 Disk - ok
19:56:26.0849 5356 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:56:26.0849 5356 drmkaud - ok
19:56:26.0959 5356 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\windows\system32\DRIVERS\dsNcAdpt.sys
19:56:26.0959 5356 dsNcAdpt - ok
19:56:27.0099 5356 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:56:27.0130 5356 DXGKrnl - ok
19:56:27.0286 5356 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:56:27.0380 5356 ebdrv - ok
19:56:27.0458 5356 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:56:27.0473 5356 eeCtrl - ok
19:56:27.0583 5356 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:56:27.0598 5356 elxstor - ok
19:56:27.0707 5356 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:56:27.0707 5356 EraserUtilRebootDrv - ok
19:56:27.0801 5356 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:56:27.0801 5356 ErrDev - ok
19:56:27.0895 5356 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:56:27.0895 5356 exfat - ok
19:56:27.0973 5356 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:56:27.0988 5356 fastfat - ok
19:56:28.0082 5356 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:56:28.0082 5356 fdc - ok
19:56:28.0175 5356 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:56:28.0175 5356 FileInfo - ok
19:56:28.0269 5356 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:56:28.0269 5356 Filetrace - ok
19:56:28.0363 5356 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:56:28.0363 5356 flpydisk - ok
19:56:28.0456 5356 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:56:28.0456 5356 FltMgr - ok
19:56:28.0550 5356 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:56:28.0550 5356 FsDepends - ok
19:56:28.0675 5356 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
19:56:28.0675 5356 fssfltr - ok
19:56:28.0768 5356 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
19:56:28.0768 5356 Fs_Rec - ok
19:56:28.0877 5356 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:56:28.0877 5356 fvevol - ok
19:56:28.0971 5356 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:56:28.0971 5356 gagp30kx - ok
19:56:29.0080 5356 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:56:29.0080 5356 hcw85cir - ok
19:56:29.0189 5356 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:56:29.0189 5356 HdAudAddService - ok
19:56:29.0283 5356 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
19:56:29.0283 5356 HDAudBus - ok
19:56:29.0361 5356 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:56:29.0361 5356 HidBatt - ok
19:56:29.0439 5356 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:56:29.0439 5356 HidBth - ok
19:56:29.0533 5356 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:56:29.0533 5356 HidIr - ok
19:56:29.0642 5356 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:56:29.0642 5356 HidUsb - ok
19:56:29.0751 5356 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:56:29.0751 5356 HpSAMD - ok
19:56:29.0860 5356 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:56:29.0876 5356 HTTP - ok
19:56:29.0969 5356 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:56:29.0969 5356 hwpolicy - ok
19:56:30.0079 5356 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
19:56:30.0079 5356 i8042prt - ok
19:56:30.0172 5356 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\windows\system32\DRIVERS\iaStor.sys
19:56:30.0188 5356 iaStor - ok
19:56:30.0281 5356 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:56:30.0297 5356 iaStorV - ok
19:56:30.0812 5356 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys
19:56:30.0952 5356 igfx - ok
19:56:31.0046 5356 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:56:31.0046 5356 iirsp - ok
19:56:31.0202 5356 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
19:56:31.0264 5356 IntcAzAudAddService - ok
19:56:31.0373 5356 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\windows\system32\drivers\IntcHdmi.sys
19:56:31.0373 5356 IntcHdmiAddService - ok
19:56:31.0467 5356 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:56:31.0467 5356 intelide - ok
19:56:31.0529 5356 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:56:31.0529 5356 intelppm - ok
19:56:31.0623 5356 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:56:31.0623 5356 IpFilterDriver - ok
19:56:31.0670 5356 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:56:31.0685 5356 IPMIDRV - ok
19:56:31.0779 5356 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:56:31.0779 5356 IPNAT - ok
19:56:31.0873 5356 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:56:31.0873 5356 IRENUM - ok
19:56:31.0904 5356 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:56:31.0904 5356 isapnp - ok
19:56:31.0982 5356 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:56:31.0982 5356 iScsiPrt - ok
19:56:32.0091 5356 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
19:56:32.0091 5356 kbdclass - ok
19:56:32.0200 5356 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:56:32.0200 5356 kbdhid - ok
19:56:32.0294 5356 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
19:56:32.0294 5356 KSecDD - ok
19:56:32.0387 5356 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
19:56:32.0387 5356 KSecPkg - ok
19:56:32.0434 5356 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:56:32.0434 5356 ksthunk - ok
19:56:32.0606 5356 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:56:32.0606 5356 lltdio - ok
19:56:32.0715 5356 LPCFilter (16679269303613c4ce7c8ff03413410f) C:\windows\system32\DRIVERS\LPCFilter.sys
19:56:32.0715 5356 LPCFilter - ok
19:56:32.0824 5356 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:56:32.0824 5356 LSI_FC - ok
19:56:32.0918 5356 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:56:32.0933 5356 LSI_SAS - ok
19:56:33.0027 5356 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:56:33.0027 5356 LSI_SAS2 - ok
19:56:33.0121 5356 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:56:33.0121 5356 LSI_SCSI - ok
19:56:33.0230 5356 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:56:33.0230 5356 luafv - ok
19:56:33.0308 5356 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:56:33.0308 5356 megasas - ok
19:56:33.0355 5356 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:56:33.0370 5356 MegaSR - ok
19:56:33.0464 5356 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:56:33.0464 5356 Modem - ok
19:56:33.0573 5356 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:56:33.0573 5356 monitor - ok
19:56:33.0667 5356 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:56:33.0682 5356 mouclass - ok
19:56:33.0791 5356 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:56:33.0791 5356 mouhid - ok
19:56:33.0838 5356 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:56:33.0838 5356 mountmgr - ok
19:56:33.0932 5356 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:56:33.0932 5356 mpio - ok
19:56:34.0025 5356 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:56:34.0025 5356 mpsdrv - ok
19:56:34.0088 5356 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:56:34.0088 5356 MRxDAV - ok
19:56:34.0166 5356 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:56:34.0181 5356 mrxsmb - ok
19:56:34.0213 5356 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:56:34.0213 5356 mrxsmb10 - ok
