Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\windows\svchost trojans


  • This topic is locked This topic is locked
22 replies to this topic

#1 Edmorf

Edmorf

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, Fl
  • Local time:09:03 AM

Posted 20 January 2012 - 06:20 PM

Hi everyone. This is my first post her although I have frequently used the bleepingcomputer site to fix my lap.
I was kind of annoyed this whole week, because my symantec end point was telling me that a malicious tool website 9 was being constantly blocked. When running the malwarebytes, I would often get 2 trojan agents (located in C:\windows\svchost.exe) and after the reboot, nothing would change at all.
I found through google, that a similar problem was happening (here) So I contacted the mod who helped the previous user and hence I am here.
Since then I just went and ran the combofix. I did this two times (trying to get rid of my active antispyware and antiviruses), the logs from combofix are shown below:

ComboFix 12-01-19.02 - Eduardo 01/20/2012 17:01:51.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2679 [GMT -5:00]

Running from: E:\ComboFix.exe

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))

.

.

2012-01-20 22:10 . 2012-01-20 22:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-20 22:10 . 2012-01-20 22:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-01-20 19:24 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe

2012-01-17 20:07 . 2012-01-17 20:07 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-01-13 17:41 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2012-01-13 17:41 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2012-01-13 17:41 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2012-01-13 17:41 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2012-01-12 17:37 . 2005-04-04 04:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2012-01-12 17:37 . 2005-04-04 04:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2012-01-12 17:37 . 2005-04-04 04:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2012-01-12 17:37 . 2005-04-04 04:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2012-01-12 17:37 . 2005-04-04 03:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2012-01-12 17:37 . 2005-04-04 04:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2012-01-12 17:37 . 2012-01-12 17:37 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2012-01-12 17:37 . 2012-01-12 17:37 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2012-01-12 17:37 . 2012-01-12 17:37 -------- d-----w- c:\program files\SAS

2012-01-12 17:34 . 2012-01-12 17:34 -------- d-----w- c:\program files (x86)\SAS Institute Inc

2012-01-12 17:31 . 2012-01-12 17:31 -------- d-----w- c:\program files (x86)\SAS

2012-01-12 17:26 . 2012-01-12 17:27 -------- d-----w- C:\JMP9Trial_Install

2012-01-11 04:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 04:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-11 04:20 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-11 04:20 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 04:19 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 04:19 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 04:19 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 04:19 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2011-12-25 06:18 . 2011-12-25 06:18 -------- d-----w- c:\program files (x86)\LEGO Software

2011-12-25 06:18 . 2011-12-25 06:18 -------- d-----w- c:\program files (x86)\National Instruments

2011-12-25 06:18 . 2011-12-25 06:18 -------- d-----w- c:\program files (x86)\IVI Foundation

2011-12-25 06:17 . 2011-12-25 06:18 -------- d-----w- c:\programdata\National Instruments

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 20:24 . 2011-02-12 20:30 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 07:29 . 2011-11-25 07:29 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin

2011-11-24 04:52 . 2011-12-14 23:18 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-16 14:58 . 2011-05-18 14:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 05:41 . 2011-12-14 23:19 1188864 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 05:32 . 2011-12-14 23:17 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-14 23:18 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 04:26 . 2011-12-14 23:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-05 03:32 . 2011-12-14 23:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 02:48 . 2011-12-14 23:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-10-26 05:21 . 2011-12-14 23:20 43520 ----a-w- c:\windows\system32\csrsrv.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-20_21.35.13 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-01-20 21:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-20 22:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-20 21:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-20 22:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-04-09 06:38 . 2012-01-20 22:13 60286 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-20 22:13 48012 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-12 18:41 . 2012-01-20 21:40 22944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4024464562-1882195670-198379199-1001_UserData.bin

+ 2011-02-12 18:41 . 2012-01-20 22:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-12 18:41 . 2012-01-20 21:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2012-01-20 21:46 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-02-12 18:41 . 2012-01-20 22:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-12 18:41 . 2012-01-20 21:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-12 18:41 . 2012-01-20 22:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-12 18:41 . 2012-01-20 21:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-12 15:11 . 2012-01-20 22:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-12 15:11 . 2012-01-20 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-12 15:11 . 2012-01-20 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-12 15:11 . 2012-01-20 22:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-01-20 21:07 . 2012-01-20 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-20 22:11 . 2012-01-20 22:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-20 22:11 . 2012-01-20 22:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-20 21:07 . 2012-01-20 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-04-17 18:37 . 2012-01-20 21:20 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-04-17 18:37 . 2012-01-20 21:38 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 04:54 . 2012-01-20 22:11 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-20 21:38 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 05:01 . 2012-01-20 21:05 495712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-01-20 22:10 495712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2010-04-09 06:54 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-09 39408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-15 5486464]

"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-05-26 115560]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

.

c:\users\Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Eduardo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 135664]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 138360]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 135664]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-04-09 332272]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-18 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-12-09 135608]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 Updater Service for PDFLite Toolbar;Updater Service for PDFLite Toolbar;c:\program files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe [2011-08-02 267488]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 18:43]

.

2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 18:43]

.

2012-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4024464562-1882195670-198379199-1001Core.job

- c:\users\Eduardo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 18:43]

.

2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4024464562-1882195670-198379199-1001UA.job

- c:\users\Eduardo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 18:43]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2010-04-09 06:54 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-20 10134560]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-20 896032]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]

"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]

"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:61737

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 131.247.1.1 131.247.1.2

FF - ProfilePath - c:\users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\opgenzu9.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4024464562-1882195670-198379199-1001\Software\SecuROM\License information*]

"datasecu"=hex:ed,87,1a,f0,54,fd,ec,60,19,1a,75,ce,2d,1d,f6,3a,5d,28,7b,eb,a2,

c6,17,26,c8,c6,51,95,aa,bc,48,d7,2d,46,6d,4b,7a,ff,90,21,e1,e8,ea,11,0d,7c,\

"rkeysecu"=hex:10,2f,eb,60,32,99,7f,6d,ee,fe,c7,73,8d,52,75,a1

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\atibtmon.exe

c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\\.\globalroot\systemroot\svchost.exe

.

**************************************************************************

.

Completion time: 2012-01-20 17:23:37 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-20 22:23

ComboFix2.txt 2012-01-20 21:47

.

Pre-Run: 72,873,193,472 bytes free

Post-Run: 72,632,745,984 bytes free

.

- - End Of File - - 390327AC5B76E11BDE36E0978571E94F


Since then, my computer has been running better now and I am now getting rid of the tracking cookies using superantispyware... Still, I don't know if I am totally safe or what
Appreciate your help

BC AdBot (Login to Remove)

 


#2 Edmorf

Edmorf
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, Fl
  • Local time:09:03 AM

Posted 20 January 2012 - 06:58 PM

Updating...

I got rid of the tracking cookies, and later did a fast scan using malwarebytes... The trojan agents are still in there.
Posted Image

this is what malwarebyte says:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org



Database version: v2012.01.20.02



Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Eduardo :: TOSHI-MOROSHI [administrator]



1/20/2012 6:46:22 PM

mbam-log-2012-01-20 (18-46-22).txt



Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 193811

Time elapsed: 3 minute(s), 58 second(s)



Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 3468 -> Delete on reboot.



Memory Modules Detected: 0

(No malicious items detected)



Registry Keys Detected: 0

(No malicious items detected)



Registry Values Detected: 0

(No malicious items detected)



Registry Data Items Detected: 0

(No malicious items detected)



Folders Detected: 0

(No malicious items detected)



Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.