19:56:34.0291 5356 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:56:34.0306 5356 mrxsmb20 - ok
19:56:34.0353 5356 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:56:34.0353 5356 msahci - ok
19:56:34.0431 5356 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:56:34.0431 5356 msdsm - ok
19:56:34.0493 5356 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:56:34.0493 5356 Msfs - ok
19:56:34.0556 5356 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:56:34.0556 5356 mshidkmdf - ok
19:56:34.0587 5356 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:56:34.0603 5356 msisadrv - ok
19:56:34.0681 5356 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:56:34.0681 5356 MSKSSRV - ok
19:56:34.0712 5356 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:56:34.0712 5356 MSPCLOCK - ok
19:56:34.0790 5356 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:56:34.0790 5356 MSPQM - ok
19:56:34.0868 5356 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:56:34.0868 5356 MsRPC - ok
19:56:34.0946 5356 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
19:56:34.0946 5356 mssmbios - ok
19:56:35.0039 5356 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:56:35.0039 5356 MSTEE - ok
19:56:35.0071 5356 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:56:35.0071 5356 MTConfig - ok
19:56:35.0149 5356 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:56:35.0149 5356 Mup - ok
19:56:35.0258 5356 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:56:35.0273 5356 NativeWifiP - ok
19:56:35.0414 5356 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111002.004\ENG64.SYS
19:56:35.0414 5356 NAVENG - ok
19:56:35.0617 5356 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111002.004\EX64.SYS
19:56:35.0632 5356 NAVEX15 - ok
19:56:35.0773 5356 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:56:35.0804 5356 NDIS - ok
19:56:35.0897 5356 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:56:35.0897 5356 NdisCap - ok
19:56:36.0007 5356 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:56:36.0007 5356 NdisTapi - ok
19:56:36.0116 5356 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:56:36.0116 5356 Ndisuio - ok
19:56:36.0209 5356 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:56:36.0209 5356 NdisWan - ok
19:56:36.0303 5356 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:56:36.0303 5356 NDProxy - ok
19:56:36.0397 5356 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:56:36.0397 5356 NetBIOS - ok
19:56:36.0506 5356 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:56:36.0506 5356 NetBT - ok
19:56:36.0615 5356 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:56:36.0615 5356 nfrd960 - ok
19:56:36.0677 5356 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:56:36.0677 5356 Npfs - ok
19:56:36.0740 5356 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:56:36.0740 5356 nsiproxy - ok
19:56:36.0865 5356 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:56:36.0911 5356 Ntfs - ok
19:56:36.0989 5356 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:56:36.0989 5356 Null - ok
19:56:37.0099 5356 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:56:37.0099 5356 nvraid - ok
19:56:37.0114 5356 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:56:37.0114 5356 nvstor - ok
19:56:37.0208 5356 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:56:37.0208 5356 nv_agp - ok
19:56:37.0317 5356 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:56:37.0317 5356 ohci1394 - ok
19:56:37.0442 5356 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:56:37.0457 5356 Parport - ok
19:56:37.0551 5356 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
19:56:37.0551 5356 partmgr - ok
19:56:37.0645 5356 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:56:37.0645 5356 pci - ok
19:56:37.0676 5356 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:56:37.0676 5356 pciide - ok
19:56:37.0754 5356 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:56:37.0754 5356 pcmcia - ok
19:56:37.0847 5356 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:56:37.0847 5356 pcw - ok
19:56:37.0879 5356 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:56:37.0910 5356 PEAUTH - ok
19:56:38.0019 5356 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
19:56:38.0019 5356 PGEffect - ok
19:56:38.0144 5356 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
19:56:38.0144 5356 Point64 - ok
19:56:38.0269 5356 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:56:38.0269 5356 PptpMiniport - ok
19:56:38.0362 5356 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:56:38.0362 5356 Processor - ok
19:56:38.0471 5356 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:56:38.0471 5356 Psched - ok
19:56:38.0612 5356 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:56:38.0643 5356 ql2300 - ok
19:56:38.0737 5356 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:56:38.0737 5356 ql40xx - ok
19:56:38.0830 5356 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:56:38.0830 5356 QWAVEdrv - ok
19:56:38.0924 5356 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:56:38.0924 5356 RasAcd - ok
19:56:39.0002 5356 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:56:39.0017 5356 RasAgileVpn - ok
19:56:39.0127 5356 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:56:39.0127 5356 Rasl2tp - ok
19:56:39.0236 5356 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:56:39.0236 5356 RasPppoe - ok
19:56:39.0329 5356 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:56:39.0329 5356 RasSstp - ok
19:56:39.0423 5356 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:56:39.0423 5356 rdbss - ok
19:56:39.0517 5356 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:56:39.0517 5356 rdpbus - ok
19:56:39.0595 5356 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:56:39.0595 5356 RDPCDD - ok
19:56:39.0704 5356 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:56:39.0704 5356 RDPENCDD - ok
19:56:39.0797 5356 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:56:39.0797 5356 RDPREFMP - ok
19:56:39.0891 5356 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
19:56:39.0891 5356 RDPWD - ok
19:56:40.0016 5356 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:56:40.0016 5356 rdyboost - ok
19:56:40.0141 5356 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:56:40.0141 5356 rspndr - ok
19:56:40.0234 5356 RSUSBSTOR - ok
19:56:40.0265 5356 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\windows\system32\DRIVERS\Rt64win7.sys
19:56:40.0265 5356 RTL8167 - ok
19:56:40.0406 5356 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
19:56:40.0437 5356 rtl8192se - ok
19:56:40.0499 5356 RtsUIR - ok
19:56:40.0562 5356 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:56:40.0562 5356 sbp2port - ok
19:56:40.0640 5356 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:56:40.0640 5356 scfilter - ok
19:56:40.0749 5356 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:56:40.0749 5356 secdrv - ok
19:56:40.0858 5356 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:56:40.0858 5356 Serenum - ok
19:56:40.0936 5356 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:56:40.0936 5356 Serial - ok