(end)



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 AM

Posted 22 January 2012 - 01:29 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Edmorf

Edmorf
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, Fl
  • Local time:09:03 AM

Posted 22 January 2012 - 04:03 PM

Hi Gringo, thanks for your reply.
This is what I did.
1.- I downloaded defogger which disabled my virtual drives
2.- I downloaded dds and ran it, here is the log:

[que].

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Eduardo at 15:52:19 on 2012-01-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1910 [GMT -5:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

C:\windows\SysWOW64\PnkBstrA.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\windows\system32\ThpSrv.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe

C:\windows\system32\SearchIndexer.exe

-netsvcs

C:\windows\system32\conhost.exe

C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\windows\system32\atibtmon.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

\\?\C:\windows\system32\wbem\WMIADAP.EXE

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:61737

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe

mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

StartupFolder: C:\Users\Eduardo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: Interfaces\{FD418FF9-9AED-4DA5-869B-C8C44D033AA9}\0516E6562716 : DhcpNameServer = 208.67.222.222 208.67.220.220

TCP: Interfaces\{FD418FF9-9AED-4DA5-869B-C8C44D033AA9}\2656C6B696E6E233833366 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{FD418FF9-9AED-4DA5-869B-C8C44D033AA9}\C696E6B6379737 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{FD418FF9-9AED-4DA5-869B-C8C44D033AA9}\E4568757370245F6775627 : DhcpNameServer = 192.168.2.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\opgenzu9.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=

FF - prefs.js: network.proxy.type - 4

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;C:\windows\system32\Drivers\SmartDefragDriver.sys --> C:\windows\system32\Drivers\SmartDefragDriver.sys [?]

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-9-28 328536]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-2-12 135608]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2011-12-9 126392]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]

R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-5-26 2477304]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R2 Updater Service for PDFLite Toolbar;Updater Service for PDFLite Toolbar;C:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe [2011-8-2 267488]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-12 135664]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-16 138360]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-12 135664]

S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]

S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-4-9 332272]

S3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-2-12 51512]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-01-20 22:12:26 -------- d-sh--w- C:\$RECYCLE.BIN

2012-01-20 21:20:28 98816 ----a-w- C:\windows\sed.exe

2012-01-20 21:20:28 518144 ----a-w- C:\windows\SWREG.exe

2012-01-20 21:20:28 256000 ----a-w- C:\windows\PEV.exe

2012-01-20 21:20:28 208896 ----a-w- C:\windows\MBR.exe

2012-01-20 19:24:36 20480 ----a-w- C:\windows\svchost.exe

2012-01-17 20:07:27 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%

2012-01-13 18:07:54 -------- d-----w- C:\Users\Eduardo\AppData\Local\{ADD90167-6128-454A-94B3-B42D493C8D96}

2012-01-13 18:07:46 -------- d-----w- C:\Users\Eduardo\AppData\Local\{D30CA9B0-4FCA-46DE-895A-62C0639583EB}

2012-01-13 17:41:48 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll

2012-01-13 17:41:48 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll

2012-01-13 17:41:39 523088 ----a-w- C:\windows\System32\d3dx10_42.dll

2012-01-13 17:41:39 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll

2012-01-13 17:01:35 -------- d-----w- C:\Users\Eduardo\AppData\Local\{8ECA34F5-EB57-4ACA-8DE9-3A3F71A2E9B2}

2012-01-13 17:01:17 -------- d-----w- C:\Users\Eduardo\AppData\Local\{5E10BA76-B2DB-4FCB-A001-CAF262F35934}

2012-01-13 14:34:02 -------- d-----w- C:\Users\Eduardo\AppData\Local\{8C9EBC1F-1FDD-44E3-ADB6-5C80517F0AF8}

2012-01-12 17:37:47 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2012-01-12 17:37:43 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2012-01-12 17:37:40 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2012-01-12 17:37:36 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2012-01-12 17:37:33 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2012-01-12 17:37:32 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2012-01-12 17:37:31 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2012-01-12 17:37:26 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2012-01-12 17:37:15 -------- d-----w- C:\Program Files\SAS

2012-01-12 17:34:46 -------- d-----w- C:\Program Files (x86)\SAS Institute Inc

2012-01-12 17:31:06 -------- d-----w- C:\Program Files (x86)\SAS

2012-01-12 17:26:00 -------- d-----w- C:\JMP9Trial_Install

2012-01-12 13:27:44 -------- d-----w- C:\Users\Eduardo\AppData\Local\{C2A4B778-A902-4A0A-A51E-E0802315CB57}

2012-01-12 13:27:35 -------- d-----w- C:\Users\Eduardo\AppData\Local\{28148F0A-00C8-4D90-8A61-6A4F4FDE0D04}

2012-01-11 17:36:57 -------- d-----w- C:\Users\Eduardo\AppData\Local\{8682B560-E4B5-4EFB-A1AD-6D2793F0437D}

2012-01-11 16:53:32 -------- d-----w- C:\Users\Eduardo\AppData\Local\{ED463801-B8EB-4E6B-83DC-B8D84DF822C2}

2012-01-11 04:20:42 77312 ----a-w- C:\windows\System32\packager.dll

2012-01-11 04:20:42 67072 ----a-w- C:\windows\SysWow64\packager.dll

2012-01-11 04:20:29 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll

2012-01-11 04:20:28 1731920 ----a-w- C:\windows\System32\ntdll.dll

2012-01-11 04:19:21 514560 ----a-w- C:\windows\SysWow64\qdvd.dll

2012-01-11 04:19:21 1572864 ----a-w- C:\windows\System32\quartz.dll

2012-01-11 04:19:21 1328128 ----a-w- C:\windows\SysWow64\quartz.dll

2012-01-11 04:19:20 366592 ----a-w- C:\windows\System32\qdvd.dll

2012-01-11 04:04:12 -------- d-----w- C:\Users\Eduardo\AppData\Local\{F0BA11B5-49BD-48C1-9D97-4E4CFCFCDEE7}

2012-01-11 04:04:04 -------- d-----w- C:\Users\Eduardo\AppData\Local\{01104951-D9F3-4C25-BAE3-5B6A4D555CEF}

2012-01-10 18:02:08 -------- d-----w- C:\Users\Eduardo\AppData\Local\{690C566D-63EB-4843-B370-1EA3F3B39B6A}

2012-01-10 06:01:28 -------- d-----w- C:\Users\Eduardo\AppData\Local\{F2F5575B-A16D-493A-8410-8E84A50A27B3}

2012-01-10 06:00:53 -------- d-----w- C:\Users\Eduardo\AppData\Local\{3EBE9628-F1DA-4BD7-96B0-C802AC172DE7}

2012-01-08 14:47:32 -------- d-----w- C:\Users\Eduardo\AppData\Local\{2CE01576-4F1F-4DB8-991C-82754DFD57D5}

2012-01-07 17:19:47 -------- d-----w- C:\Users\Eduardo\AppData\Local\{6EDA86F5-E4F5-45B3-BFFF-616270E62D8E}

2012-01-07 17:19:24 -------- d-----w- C:\Users\Eduardo\AppData\Local\{786D2AB4-1614-4031-BF6D-FB95AAD52D66}

2012-01-06 15:38:25 -------- d-----w- C:\Users\Eduardo\AppData\Local\{F5FAD509-43F1-4D0D-8FCA-A6B9B6525C37}

2012-01-06 15:38:12 -------- d-----w- C:\Users\Eduardo\AppData\Local\{473BD883-6B81-4E72-94DA-FD7CA5B029AC}

2012-01-06 02:04:13 -------- d-----w- C:\Users\Eduardo\AppData\Local\{D43CC5CE-C670-484F-A1BD-36AED9CB7F0C}

2012-01-06 02:04:04 -------- d-----w- C:\Users\Eduardo\AppData\Local\{72EE2745-4D38-440C-AFC6-B4381330A869}

2012-01-02 03:20:32 -------- d-----w- C:\Users\Eduardo\AppData\Local\{F0AEC8C3-EC3C-4A0A-9D57-5420831FAA17}

2012-01-01 15:19:57 -------- d-----w- C:\Users\Eduardo\AppData\Local\{71F916BF-A8DA-4B6E-B441-013A392E4917}

2012-01-01 15:19:47 -------- d-----w- C:\Users\Eduardo\AppData\Local\{C427A2A2-8EAF-4D8D-A4F6-0291F9AE85FD}

2011-12-27 18:22:28 -------- d-----w- C:\Users\Eduardo\AppData\Local\{0ACD8A96-A552-4E54-B323-6BFAF9C4B7EE}

2011-12-27 18:18:54 -------- d-----w- C:\Users\Eduardo\AppData\Local\{05C1CF1D-0999-4932-8F7B-8DD2F43EBB1A}

2011-12-25 06:18:31 -------- d-----w- C:\Program Files (x86)\LEGO Software

2011-12-25 06:18:08 -------- d-----w- C:\Program Files (x86)\National Instruments

2011-12-25 06:18:07 -------- d-----w- C:\Program Files (x86)\IVI Foundation

2011-12-25 06:17:07 -------- d-----w- C:\ProgramData\National Instruments

2011-12-25 06:12:59 -------- d-----w- C:\Users\Eduardo\AppData\Local\{8616CDA5-DD9F-4CC9-834A-AA34312A429B}

2011-12-24 02:57:28 -------- d-----w- C:\Users\Eduardo\AppData\Local\{B5C28250-E281-4DE4-BBDE-928ECF96BFF8}

.

==================== Find3M ====================

.

2011-12-10 20:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys

2011-11-17 06:49:14 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\windows\System32\drivers\cng.sys

2011-11-17 06:35:28 395776 ----a-w- C:\windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\windows\System32\lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:\windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

2011-11-16 14:58:37 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 05:41:43 1188864 ----a-w- C:\windows\System32\wininet.dll

2011-11-05 05:32:50 2048 ----a-w- C:\windows\System32\tzres.dll

2011-11-05 04:35:00 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2011-11-05 04:26:03 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2011-11-05 03:32:47 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2011-11-05 02:48:51 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-10-26 05:21:20 43520 ----a-w- C:\windows\System32\csrsrv.dll

.

============= FINISH: 15:54:50.31 ===============[/quote]

awaiting orders, and thanks for your help!!!!

Edited by gringo_pr, 22 January 2012 - 04:15 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 AM

Posted 22 January 2012 - 04:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Edmorf

Edmorf
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, Fl
  • Local time:09:03 AM

Posted 23 January 2012 - 01:48 PM

Hi Gringo!

Ok, I did download again the combo fix and ran it in the laptop... This time I uninstalled the symantec endpoint protection, but somehow combo fix is still detecting that these programs are still running ¿?

Anyways, here is the log file:

ComboFix 12-01-23.02 - Eduardo 01/23/2012 13:23:37.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2640 [GMT -5:00]

Running from: E:\ComboFix.exe

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))

.

.

2012-01-23 18:32 . 2012-01-23 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-23 18:32 . 2012-01-23 18:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-01-20 19:24 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe

2012-01-17 20:07 . 2012-01-17 20:07 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-01-13 17:41 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2012-01-13 17:41 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2012-01-13 17:41 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2012-01-13 17:41 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2012-01-12 17:37 . 2005-04-04 04:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2012-01-12 17:37 . 2005-04-04 04:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2012-01-12 17:37 . 2005-04-04 04:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2012-01-12 17:37 . 2005-04-04 04:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2012-01-12 17:37 . 2005-04-04 03:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2012-01-12 17:37 . 2005-04-04 04:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2012-01-12 17:37 . 2012-01-12 17:37 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2012-01-12 17:37 . 2012-01-12 17:37 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2012-01-12 17:37 . 2012-01-12 17:37 -------- d-----w- c:\program files\SAS

2012-01-12 17:34 . 2012-01-12 17:34 -------- d-----w- c:\program files (x86)\SAS Institute Inc

2012-01-12 17:31 . 2012-01-12 17:31 -------- d-----w- c:\program files (x86)\SAS

2012-01-12 17:26 . 2012-01-12 17:27 -------- d-----w- C:\JMP9Trial_Install

2012-01-11 04:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 04:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-11 04:20 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-11 04:20 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 04:19 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 04:19 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 04:19 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 04:19 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2011-12-25 06:18 . 2011-12-25 06:18 -------- d-----w- c:\program files (x86)\LEGO Software

2011-12-25 06:18 . 2011-12-25 06:18 -------- d-----w- c:\program files (x86)\National Instruments

2011-12-25 06:18 . 2011-12-25 06:18 -------- d-----w- c:\program files (x86)\IVI Foundation

2011-12-25 06:17 . 2011-12-25 06:18 -------- d-----w- c:\programdata\National Instruments

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 20:24 . 2011-02-12 20:30 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 07:29 . 2011-11-25 07:29 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin

2011-11-24 04:52 . 2011-12-14 23:18 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-16 14:58 . 2011-05-18 14:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 05:41 . 2011-12-14 23:19 1188864 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 05:32 . 2011-12-14 23:17 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-14 23:18 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 04:26 . 2011-12-14 23:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-05 03:32 . 2011-12-14 23:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 02:48 . 2011-12-14 23:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-10-26 05:21 . 2011-12-14 23:20 43520 ----a-w- c:\windows\system32\csrsrv.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-20_21.35.13 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-01-23 18:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-20 21:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-23 18:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-20 21:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-01-17 20:07 . 2012-01-20 19:25 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

+ 2012-01-17 20:07 . 2012-01-23 18:21 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

+ 2010-04-09 06:38 . 2012-01-23 18:35 60764 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-23 18:35 48178 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-12 18:41 . 2012-01-23 18:35 23008 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4024464562-1882195670-198379199-1001_UserData.bin

+ 2011-02-12 18:41 . 2012-01-23 18:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-12 18:41 . 2012-01-20 21:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2012-01-20 21:46 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-02-12 18:41 . 2012-01-23 18:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-12 18:41 . 2012-01-20 21:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-12 18:41 . 2012-01-20 21:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-12 18:41 . 2012-01-23 18:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-12 15:11 . 2012-01-23 18:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-12 15:11 . 2012-01-20 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-12 15:11 . 2012-01-20 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-12 15:11 . 2012-01-23 18:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-01-23 18:33 . 2012-01-23 18:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-01-20 21:07 . 2012-01-20 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-23 18:33 . 2012-01-23 18:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-20 21:07 . 2012-01-20 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-04-17 18:37 . 2012-01-20 21:20 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-04-17 18:37 . 2012-01-20 21:38 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 04:54 . 2012-01-20 21:38 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-23 18:34 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-13 18:40 . 2012-01-23 17:19 338474 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-01-23 18:02 632696 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-01-20 21:21 632696 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-01-20 21:21 110644 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-01-23 18:02 110644 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-01-23 18:32 495712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-01-20 21:05 495712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-01-21 07:56 . 2012-01-21 07:56 217864 c:\windows\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe

- 2012-01-12 17:34 . 2012-01-12 17:34 217864 c:\windows\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe

+ 2011-08-16 22:28 . 2012-01-23 18:09 16888328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4024464562-1882195670-198379199-1001-12288.dat

- 2011-08-16 22:28 . 2012-01-20 17:58 16888328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4024464562-1882195670-198379199-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2010-04-09 06:54 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-09 39408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-15 5486464]

"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

.

c:\users\Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Eduardo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 135664]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-04-09 332272]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-18 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 Updater Service for PDFLite Toolbar;Updater Service for PDFLite Toolbar;c:\program files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe [2011-08-02 267488]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 18:43]

.