19:56:41.0030 5356 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:56:41.0030 5356 sermouse - ok
19:56:41.0139 5356 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:56:41.0139 5356 sffdisk - ok
19:56:41.0201 5356 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:56:41.0201 5356 sffp_mmc - ok
19:56:41.0279 5356 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:56:41.0295 5356 sffp_sd - ok
19:56:41.0373 5356 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:56:41.0389 5356 sfloppy - ok
19:56:41.0498 5356 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:56:41.0498 5356 SiSRaid2 - ok
19:56:41.0591 5356 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:56:41.0591 5356 SiSRaid4 - ok
19:56:41.0685 5356 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:56:41.0685 5356 Smb - ok
19:56:41.0810 5356 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:56:41.0810 5356 spldr - ok
19:56:41.0919 5356 SRTSP (b531fc8918dcdaae638511a123c3465e) C:\windows\system32\Drivers\SRTSP64.SYS
19:56:41.0935 5356 SRTSP - ok
19:56:42.0028 5356 SRTSPL (2bd3a73d0601320b72486fc3ebc2544f) C:\windows\system32\Drivers\SRTSPL64.SYS
19:56:42.0028 5356 SRTSPL - ok
19:56:42.0122 5356 SRTSPX (529b337c1aeeb289f0b502eb0ee6a8f5) C:\windows\system32\Drivers\SRTSPX64.SYS
19:56:42.0122 5356 SRTSPX - ok
19:56:42.0231 5356 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:56:42.0231 5356 srv - ok
19:56:42.0340 5356 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:56:42.0356 5356 srv2 - ok
19:56:42.0465 5356 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:56:42.0465 5356 srvnet - ok
19:56:42.0559 5356 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:56:42.0574 5356 stexstor - ok
19:56:42.0668 5356 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
19:56:42.0668 5356 swenum - ok
19:56:42.0777 5356 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
19:56:42.0793 5356 SymEvent - ok
19:56:42.0871 5356 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
19:56:42.0871 5356 SynTP - ok
19:56:43.0027 5356 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\drivers\tcpip.sys
19:56:43.0089 5356 Tcpip - ok
19:56:43.0229 5356 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\DRIVERS\tcpip.sys
19:56:43.0245 5356 TCPIP6 - ok
19:56:43.0339 5356 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:56:43.0339 5356 tcpipreg - ok
19:56:43.0417 5356 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:56:43.0417 5356 tdcmdpst - ok
19:56:43.0463 5356 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:56:43.0463 5356 TDPIPE - ok
19:56:43.0541 5356 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
19:56:43.0541 5356 TDTCP - ok
19:56:43.0635 5356 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:56:43.0635 5356 tdx - ok
19:56:43.0744 5356 Teefer2 (ef6ccf8b483201f7196d83fc136fa43a) C:\windows\system32\DRIVERS\teefer2.sys
19:56:43.0744 5356 Teefer2 - ok
19:56:43.0791 5356 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
19:56:43.0791 5356 TermDD - ok
19:56:43.0916 5356 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
19:56:43.0931 5356 tos_sps64 - ok
19:56:44.0041 5356 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:56:44.0041 5356 tssecsrv - ok
19:56:44.0150 5356 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:56:44.0150 5356 TsUsbFlt - ok
19:56:44.0259 5356 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:56:44.0259 5356 tunnel - ok
19:56:44.0353 5356 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:56:44.0353 5356 TVALZ - ok
19:56:44.0446 5356 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
19:56:44.0446 5356 TVALZFL - ok
19:56:44.0555 5356 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:56:44.0555 5356 uagp35 - ok
19:56:44.0696 5356 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:56:44.0711 5356 udfs - ok
19:56:44.0852 5356 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:56:44.0852 5356 uliagpkx - ok
19:56:44.0945 5356 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
19:56:44.0945 5356 umbus - ok
19:56:45.0039 5356 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:56:45.0039 5356 UmPass - ok
19:56:45.0148 5356 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
19:56:45.0148 5356 usbaudio - ok
19:56:45.0257 5356 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:56:45.0257 5356 usbccgp - ok
19:56:45.0335 5356 USBCCID - ok
19:56:45.0382 5356 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:56:45.0382 5356 usbcir - ok
19:56:45.0460 5356 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:56:45.0460 5356 usbehci - ok
19:56:45.0569 5356 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:56:45.0569 5356 usbhub - ok
19:56:45.0647 5356 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
19:56:45.0647 5356 usbohci - ok
19:56:45.0741 5356 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:56:45.0741 5356 usbprint - ok
19:56:45.0835 5356 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:56:45.0835 5356 USBSTOR - ok
19:56:45.0913 5356 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
19:56:45.0913 5356 usbuhci - ok
19:56:46.0022 5356 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
19:56:46.0022 5356 usbvideo - ok
19:56:46.0115 5356 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:56:46.0115 5356 vdrvroot - ok
19:56:46.0225 5356 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:56:46.0225 5356 vga - ok
19:56:46.0287 5356 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:56:46.0287 5356 VgaSave - ok
19:56:46.0365 5356 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:56:46.0365 5356 vhdmp - ok
19:56:46.0443 5356 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:56:46.0443 5356 viaide - ok
19:56:46.0537 5356 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:56:46.0537 5356 volmgr - ok
19:56:46.0646 5356 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:56:46.0646 5356 volmgrx - ok
19:56:46.0739 5356 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:56:46.0739 5356 volsnap - ok
19:56:46.0817 5356 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:56:46.0817 5356 vsmraid - ok
19:56:46.0895 5356 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:56:46.0895 5356 vwifibus - ok
19:56:46.0958 5356 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:56:46.0973 5356 vwififlt - ok
19:56:47.0051 5356 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:56:47.0051 5356 WacomPen - ok
19:56:47.0161 5356 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:56:47.0161 5356 WANARP - ok
19:56:47.0176 5356 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:56:47.0176 5356 Wanarpv6 - ok
19:56:47.0254 5356 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:56:47.0270 5356 Wd - ok
19:56:47.0348 5356 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:56:47.0379 5356 Wdf01000 - ok
19:56:47.0488 5356 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:56:47.0488 5356 WfpLwf - ok
19:56:47.0566 5356 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:56:47.0566 5356 WIMMount - ok
19:56:47.0707 5356 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:56:47.0707 5356 WinUsb - ok
19:56:47.0800 5356 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:56:47.0816 5356 WmiAcpi - ok
19:56:47.0941 5356 WPS (1d98e69903bc3a2d8383696dd701b679) C:\windows\system32\drivers\wpsdrvnt.sys
19:56:47.0941 5356 WPS - ok
19:56:48.0050 5356 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\windows\system32\drivers\WpsHelper.sys
19:56:48.0050 5356 WpsHelper - ok
19:56:48.0128 5356 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:56:48.0128 5356 ws2ifsl - ok
19:56:48.0237 5356 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:56:48.0237 5356 WudfPf - ok
19:56:48.0346 5356 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:56:48.0362 5356 WUDFRd - ok
19:56:48.0409 5356 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:56:48.0424 5356 \Device\Harddisk0\DR0 - ok
19:56:48.0440 5356 Boot (0x1200) (b6f22abbe65e2819615f50482349fc64) \Device\Harddisk0\DR0\Partition0
19:56:48.0440 5356 \Device\Harddisk0\DR0\Partition0 - ok
19:56:48.0440 5356 ============================================================
19:56:48.0440 5356 Scan finished
19:56:48.0440 5356 ============================================================
19:56:48.0455 0696 Detected object count: 0
19:56:48.0455 0696 Actual detected object count: 0
19:57:04.0789 4448 ============================================================
19:57:04.0789 4448 Scan started
19:57:04.0789 4448 Mode: Manual;
19:57:04.0789 4448 ============================================================
19:57:05.0241 4448 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:57:05.0257 4448 1394ohci - ok
19:57:05.0288 4448 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:57:05.0304 4448 ACPI - ok
19:57:05.0397 4448 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:57:05.0413 4448 AcpiPmi - ok
19:57:05.0460 4448 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:57:05.0475 4448 adp94xx - ok
19:57:05.0569 4448 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:57:05.0600 4448 adpahci - ok
19:57:05.0631 4448 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:57:05.0647 4448 adpu320 - ok
19:57:05.0756 4448 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
19:57:05.0803 4448 AFD - ok
19:57:05.0896 4448 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
19:57:05.0928 4448 AgereSoftModem - ok
19:57:06.0021 4448 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:57:06.0052 4448 agp440 - ok
19:57:06.0115 4448 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:57:06.0146 4448 aliide - ok
19:57:06.0177 4448 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:57:06.0193 4448 amdide - ok
19:57:06.0286 4448 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:57:06.0302 4448 AmdK8 - ok
19:57:06.0318 4448 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:57:06.0333 4448 AmdPPM - ok
19:57:06.0427 4448 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:57:06.0458 4448 amdsata - ok
19:57:06.0474 4448 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:57:06.0489 4448 amdsbs - ok
19:57:06.0567 4448 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:57:06.0598 4448 amdxata - ok
19:57:06.0630 4448 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:57:06.0645 4448 AppID - ok
19:57:06.0739 4448 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:57:06.0754 4448 arc - ok
19:57:06.0786 4448 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:57:06.0817 4448 arcsas - ok
19:57:06.0879 4448 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:57:06.0895 4448 AsyncMac - ok
19:57:06.0942 4448 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:57:06.0957 4448 atapi - ok
19:57:07.0035 4448 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:57:07.0082 4448 b06bdrv - ok
19:57:07.0160 4448 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:57:07.0191 4448 b57nd60a - ok
19:57:07.0222 4448 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:57:07.0222 4448 Beep - ok
19:57:07.0332 4448 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:57:07.0363 4448 blbdrive - ok
19:57:07.0394 4448 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:57:07.0410 4448 bowser - ok
19:57:07.0488 4448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:57:07.0519 4448 BrFiltLo - ok
19:57:07.0566 4448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:57:07.0597 4448 BrFiltUp - ok
19:57:07.0644 4448 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:57:07.0659 4448 Brserid - ok
19:57:07.0753 4448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:57:07.0784 4448 BrSerWdm - ok
19:57:07.0846 4448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:57:07.0862 4448 BrUsbMdm - ok
19:57:07.0956 4448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:57:07.0971 4448 BrUsbSer - ok
19:57:08.0049 4448 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:57:08.0065 4448 BTHMODEM - ok
19:57:08.0080 4448 catchme - ok
19:57:08.0158 4448 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:57:08.0190 4448 cdfs - ok
19:57:08.0268 4448 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
19:57:08.0299 4448 cdrom - ok
19:57:08.0361 4448 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:57:08.0377 4448 circlass - ok
19:57:08.0470 4448 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:57:08.0486 4448 CLFS - ok
19:57:08.0580 4448 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:57:08.0595 4448 CmBatt - ok
19:57:08.0642 4448 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:57:08.0658 4448 cmdide - ok
19:57:08.0751 4448 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
19:57:08.0767 4448 CNG - ok
19:57:08.0845 4448 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:57:08.0860 4448 Compbatt - ok
19:57:08.0907 4448 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
19:57:08.0923 4448 CompositeBus - ok
19:57:09.0032 4448 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:57:09.0032 4448 crcdisk - ok
19:57:09.0126 4448 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:57:09.0157 4448 DfsC - ok
19:57:09.0219 4448 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:57:09.0235 4448 discache - ok
19:57:09.0313 4448 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:57:09.0328 4448 Disk - ok
19:57:09.0422 4448 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:57:09.0438 4448 drmkaud - ok
19:57:09.0469 4448 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\windows\system32\DRIVERS\dsNcAdpt.sys
19:57:09.0484 4448 dsNcAdpt - ok
19:57:09.0594 4448 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:57:09.0625 4448 DXGKrnl - ok
19:57:09.0781 4448 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:57:09.0812 4448 ebdrv - ok
19:57:09.0921 4448 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:57:09.0937 4448 eeCtrl - ok
19:57:10.0062 4448 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:57:10.0077 4448 elxstor - ok
19:57:10.0171 4448 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:57:10.0186 4448 EraserUtilRebootDrv - ok
19:57:10.0264 4448 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:57:10.0280 4448 ErrDev - ok
19:57:10.0342 4448 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:57:10.0358 4448 exfat - ok
19:57:10.0452 4448 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:57:10.0483 4448 fastfat - ok
19:57:10.0576 4448 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:57:10.0592 4448 fdc - ok