2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 18:43]

.

2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4024464562-1882195670-198379199-1001Core.job

- c:\users\Eduardo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 18:43]

.

2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4024464562-1882195670-198379199-1001UA.job

- c:\users\Eduardo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 18:43]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2010-04-09 06:54 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-20 10134560]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-20 896032]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]

"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]

"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:61737

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\opgenzu9.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4024464562-1882195670-198379199-1001\Software\SecuROM\License information*]

"datasecu"=hex:90,47,94,f8,8d,60,41,8e,08,09,87,bc,40,2b,e3,89,84,84,f8,70,0b,

41,72,68,67,28,90,0b,b5,df,3b,42,87,d4,ca,b2,9c,e5,19,b7,bd,12,0d,8a,df,b1,\

"rkeysecu"=hex:00,f0,2c,81,d6,86,58,71,ec,d5,fb,17,89,95,3d,0e

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\atibtmon.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\\.\globalroot\systemroot\svchost.exe

.

**************************************************************************

.

Completion time: 2012-01-23 13:44:48 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-23 18:44

ComboFix2.txt 2012-01-20 22:23

ComboFix3.txt 2012-01-20 21:47

.

Pre-Run: 90,846,040,064 bytes free

Post-Run: 90,421,968,896 bytes free

.

- - End Of File - - ED36EA1A26B831A496BFA2FF71C1636A


And, the computer is still running good (like yesterday and the day before, but is not connected to the internet)

Awaiting instructions and thanks again for the help gringo

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 AM

Posted 23 January 2012 - 06:18 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Edmorf

Edmorf
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, Fl
  • Local time:09:03 AM

Posted 23 January 2012 - 06:33 PM

Hi gringo,

Ok, I did as requested, and yes, it found one malicious object which was succesfully removed, here is the log:
18:22:10.0953 2784	TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04

18:22:10.0968 2784	============================================================

18:22:10.0968 2784	Current date / time: 2012/01/23 18:22:10.0968

18:22:10.0968 2784	SystemInfo:

18:22:10.0968 2784	

18:22:10.0968 2784	OS Version: 6.1.7601 ServicePack: 1.0

18:22:10.0968 2784	Product type: Workstation

18:22:10.0968 2784	ComputerName: TOSHI-MOROSHI

18:22:10.0968 2784	UserName: Eduardo

18:22:10.0968 2784	Windows directory: C:\windows

18:22:10.0968 2784	System windows directory: C:\windows

18:22:10.0968 2784	Running under WOW64

18:22:10.0968 2784	Processor architecture: Intel x64

18:22:10.0968 2784	Number of processors: 2

18:22:10.0968 2784	Page size: 0x1000

18:22:10.0968 2784	Boot type: Normal boot

18:22:10.0968 2784	============================================================

18:22:12.0794 2784	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:22:12.0794 2784	Drive \Device\Harddisk1\DR2 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

18:22:12.0856 2784	Initialize success

18:22:15.0992 1256	============================================================

18:22:15.0992 1256	Scan started

18:22:15.0992 1256	Mode: Manual; 

18:22:15.0992 1256	============================================================

18:22:17.0708 1256	1394ohci        (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

18:22:17.0708 1256	1394ohci - ok

18:22:17.0801 1256	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

18:22:17.0817 1256	ACPI - ok

18:22:17.0864 1256	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

18:22:17.0864 1256	AcpiPmi - ok

18:22:18.0082 1256	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

18:22:18.0098 1256	adp94xx - ok

18:22:18.0176 1256	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

18:22:18.0176 1256	adpahci - ok

18:22:18.0269 1256	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

18:22:18.0285 1256	adpu320 - ok

18:22:18.0488 1256	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys

18:22:18.0488 1256	AFD - ok

18:22:18.0612 1256	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

18:22:18.0612 1256	agp440 - ok

18:22:18.0737 1256	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

18:22:18.0737 1256	aliide - ok

18:22:18.0846 1256	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

18:22:18.0846 1256	amdide - ok

18:22:18.0940 1256	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

18:22:18.0940 1256	AmdK8 - ok

18:22:19.0158 1256	amdkmdag        (aefaf27f1b7e52c705df4fb6c96732f6) C:\windows\system32\DRIVERS\atipmdag.sys

18:22:19.0314 1256	amdkmdag - ok

18:22:19.0470 1256	amdkmdap        (8149db73be27950ec72767a1193153a6) C:\windows\system32\DRIVERS\atikmpag.sys

18:22:19.0470 1256	amdkmdap - ok

18:22:19.0548 1256	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

18:22:19.0548 1256	AmdPPM - ok

18:22:19.0689 1256	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

18:22:19.0689 1256	amdsata - ok

18:22:19.0736 1256	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

18:22:19.0736 1256	amdsbs - ok

18:22:19.0767 1256	amdxata         (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

18:22:19.0767 1256	amdxata - ok

18:22:19.0923 1256	AppID           (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

18:22:19.0923 1256	AppID - ok

18:22:20.0094 1256	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

18:22:20.0094 1256	arc - ok

18:22:20.0126 1256	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

18:22:20.0126 1256	arcsas - ok

18:22:20.0188 1256	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

18:22:20.0188 1256	AsyncMac - ok

18:22:20.0250 1256	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

18:22:20.0250 1256	atapi - ok

18:22:20.0406 1256	athr            (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys

18:22:20.0422 1256	athr - ok

18:22:20.0594 1256	AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys

18:22:20.0594 1256	AtiPcie - ok

18:22:20.0687 1256	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

18:22:20.0703 1256	b06bdrv - ok

18:22:20.0952 1256	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

18:22:20.0984 1256	b57nd60a - ok

18:22:21.0124 1256	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

18:22:21.0124 1256	Beep - ok

18:22:21.0280 1256	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

18:22:21.0280 1256	blbdrive - ok

18:22:21.0342 1256	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

18:22:21.0342 1256	bowser - ok

18:22:21.0389 1256	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

18:22:21.0389 1256	BrFiltLo - ok

18:22:21.0452 1256	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

18:22:21.0467 1256	BrFiltUp - ok

18:22:21.0561 1256	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys

18:22:21.0561 1256	BridgeMP - ok

18:22:21.0670 1256	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

18:22:21.0686 1256	Brserid - ok

18:22:21.0701 1256	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

18:22:21.0701 1256	BrSerWdm - ok

18:22:21.0717 1256	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

18:22:21.0717 1256	BrUsbMdm - ok

18:22:21.0717 1256	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

18:22:21.0717 1256	BrUsbSer - ok

18:22:21.0732 1256	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

18:22:21.0732 1256	BTHMODEM - ok

18:22:21.0795 1256	catchme - ok

18:22:21.0857 1256	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

18:22:21.0857 1256	cdfs - ok

18:22:22.0013 1256	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys

18:22:22.0013 1256	cdrom - ok

18:22:22.0107 1256	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

18:22:22.0107 1256	circlass - ok

18:22:22.0216 1256	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

18:22:22.0216 1256	CLFS - ok

18:22:22.0325 1256	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

18:22:22.0325 1256	CmBatt - ok

18:22:22.0450 1256	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

18:22:22.0450 1256	cmdide - ok

18:22:22.0512 1256	CNG             (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