19:57:10.0623 4448 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:57:10.0639 4448 FileInfo - ok
19:57:10.0717 4448 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:57:10.0732 4448 Filetrace - ok
19:57:10.0795 4448 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:57:10.0826 4448 flpydisk - ok
19:57:10.0888 4448 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:57:10.0904 4448 FltMgr - ok
19:57:10.0998 4448 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:57:11.0013 4448 FsDepends - ok
19:57:11.0091 4448 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
19:57:11.0122 4448 fssfltr - ok
19:57:11.0200 4448 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
19:57:11.0216 4448 Fs_Rec - ok
19:57:11.0294 4448 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:57:11.0325 4448 fvevol - ok
19:57:11.0403 4448 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:57:11.0434 4448 gagp30kx - ok
19:57:11.0528 4448 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:57:11.0559 4448 hcw85cir - ok
19:57:11.0668 4448 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:57:11.0684 4448 HdAudAddService - ok
19:57:11.0731 4448 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
19:57:11.0746 4448 HDAudBus - ok
19:57:11.0840 4448 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:57:11.0856 4448 HidBatt - ok
19:57:11.0902 4448 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:57:11.0918 4448 HidBth - ok
19:57:11.0996 4448 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:57:12.0012 4448 HidIr - ok
19:57:12.0090 4448 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:57:12.0121 4448 HidUsb - ok
19:57:12.0152 4448 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:57:12.0168 4448 HpSAMD - ok
19:57:12.0261 4448 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:57:12.0308 4448 HTTP - ok
19:57:12.0339 4448 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:57:12.0355 4448 hwpolicy - ok
19:57:12.0448 4448 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
19:57:12.0464 4448 i8042prt - ok
19:57:12.0511 4448 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\windows\system32\DRIVERS\iaStor.sys
19:57:12.0542 4448 iaStor - ok
19:57:12.0636 4448 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:57:12.0667 4448 iaStorV - ok
19:57:12.0916 4448 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys
19:57:12.0963 4448 igfx - ok
19:57:13.0057 4448 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:57:13.0088 4448 iirsp - ok
19:57:13.0213 4448 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
19:57:13.0260 4448 IntcAzAudAddService - ok
19:57:13.0353 4448 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\windows\system32\drivers\IntcHdmi.sys
19:57:13.0384 4448 IntcHdmiAddService - ok
19:57:13.0478 4448 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:57:13.0494 4448 intelide - ok
19:57:13.0525 4448 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:57:13.0540 4448 intelppm - ok
19:57:13.0634 4448 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:57:13.0665 4448 IpFilterDriver - ok
19:57:13.0774 4448 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:57:13.0806 4448 IPMIDRV - ok
19:57:13.0837 4448 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:57:13.0868 4448 IPNAT - ok
19:57:13.0946 4448 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:57:13.0977 4448 IRENUM - ok
19:57:14.0055 4448 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:57:14.0086 4448 isapnp - ok
19:57:14.0118 4448 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:57:14.0133 4448 iScsiPrt - ok
19:57:14.0227 4448 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
19:57:14.0258 4448 kbdclass - ok
19:57:14.0352 4448 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:57:14.0367 4448 kbdhid - ok
19:57:14.0430 4448 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
19:57:14.0430 4448 KSecDD - ok
19:57:14.0539 4448 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
19:57:14.0570 4448 KSecPkg - ok
19:57:14.0648 4448 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:57:14.0679 4448 ksthunk - ok
19:57:14.0788 4448 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:57:14.0820 4448 lltdio - ok
19:57:14.0898 4448 LPCFilter (16679269303613c4ce7c8ff03413410f) C:\windows\system32\DRIVERS\LPCFilter.sys
19:57:14.0929 4448 LPCFilter - ok
19:57:14.0960 4448 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:57:14.0991 4448 LSI_FC - ok
19:57:15.0085 4448 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:57:15.0116 4448 LSI_SAS - ok
19:57:15.0194 4448 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:57:15.0225 4448 LSI_SAS2 - ok
19:57:15.0272 4448 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:57:15.0288 4448 LSI_SCSI - ok
19:57:15.0366 4448 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:57:15.0397 4448 luafv - ok
19:57:15.0444 4448 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:57:15.0459 4448 megasas - ok
19:57:15.0537 4448 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:57:15.0553 4448 MegaSR - ok
19:57:15.0646 4448 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:57:15.0662 4448 Modem - ok
19:57:15.0756 4448 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:57:15.0771 4448 monitor - ok
19:57:15.0865 4448 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:57:15.0896 4448 mouclass - ok
19:57:15.0974 4448 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:57:15.0990 4448 mouhid - ok
19:57:16.0083 4448 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:57:16.0114 4448 mountmgr - ok
19:57:16.0161 4448 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:57:16.0177 4448 mpio - ok
19:57:16.0255 4448 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:57:16.0286 4448 mpsdrv - ok
19:57:16.0364 4448 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:57:16.0395 4448 MRxDAV - ok
19:57:16.0473 4448 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:57:16.0504 4448 mrxsmb - ok
19:57:16.0551 4448 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:57:16.0582 4448 mrxsmb10 - ok
19:57:16.0660 4448 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:57:16.0692 4448 mrxsmb20 - ok
19:57:16.0738 4448 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:57:16.0754 4448 msahci - ok
19:57:16.0832 4448 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:57:16.0863 4448 msdsm - ok
19:57:16.0926 4448 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:57:16.0941 4448 Msfs - ok
19:57:17.0019 4448 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:57:17.0035 4448 mshidkmdf - ok
19:57:17.0128 4448 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:57:17.0144 4448 msisadrv - ok
19:57:17.0191 4448 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:57:17.0191 4448 MSKSSRV - ok
19:57:17.0269 4448 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:57:17.0284 4448 MSPCLOCK - ok
19:57:17.0316 4448 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:57:17.0331 4448 MSPQM - ok
19:57:17.0425 4448 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:57:17.0440 4448 MsRPC - ok
19:57:17.0518 4448 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
19:57:17.0550 4448 mssmbios - ok
19:57:17.0581 4448 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:57:17.0596 4448 MSTEE - ok
19:57:17.0674 4448 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:57:17.0674 4448 MTConfig - ok
19:57:17.0721 4448 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:57:17.0737 4448 Mup - ok
19:57:17.0830 4448 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:57:17.0862 4448 NativeWifiP - ok
19:57:17.0986 4448 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111002.004\ENG64.SYS
19:57:18.0018 4448 NAVENG - ok
19:57:18.0220 4448 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111002.004\EX64.SYS
19:57:18.0252 4448 NAVEX15 - ok
19:57:18.0376 4448 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:57:18.0423 4448 NDIS - ok
19:57:18.0501 4448 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:57:18.0517 4448 NdisCap - ok
19:57:18.0610 4448 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:57:18.0642 4448 NdisTapi - ok
19:57:18.0704 4448 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:57:18.0720 4448 Ndisuio - ok
19:57:18.0798 4448 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:57:18.0829 4448 NdisWan - ok
19:57:18.0907 4448 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:57:18.0938 4448 NDProxy - ok
19:57:19.0016 4448 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:57:19.0047 4448 NetBIOS - ok
19:57:19.0156 4448 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:57:19.0172 4448 NetBT - ok
19:57:19.0266 4448 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:57:19.0297 4448 nfrd960 - ok
19:57:19.0390 4448 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:57:19.0422 4448 Npfs - ok
19:57:19.0500 4448 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:57:19.0531 4448 nsiproxy - ok
19:57:19.0656 4448 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:57:19.0687 4448 Ntfs - ok
19:57:19.0780 4448 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:57:19.0796 4448 Null - ok
19:57:19.0874 4448 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:57:19.0905 4448 nvraid - ok
19:57:19.0999 4448 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:57:20.0014 4448 nvstor - ok
19:57:20.0108 4448 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:57:20.0139 4448 nv_agp - ok
19:57:20.0233 4448 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:57:20.0248 4448 ohci1394 - ok
19:57:20.0311 4448 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:57:20.0326 4448 Parport - ok
19:57:20.0420 4448 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
19:57:20.0451 4448 partmgr - ok
19:57:20.0545 4448 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:57:20.0560 4448 pci - ok
19:57:20.0592 4448 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:57:20.0607 4448 pciide - ok
19:57:20.0701 4448 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:57:20.0716 4448 pcmcia - ok
19:57:20.0810 4448 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:57:20.0826 4448 pcw - ok
19:57:20.0935 4448 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:57:20.0950 4448 PEAUTH - ok
19:57:21.0044 4448 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
19:57:21.0075 4448 PGEffect - ok
19:57:21.0184 4448 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
19:57:21.0200 4448 Point64 - ok
19:57:21.0294 4448 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:57:21.0309 4448 PptpMiniport - ok
19:57:21.0387 4448 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:57:21.0418 4448 Processor - ok
19:57:21.0528 4448 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:57:21.0543 4448 Psched - ok
19:57:21.0652 4448 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:57:21.0699 4448 ql2300 - ok
19:57:21.0793 4448 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:57:21.0824 4448 ql40xx - ok
19:57:21.0902 4448 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:57:21.0933 4448 QWAVEdrv - ok
19:57:22.0011 4448 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:57:22.0042 4448 RasAcd - ok
19:57:22.0120 4448 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:57:22.0136 4448 RasAgileVpn - ok
19:57:22.0245 4448 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:57:22.0276 4448 Rasl2tp - ok
19:57:22.0354 4448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:57:22.0386 4448 RasPppoe - ok
19:57:22.0479 4448 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:57:22.0510 4448 RasSstp - ok
19:57:22.0573 4448 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:57:22.0604 4448 rdbss - ok
19:57:22.0698 4448 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:57:22.0713 4448 rdpbus - ok
19:57:22.0791 4448 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:57:22.0822 4448 RDPCDD - ok
19:57:22.0869 4448 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:57:22.0885 4448 RDPENCDD - ok
19:57:22.0963 4448 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:57:22.0978 4448 RDPREFMP - ok
19:57:23.0056 4448 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
19:57:23.0088 4448 RDPWD - ok
19:57:23.0197 4448 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:57:23.0228 4448 rdyboost - ok
19:57:23.0322 4448 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:57:23.0353 4448 rspndr - ok
19:57:23.0415 4448 RSUSBSTOR - ok
19:57:23.0446 4448 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\windows\system32\DRIVERS\Rt64win7.sys
19:57:23.0493 4448 RTL8167 - ok
19:57:23.0602 4448 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
19:57:23.0634 4448 rtl8192se - ok
19:57:23.0649 4448 RtsUIR - ok
19:57:23.0696 4448 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:57:23.0712 4448 sbp2port - ok
19:57:23.0805 4448 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:57:23.0836 4448 scfilter - ok
19:57:23.0868 4448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:57:23.0883 4448 secdrv - ok
19:57:23.0992 4448 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:57:24.0008 4448 Serenum - ok
19:57:24.0070 4448 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:57:24.0117 4448 Serial - ok
19:57:24.0180 4448 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:57:24.0180 4448 sermouse - ok
19:57:24.0273 4448 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:57:24.0304 4448 sffdisk - ok
19:57:24.0367 4448 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:57:24.0382 4448 sffp_mmc - ok
19:57:24.0414 4448 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:57:24.0429 4448 sffp_sd - ok
19:57:24.0507 4448 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:57:24.0538 4448 sfloppy - ok
19:57:24.0616 4448 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:57:24.0632 4448 SiSRaid2 - ok
19:57:24.0710 4448 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:57:24.0741 4448 SiSRaid4 - ok
19:57:24.0772 4448 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:57:24.0788 4448 Smb - ok
19:57:24.0882 4448 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:57:24.0913 4448 spldr - ok
19:57:25.0006 4448 SRTSP (b531fc8918dcdaae638511a123c3465e) C:\windows\system32\Drivers\SRTSP64.SYS
19:57:25.0022 4448 SRTSP - ok
19:57:25.0116 4448 SRTSPL (2bd3a73d0601320b72486fc3ebc2544f) C:\windows\system32\Drivers\SRTSPL64.SYS
19:57:25.0162 4448 SRTSPL - ok