18:22:22.0512 1256	CNG - ok

18:22:22.0668 1256	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

18:22:22.0668 1256	Compbatt - ok

18:22:22.0731 1256	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

18:22:22.0731 1256	CompositeBus - ok

18:22:22.0856 1256	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

18:22:22.0856 1256	crcdisk - ok

18:22:23.0043 1256	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

18:22:23.0043 1256	DfsC - ok

18:22:23.0230 1256	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

18:22:23.0230 1256	discache - ok

18:22:23.0324 1256	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

18:22:23.0324 1256	Disk - ok

18:22:23.0511 1256	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

18:22:23.0511 1256	drmkaud - ok

18:22:23.0620 1256	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\windows\system32\DRIVERS\dtsoftbus01.sys

18:22:23.0636 1256	dtsoftbus01 - ok

18:22:23.0792 1256	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

18:22:23.0807 1256	DXGKrnl - ok

18:22:23.0932 1256	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

18:22:24.0010 1256	ebdrv - ok

18:22:24.0150 1256	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

18:22:24.0150 1256	elxstor - ok

18:22:24.0275 1256	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

18:22:24.0291 1256	ErrDev - ok

18:22:24.0338 1256	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

18:22:24.0338 1256	exfat - ok

18:22:24.0353 1256	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

18:22:24.0353 1256	fastfat - ok

18:22:24.0384 1256	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

18:22:24.0384 1256	fdc - ok

18:22:24.0525 1256	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

18:22:24.0525 1256	FileInfo - ok

18:22:24.0556 1256	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

18:22:24.0556 1256	Filetrace - ok

18:22:24.0572 1256	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

18:22:24.0572 1256	flpydisk - ok

18:22:24.0634 1256	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

18:22:24.0650 1256	FltMgr - ok

18:22:24.0774 1256	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

18:22:24.0774 1256	FsDepends - ok

18:22:24.0806 1256	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

18:22:24.0806 1256	Fs_Rec - ok

18:22:24.0884 1256	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

18:22:24.0884 1256	fvevol - ok

18:22:24.0915 1256	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

18:22:24.0915 1256	gagp30kx - ok

18:22:25.0102 1256	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

18:22:25.0118 1256	hcw85cir - ok

18:22:25.0180 1256	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

18:22:25.0196 1256	HdAudAddService - ok

18:22:25.0305 1256	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

18:22:25.0305 1256	HDAudBus - ok

18:22:25.0367 1256	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

18:22:25.0367 1256	HidBatt - ok

18:22:25.0383 1256	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

18:22:25.0383 1256	HidBth - ok

18:22:25.0398 1256	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

18:22:25.0414 1256	HidIr - ok

18:22:25.0570 1256	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys

18:22:25.0586 1256	HidUsb - ok

18:22:25.0632 1256	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

18:22:25.0632 1256	HpSAMD - ok

18:22:25.0742 1256	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

18:22:25.0788 1256	HTTP - ok

18:22:25.0913 1256	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

18:22:25.0913 1256	hwpolicy - ok

18:22:25.0976 1256	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

18:22:25.0991 1256	i8042prt - ok

18:22:26.0381 1256	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

18:22:26.0381 1256	iaStorV - ok

18:22:26.0537 1256	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

18:22:26.0537 1256	iirsp - ok

18:22:26.0709 1256	IntcAzAudAddService (a73cc9bd3a7236e686be6667f0106c16) C:\windows\system32\drivers\RTKVHD64.sys

18:22:26.0724 1256	IntcAzAudAddService - ok

18:22:26.0849 1256	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

18:22:26.0849 1256	intelide - ok

18:22:26.0912 1256	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

18:22:26.0912 1256	intelppm - ok

18:22:27.0083 1256	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

18:22:27.0083 1256	IpFilterDriver - ok

18:22:27.0130 1256	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

18:22:27.0130 1256	IPMIDRV - ok

18:22:27.0208 1256	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

18:22:27.0208 1256	IPNAT - ok

18:22:27.0333 1256	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

18:22:27.0333 1256	IRENUM - ok

18:22:27.0380 1256	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

18:22:27.0380 1256	isapnp - ok

18:22:27.0442 1256	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

18:22:27.0458 1256	iScsiPrt - ok

18:22:27.0598 1256	JMCR            (5bd76f820656aeaa2dce66eed8da84b9) C:\windows\system32\DRIVERS\jmcr.sys

18:22:27.0598 1256	JMCR - ok

18:22:27.0676 1256	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys

18:22:27.0676 1256	kbdclass - ok

18:22:27.0848 1256	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

18:22:27.0848 1256	kbdhid - ok

18:22:27.0895 1256	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

18:22:27.0895 1256	KSecDD - ok

18:22:27.0926 1256	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

18:22:27.0926 1256	KSecPkg - ok

18:22:28.0066 1256	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

18:22:28.0066 1256	ksthunk - ok

18:22:28.0144 1256	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

18:22:28.0144 1256	lltdio - ok

18:22:28.0269 1256	LPCFilter       (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys

18:22:28.0269 1256	LPCFilter - ok

18:22:28.0363 1256	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

18:22:28.0363 1256	LSI_FC - ok

18:22:28.0472 1256	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

18:22:28.0487 1256	LSI_SAS - ok

18:22:28.0503 1256	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

18:22:28.0503 1256	LSI_SAS2 - ok

18:22:28.0534 1256	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

18:22:28.0534 1256	LSI_SCSI - ok

18:22:28.0597 1256	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

18:22:28.0597 1256	luafv - ok

18:22:28.0643 1256	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

18:22:28.0643 1256	megasas - ok

18:22:28.0737 1256	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

18:22:28.0737 1256	MegaSR - ok

18:22:28.0815 1256	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

18:22:28.0815 1256	Modem - ok

18:22:28.0909 1256	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

18:22:28.0909 1256	monitor - ok

18:22:29.0049 1256	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys

18:22:29.0049 1256	mouclass - ok

18:22:29.0096 1256	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

18:22:29.0096 1256	mouhid - ok

18:22:29.0174 1256	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

18:22:29.0174 1256	mountmgr - ok

18:22:29.0314 1256	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

18:22:29.0314 1256	mpio - ok

18:22:29.0361 1256	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

18:22:29.0361 1256	mpsdrv - ok

18:22:29.0439 1256	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

18:22:29.0439 1256	MRxDAV - ok

18:22:29.0564 1256	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

18:22:29.0564 1256	mrxsmb - ok

18:22:29.0611 1256	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

18:22:29.0626 1256	mrxsmb10 - ok

18:22:29.0689 1256	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

18:22:29.0689 1256	mrxsmb20 - ok

18:22:29.0813 1256	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

18:22:29.0813 1256	msahci - ok

18:22:29.0891 1256	msdsm           (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