19:57:25.0240 4448 SRTSPX (529b337c1aeeb289f0b502eb0ee6a8f5) C:\windows\system32\Drivers\SRTSPX64.SYS
19:57:25.0272 4448 SRTSPX - ok
19:57:25.0365 4448 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:57:25.0396 4448 srv - ok
19:57:25.0490 4448 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:57:25.0537 4448 srv2 - ok
19:57:25.0630 4448 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:57:25.0646 4448 srvnet - ok
19:57:25.0740 4448 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:57:25.0755 4448 stexstor - ok
19:57:25.0849 4448 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
19:57:25.0864 4448 swenum - ok
19:57:25.0974 4448 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
19:57:25.0989 4448 SymEvent - ok
19:57:26.0067 4448 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
19:57:26.0114 4448 SynTP - ok
19:57:26.0208 4448 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\drivers\tcpip.sys
19:57:26.0239 4448 Tcpip - ok
19:57:26.0364 4448 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\DRIVERS\tcpip.sys
19:57:26.0379 4448 TCPIP6 - ok
19:57:26.0488 4448 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:57:26.0504 4448 tcpipreg - ok
19:57:26.0582 4448 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:57:26.0613 4448 tdcmdpst - ok
19:57:26.0691 4448 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:57:26.0707 4448 TDPIPE - ok
19:57:26.0800 4448 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
19:57:26.0832 4448 TDTCP - ok
19:57:26.0925 4448 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:57:26.0956 4448 tdx - ok
19:57:27.0034 4448 Teefer2 (ef6ccf8b483201f7196d83fc136fa43a) C:\windows\system32\DRIVERS\teefer2.sys
19:57:27.0050 4448 Teefer2 - ok
19:57:27.0097 4448 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
19:57:27.0112 4448 TermDD - ok
19:57:27.0222 4448 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
19:57:27.0253 4448 tos_sps64 - ok
19:57:27.0362 4448 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:57:27.0378 4448 tssecsrv - ok
19:57:27.0456 4448 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:57:27.0487 4448 TsUsbFlt - ok
19:57:27.0580 4448 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:57:27.0612 4448 tunnel - ok
19:57:27.0705 4448 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:57:27.0736 4448 TVALZ - ok
19:57:27.0830 4448 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
19:57:27.0846 4448 TVALZFL - ok
19:57:27.0861 4448 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:57:27.0892 4448 uagp35 - ok
19:57:27.0986 4448 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:57:28.0017 4448 udfs - ok
19:57:28.0111 4448 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:57:28.0126 4448 uliagpkx - ok
19:57:28.0173 4448 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
19:57:28.0189 4448 umbus - ok
19:57:28.0267 4448 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:57:28.0298 4448 UmPass - ok
19:57:28.0376 4448 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
19:57:28.0407 4448 usbaudio - ok
19:57:28.0516 4448 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:57:28.0563 4448 usbccgp - ok
19:57:28.0626 4448 USBCCID - ok
19:57:28.0672 4448 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:57:28.0719 4448 usbcir - ok
19:57:28.0797 4448 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:57:28.0828 4448 usbehci - ok
19:57:28.0875 4448 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:57:28.0906 4448 usbhub - ok
19:57:28.0984 4448 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
19:57:29.0016 4448 usbohci - ok
19:57:29.0031 4448 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:57:29.0062 4448 usbprint - ok
19:57:29.0156 4448 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:57:29.0187 4448 USBSTOR - ok
19:57:29.0234 4448 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
19:57:29.0265 4448 usbuhci - ok
19:57:29.0328 4448 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
19:57:29.0359 4448 usbvideo - ok
19:57:29.0452 4448 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:57:29.0468 4448 vdrvroot - ok
19:57:29.0530 4448 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:57:29.0562 4448 vga - ok
19:57:29.0640 4448 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:57:29.0671 4448 VgaSave - ok
19:57:29.0764 4448 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:57:29.0796 4448 vhdmp - ok
19:57:29.0842 4448 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:57:29.0858 4448 viaide - ok
19:57:29.0920 4448 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:57:29.0952 4448 volmgr - ok
19:57:30.0030 4448 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:57:30.0076 4448 volmgrx - ok
19:57:30.0123 4448 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:57:30.0139 4448 volsnap - ok
19:57:30.0232 4448 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:57:30.0279 4448 vsmraid - ok
19:57:30.0373 4448 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:57:30.0404 4448 vwifibus - ok
19:57:30.0482 4448 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:57:30.0498 4448 vwififlt - ok
19:57:30.0591 4448 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:57:30.0622 4448 WacomPen - ok
19:57:30.0716 4448 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:57:30.0732 4448 WANARP - ok
19:57:30.0747 4448 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:57:30.0747 4448 Wanarpv6 - ok
19:57:30.0841 4448 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:57:30.0872 4448 Wd - ok
19:57:30.0950 4448 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:57:30.0997 4448 Wdf01000 - ok
19:57:31.0090 4448 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:57:31.0122 4448 WfpLwf - ok
19:57:31.0215 4448 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:57:31.0231 4448 WIMMount - ok
19:57:31.0356 4448 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:57:31.0387 4448 WinUsb - ok
19:57:31.0465 4448 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:57:31.0480 4448 WmiAcpi - ok
19:57:31.0527 4448 WPS (1d98e69903bc3a2d8383696dd701b679) C:\windows\system32\drivers\wpsdrvnt.sys
19:57:31.0543 4448 WPS - ok
19:57:31.0636 4448 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\windows\system32\drivers\WpsHelper.sys
19:57:31.0636 4448 WpsHelper - ok
19:57:31.0730 4448 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:57:31.0761 4448 ws2ifsl - ok
19:57:31.0870 4448 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:57:31.0886 4448 WudfPf - ok
19:57:31.0980 4448 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:57:31.0995 4448 WUDFRd - ok
19:57:32.0026 4448 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:57:32.0042 4448 \Device\Harddisk0\DR0 - ok
19:57:32.0058 4448 Boot (0x1200) (b6f22abbe65e2819615f50482349fc64) \Device\Harddisk0\DR0\Partition0
19:57:32.0058 4448 \Device\Harddisk0\DR0\Partition0 - ok
19:57:32.0058 4448 ============================================================
19:57:32.0058 4448 Scan finished
19:57:32.0058 4448 ============================================================
19:57:32.0073 3176 Detected object count: 0
19:57:32.0073 3176 Actual detected object count: 0
19:57:46.0893 2788 Deinitialize success