18:22:29.0891 1256	msdsm - ok

18:22:29.0969 1256	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

18:22:29.0969 1256	Msfs - ok

18:22:30.0047 1256	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

18:22:30.0047 1256	mshidkmdf - ok

18:22:30.0094 1256	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

18:22:30.0094 1256	msisadrv - ok

18:22:30.0141 1256	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

18:22:30.0157 1256	MSKSSRV - ok

18:22:30.0203 1256	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

18:22:30.0203 1256	MSPCLOCK - ok

18:22:30.0266 1256	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

18:22:30.0281 1256	MSPQM - ok

18:22:30.0328 1256	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

18:22:30.0328 1256	MsRPC - ok

18:22:30.0391 1256	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

18:22:30.0391 1256	mssmbios - ok

18:22:30.0469 1256	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

18:22:30.0469 1256	MSTEE - ok

18:22:30.0547 1256	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

18:22:30.0547 1256	MTConfig - ok

18:22:30.0578 1256	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

18:22:30.0578 1256	Mup - ok

18:22:30.0656 1256	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

18:22:30.0656 1256	NativeWifiP - ok

18:22:30.0765 1256	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

18:22:30.0765 1256	NDIS - ok

18:22:30.0937 1256	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

18:22:30.0937 1256	NdisCap - ok

18:22:30.0999 1256	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

18:22:30.0999 1256	NdisTapi - ok

18:22:31.0030 1256	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

18:22:31.0030 1256	Ndisuio - ok

18:22:31.0171 1256	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

18:22:31.0171 1256	NdisWan - ok

18:22:31.0233 1256	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

18:22:31.0249 1256	NDProxy - ok

18:22:31.0405 1256	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

18:22:31.0405 1256	NetBIOS - ok

18:22:31.0451 1256	NetBT           (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

18:22:31.0451 1256	NetBT - ok

18:22:31.0623 1256	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

18:22:31.0623 1256	nfrd960 - ok

18:22:31.0701 1256	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

18:22:31.0701 1256	Npfs - ok

18:22:31.0717 1256	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

18:22:31.0717 1256	nsiproxy - ok

18:22:31.0810 1256	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

18:22:31.0826 1256	Ntfs - ok

18:22:31.0966 1256	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

18:22:31.0966 1256	Null - ok

18:22:32.0029 1256	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

18:22:32.0044 1256	nvraid - ok

18:22:32.0153 1256	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

18:22:32.0153 1256	nvstor - ok

18:22:32.0247 1256	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

18:22:32.0247 1256	nv_agp - ok

18:22:32.0325 1256	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

18:22:32.0325 1256	ohci1394 - ok

18:22:32.0512 1256	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

18:22:32.0512 1256	Parport - ok

18:22:32.0559 1256	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

18:22:32.0559 1256	partmgr - ok

18:22:32.0606 1256	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

18:22:32.0606 1256	pci - ok

18:22:32.0731 1256	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

18:22:32.0731 1256	pciide - ok

18:22:32.0777 1256	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

18:22:32.0777 1256	pcmcia - ok

18:22:32.0793 1256	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

18:22:32.0793 1256	pcw - ok

18:22:32.0824 1256	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

18:22:32.0840 1256	PEAUTH - ok

18:22:33.0027 1256	PGEffect        (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

18:22:33.0027 1256	PGEffect - ok

18:22:33.0277 1256	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

18:22:33.0277 1256	PptpMiniport - ok

18:22:33.0323 1256	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

18:22:33.0323 1256	Processor - ok

18:22:33.0401 1256	Psched          (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

18:22:33.0401 1256	Psched - ok

18:22:33.0620 1256	PSI             (fb46e9a827a8799ebd7bfa9128c91f37) C:\windows\system32\DRIVERS\psi_mf.sys

18:22:33.0620 1256	PSI - ok

18:22:33.0698 1256	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

18:22:33.0729 1256	ql2300 - ok

18:22:33.0838 1256	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

18:22:33.0854 1256	ql40xx - ok

18:22:33.0869 1256	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

18:22:33.0869 1256	QWAVEdrv - ok

18:22:33.0885 1256	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

18:22:33.0885 1256	RasAcd - ok

18:22:33.0947 1256	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

18:22:33.0963 1256	RasAgileVpn - ok

18:22:34.0025 1256	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

18:22:34.0025 1256	Rasl2tp - ok

18:22:34.0150 1256	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

18:22:34.0150 1256	RasPppoe - ok

18:22:34.0181 1256	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

18:22:34.0197 1256	RasSstp - ok

18:22:34.0244 1256	rdbss           (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

18:22:34.0259 1256	rdbss - ok

18:22:34.0275 1256	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

18:22:34.0275 1256	rdpbus - ok

18:22:34.0384 1256	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

18:22:34.0384 1256	RDPCDD - ok

18:22:34.0415 1256	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

18:22:34.0415 1256	RDPENCDD - ok

18:22:34.0431 1256	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

18:22:34.0431 1256	RDPREFMP - ok

18:22:34.0478 1256	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys

18:22:34.0493 1256	RDPWD - ok

18:22:34.0571 1256	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

18:22:34.0571 1256	rdyboost - ok

18:22:34.0743 1256	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

18:22:34.0759 1256	rspndr - ok

18:22:34.0821 1256	RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\windows\system32\drivers\RtHDMIVX.sys

18:22:34.0821 1256	RTHDMIAzAudService - ok

18:22:34.0993 1256	RTL8167         (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\windows\system32\DRIVERS\Rt64win7.sys

18:22:34.0993 1256	RTL8167 - ok

18:22:35.0149 1256	SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

18:22:35.0149 1256	SASDIFSV - ok

18:22:35.0211 1256	SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

18:22:35.0211 1256	SASKUTIL - ok

18:22:35.0336 1256	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

18:22:35.0336 1256	sbp2port - ok

18:22:35.0383 1256	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

18:22:35.0383 1256	scfilter - ok

18:22:35.0461 1256	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys

18:22:35.0461 1256	sdbus - ok

18:22:35.0585 1256	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

18:22:35.0585 1256	secdrv - ok

18:22:35.0663 1256	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

18:22:35.0663 1256	Serenum - ok

18:22:35.0695 1256	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

18:22:35.0695 1256	Serial - ok

18:22:35.0741 1256	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

18:22:35.0741 1256	sermouse - ok

18:22:35.0866 1256	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

18:22:35.0866 1256	sffdisk - ok

18:22:35.0897 1256	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

18:22:35.0897 1256	sffp_mmc - ok

18:22:35.0913 1256	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

18:22:35.0913 1256	sffp_sd - ok

18:22:35.0944 1256	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

18:22:35.0944 1256	sfloppy - ok

18:22:36.0100 1256	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

18:22:36.0116 1256	SiSRaid2 - ok

18:22:36.0116 1256	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

18:22:36.0131 1256	SiSRaid4 - ok

18:22:36.0303 1256	SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\windows\system32\Drivers\SmartDefragDriver.sys

18:22:36.0303 1256	SmartDefragDriver - ok

18:22:36.0397 1256	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

18:22:36.0397 1256	Smb - ok

18:22:36.0506 1256	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

18:22:36.0506 1256	spldr - ok

18:22:36.0584 1256	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

18:22:36.0584 1256	srv - ok

18:22:36.0677 1256	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

18:22:36.0693 1256	srv2 - ok

18:22:36.0771 1256	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

18:22:36.0771 1256	srvnet - ok

18:22:36.0833 1256	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

18:22:36.0849 1256	stexstor - ok

18:22:36.0943 1256	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

18:22:36.0943 1256	swenum - ok

18:22:37.0099 1256	SynTP           (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys

18:22:37.0099 1256	SynTP - ok

18:22:37.0286 1256	Tcpip           (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

18:22:37.0301 1256	Tcpip - ok

18:22:37.0504 1256	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

18:22:37.0520 1256	TCPIP6 - ok

18:22:37.0660 1256	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

18:22:37.0660 1256	tcpipreg - ok

18:22:37.0723 1256	tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

18:22:37.0723 1256	tdcmdpst - ok

18:22:37.0847 1256	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

18:22:37.0847 1256	TDPIPE - ok

18:22:37.0863 1256	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

18:22:37.0863 1256	TDTCP - ok

18:22:37.0910 1256	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

18:22:37.0910 1256	tdx - ok

18:22:37.0941 1256	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

18:22:37.0957 1256	TermDD - ok

18:22:38.0128 1256	Thpdrv          (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys

18:22:38.0128 1256	Thpdrv - ok

18:22:38.0175 1256	Thpevm          (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS

18:22:38.0175 1256	Thpevm - ok

18:22:38.0393 1256	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

18:22:38.0393 1256	tssecsrv - ok

18:22:38.0487 1256	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

18:22:38.0487 1256	TsUsbFlt - ok

18:22:38.0659 1256	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

18:22:38.0659 1256	tunnel - ok

18:22:38.0752 1256	TVALZ           (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

18:22:38.0752 1256	TVALZ - ok

18:22:38.0877 1256	TVALZFL         (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

18:22:38.0877 1256	TVALZFL - ok

18:22:38.0924 1256	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

18:22:38.0924 1256	uagp35 - ok

18:22:39.0002 1256	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

18:22:39.0017 1256	udfs - ok

18:22:39.0158 1256	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

18:22:39.0158 1256	uliagpkx - ok

18:22:39.0236 1256	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

18:22:39.0236 1256	umbus - ok

18:22:39.0329 1256	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

18:22:39.0329 1256	UmPass - ok

18:22:39.0392 1256	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

18:22:39.0392 1256	usbccgp - ok

18:22:39.0485 1256	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

18:22:39.0485 1256	usbcir - ok

18:22:39.0579 1256	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

18:22:39.0579 1256	usbehci - ok

18:22:39.0641 1256	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

18:22:39.0641 1256	usbhub - ok

18:22:39.0719 1256	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys

18:22:39.0719 1256	usbohci - ok

18:22:39.0844 1256	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

18:22:39.0860 1256	usbprint - ok

18:22:39.0891 1256	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

18:22:39.0907 1256	usbscan - ok

18:22:39.0969 1256	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

18:22:39.0969 1256	USBSTOR - ok

18:22:40.0063 1256	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

18:22:40.0063 1256	usbuhci - ok

18:22:40.0172 1256	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys

18:22:40.0172 1256	usbvideo - ok

18:22:40.0250 1256	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

18:22:40.0250 1256	vdrvroot - ok

18:22:40.0375 1256	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

18:22:40.0375 1256	vga - ok

18:22:40.0406 1256	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

18:22:40.0406 1256	VgaSave - ok

18:22:40.0468 1256	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

18:22:40.0468 1256	vhdmp - ok

18:22:40.0515 1256	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

18:22:40.0531 1256	viaide - ok

18:22:40.0640 1256	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

18:22:40.0640 1256	volmgr - ok

18:22:40.0687 1256	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

18:22:40.0687 1256	volmgrx - ok

18:22:40.0765 1256	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

18:22:40.0780 1256	volsnap - ok

18:22:40.0952 1256	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

18:22:40.0952 1256	vsmraid - ok

18:22:40.0983 1256	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

18:22:40.0983 1256	vwifibus - ok

18:22:41.0061 1256	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

18:22:41.0061 1256	vwififlt - ok

18:22:41.0155 1256	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

18:22:41.0155 1256	WacomPen - ok

18:22:41.0264 1256	WANARP          (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

18:22:41.0264 1256	WANARP - ok

18:22:41.0279 1256	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

18:22:41.0279 1256	Wanarpv6 - ok

18:22:41.0404 1256	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

18:22:41.0404 1256	Wd - ok

18:22:41.0513 1256	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

18:22:41.0513 1256	Wdf01000 - ok

18:22:41.0623 1256	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

18:22:41.0638 1256	WfpLwf - ok

18:22:41.0716 1256	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

18:22:41.0716 1256	WIMMount - ok

18:22:41.0872 1256	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys

18:22:41.0872 1256	WinUsb - ok

18:22:41.0997 1256	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

18:22:41.0997 1256	WmiAcpi - ok

18:22:42.0106 1256	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

18:22:42.0106 1256	ws2ifsl - ok

18:22:42.0325 1256	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

18:22:42.0340 1256	WudfPf - ok

18:22:42.0371 1256	WUDFRd          (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

18:22:42.0371 1256	WUDFRd - ok

18:22:42.0418 1256	MBR (0x1B8)     (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0

18:22:42.0496 1256	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

18:22:42.0496 1256	\Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

18:22:42.0512 1256	MBR (0x1B8)     (0958e97b3ab14a63b915efe6013a9d24) \Device\Harddisk1\DR2

18:22:51.0591 1256	\Device\Harddisk1\DR2 - ok

18:22:51.0622 1256	Boot (0x1200)   (12a44171ac19b3789fe13ff6adf63a3c) \Device\Harddisk0\DR0\Partition0

18:22:51.0622 1256	\Device\Harddisk0\DR0\Partition0 - ok

18:22:51.0622 1256	Boot (0x1200)   (fd19a91b69e54739295717483a70f99c) \Device\Harddisk1\DR2\Partition0

18:22:51.0622 1256	\Device\Harddisk1\DR2\Partition0 - ok

18:22:51.0622 1256	============================================================

18:22:51.0622 1256	Scan finished

18:22:51.0622 1256	============================================================

18:22:51.0638 2368	Detected object count: 1

18:22:51.0638 2368	Actual detected object count: 1

18:26:25.0951 2368	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

18:26:25.0951 2368	\Device\Harddisk0\DR0 - ok

18:26:25.0951 2368	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 

18:26:33.0392 2064	Deinitialize success

the computer started faster this time (or was just my imagination?) other than that it appears to be running ok

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 AM

Posted 23 January 2012 - 06:37 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Edmorf

Edmorf
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, Fl
  • Local time:09:03 AM

Posted 23 January 2012 - 07:08 PM

Ok gringo, I did as requested, first I created the text file and named it as CFScript.txt, then I added it to the combofix which scanned the computer again, (still showing that endpoint is enabled ¿?) and rebooted, so here is the log:

ComboFix 12-01-23.02 - Eduardo 01/23/2012 18:44:32.4.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2737 [GMT -5:00]

Running from: E:\ComboFix.exe

Command switches used :: c:\users\Eduardo\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))

.

.