C:\Users\Arunan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\3d8ceed5-53734345 Java/Agent.DJ trojan
C:\Users\Arunan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5289c71d-6450a93e a variant of Java/Agent.DM trojan
C:\Users\Arunan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\703d8d64-1cb66269 Java/Agent.DJ trojan

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:27 PM

Posted 03 October 2011 - 09:08 PM

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 7 and save it to your desktop.
  • Scroll down to where it says JDK 7 (JDK or JRE)
  • Click the Download JDK button tunderneath
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Oracle Binary Code License Agreement for Java SE ". Click on Continue. The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



NEXT


Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 arunan

arunan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 04 October 2011 - 09:33 PM

Hi Catbyte

So i did the adobe and java updates but i am still getting norton logger fluding. also i cldn't open DDS scanner after i downloaded the script. after windows gives the warning "Are u sure u want to run this file" the screen freezes and the DDS do not open

Also i tried to upload a print screen of the norton logger but the pic was too large to be uploaded

Thank you for you time and i am afraid i need more of ur time

Arunan

#13 arunan

arunan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 04 October 2011 - 09:38 PM

Okay... finally able to reduce the size by changing the pic format



here is the Norton logger Attached File  NORTON_LOGGER.png   232.42KB   2 downloads

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:27 PM

Posted 05 October 2011 - 01:08 AM

That is a glitch with Norton itself

http://www.symantec.com/connect/blogs/ru6-mp1-its-coming

update Norton, they should have fixed that


run the following:

Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.



Let me know if you are still having any issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 arunan

arunan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 07 October 2011 - 06:51 PM

Hi CatByte



So i ran the TFC and it cleared all of the temp folders. I tried to uninstall norton and it froze halfway. i rebooted the computer and now norton is not showing on the add/remove programs section but it is still running on my computer.

do you know how to uninstall it


as far as the computer being slow, now it is at good speed. I would like to thank you on that


Arunan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users