2012-01-23 23:52 . 2012-01-23 23:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-23 23:52 . 2012-01-23 23:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-01-20 19:24 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe

2012-01-17 20:07 . 2012-01-17 20:07 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-01-13 17:41 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2012-01-13 17:41 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2012-01-13 17:41 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2012-01-13 17:41 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2012-01-12 17:37 . 2005-04-04 04:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2012-01-12 17:37 . 2005-04-04 04:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2012-01-12 17:37 . 2005-04-04 04:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2012-01-12 17:37 . 2005-04-04 04:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2012-01-12 17:37 . 2005-04-04 03:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2012-01-12 17:37 . 2005-04-04 04:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2012-01-12 17:37 . 2012-01-12 17:37 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2012-01-12 17:37 . 2012-01-12 17:37 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2012-01-12 17:37 . 2012-01-12 17:37 -------- d-----w- c:\program files\SAS

2012-01-12 17:34 . 2012-01-12 17:34 -------- d-----w- c:\program files (x86)\SAS Institute Inc

2012-01-12 17:31 . 2012-01-12 17:31 -------- d-----w- c:\program files (x86)\SAS

2012-01-12 17:26 . 2012-01-12 17:27 -------- d-----w- C:\JMP9Trial_Install

2012-01-11 04:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 04:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-11 04:20 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-11 04:20 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 04:19 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 04:19 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 04:19 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 04:19 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2011-12-25 06:18 . 2011-12-25 06:18 -------- d-----w- c:\program files (x86)\LEGO Software

2011-12-25 06:18 . 2011-12-25 06:18 -------- d-----w- c:\program files (x86)\National Instruments

2011-12-25 06:18 . 2011-12-25 06:18 -------- d-----w- c:\program files (x86)\IVI Foundation

2011-12-25 06:17 . 2011-12-25 06:18 -------- d-----w- c:\programdata\National Instruments

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 20:24 . 2011-02-12 20:30 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 07:29 . 2011-11-25 07:29 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin

2011-11-24 04:52 . 2011-12-14 23:18 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-16 14:58 . 2011-05-18 14:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 05:41 . 2011-12-14 23:19 1188864 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 05:32 . 2011-12-14 23:17 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-14 23:18 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 04:26 . 2011-12-14 23:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-05 03:32 . 2011-12-14 23:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 02:48 . 2011-12-14 23:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-10-26 05:21 . 2011-12-14 23:20 43520 ----a-w- c:\windows\system32\csrsrv.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-20_21.35.13 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-01-23 23:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-20 21:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-20 21:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-23 23:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-01-17 20:07 . 2012-01-23 18:21 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

- 2012-01-17 20:07 . 2012-01-20 19:25 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

+ 2010-04-09 06:38 . 2012-01-23 23:55 60946 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-23 23:55 48202 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-12 18:41 . 2012-01-23 23:55 23150 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4024464562-1882195670-198379199-1001_UserData.bin

+ 2011-02-12 18:41 . 2012-01-23 23:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-12 18:41 . 2012-01-20 21:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2012-01-20 21:46 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-02-12 18:41 . 2012-01-23 23:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-12 18:41 . 2012-01-20 21:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-12 18:41 . 2012-01-23 23:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-12 18:41 . 2012-01-20 21:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-12 15:11 . 2012-01-20 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-12 15:11 . 2012-01-23 23:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-12 15:11 . 2012-01-20 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-12 15:11 . 2012-01-23 23:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-04-04 21:59 . 2012-01-23 23:26 6186 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2012-01-20 21:07 . 2012-01-20 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-23 23:53 . 2012-01-23 23:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-01-20 21:07 . 2012-01-20 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-01-23 23:53 . 2012-01-23 23:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-04-17 18:37 . 2012-01-20 21:20 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-04-17 18:37 . 2012-01-20 21:38 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 04:54 . 2012-01-23 23:53 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-20 21:38 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-13 18:40 . 2012-01-23 23:20 338690 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-01-23 18:02 632696 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-01-20 21:21 632696 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-01-23 18:02 110644 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-01-20 21:21 110644 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-01-23 23:52 495712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-01-20 21:05 495712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-01-21 07:56 . 2012-01-21 07:56 217864 c:\windows\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe

- 2012-01-12 17:34 . 2012-01-12 17:34 217864 c:\windows\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe

- 2011-08-16 22:28 . 2012-01-20 17:58 16888328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4024464562-1882195670-198379199-1001-12288.dat

+ 2011-08-16 22:28 . 2012-01-23 23:26 16888328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4024464562-1882195670-198379199-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2010-04-09 06:54 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-09 39408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-15 5486464]

"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

.

c:\users\Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Eduardo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 135664]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-04-09 332272]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-18 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 Updater Service for PDFLite Toolbar;Updater Service for PDFLite Toolbar;c:\program files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe [2011-08-02 267488]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 18:43]

.

2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 18:43]

.

2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4024464562-1882195670-198379199-1001Core.job

- c:\users\Eduardo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 18:43]

.

2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4024464562-1882195670-198379199-1001UA.job

- c:\users\Eduardo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 18:43]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2010-04-09 06:54 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-20 10134560]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-20 896032]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]

"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]

"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:61737

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\opgenzu9.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4024464562-1882195670-198379199-1001\Software\SecuROM\License information*]

"datasecu"=hex:90,47,94,f8,8d,60,41,8e,08,09,87,bc,40,2b,e3,89,84,84,f8,70,0b,

41,72,68,67,28,90,0b,b5,df,3b,42,87,d4,ca,b2,9c,e5,19,b7,bd,12,0d,8a,df,b1,\

"rkeysecu"=hex:00,f0,2c,81,d6,86,58,71,ec,d5,fb,17,89,95,3d,0e

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe

c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

.

**************************************************************************

.

Completion time: 2012-01-23 19:00:18 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-24 00:00

ComboFix2.txt 2012-01-23 18:44

ComboFix3.txt 2012-01-20 22:23

ComboFix4.txt 2012-01-20 21:47

.

Pre-Run: 93,128,695,808 bytes free

Post-Run: 93,063,749,632 bytes free

.

- - End Of File - - E2C0E9F4EE3E3653380D6978E3B017AB


Last time I didn't tell you that I got two warnings when combofix was preparing the log file... I am attaching them as images now and I think they are the same from before... Other than that, I think that the computer is starting faster and appears to be running ok (haven't checked it in the internet yet)
Posted Image

#11 Edmorf

Edmorf
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, Fl
  • Local time:09:03 AM

Posted 23 January 2012 - 07:38 PM

Gringo, I need to go offline right now, I will update tomorrow
thanks for all the help so far

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 AM

Posted 23 January 2012 - 08:47 PM

Hello

Next time you get that error restart the computer

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Edmorf

Edmorf
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, Fl
  • Local time:09:03 AM

Posted 24 January 2012 - 01:42 PM

Hi gringo,

Ok, I did as requested and here is the log:

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop CS5.1

Adobe Reader X (10.1.1)

Advanced SystemCare 4

Amazon Links

Apple Application Support

Apple Software Update

Atheros Driver Installation Program

Bejeweled 2 Deluxe

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CDisplay 1.8

Chuzzle Deluxe

Compatibility Pack for the 2007 Office system

COMSOL 4.2

DAEMON Tools Lite

Dev-C++ 5 beta 9 release (4.9.9.2)

DjVu Solo 3.1

Dropbox

EA Installer

EA Shared Game Component: Activation

EndNote X2

Enemy Territory - Quake Wars™

Escape Rosecliff Island

FATE - The Traitor Soul

FEAR Ultimate Shooter

Free Mp3 Wma Converter V 2.1

GameSpy Comrade

gbrainy 1.65

German Grammar Made Easy

Google Chrome

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

IrfanView (remove only)

ISI ResearchSoft - Export Helper

Java Auto Updater

Java™ 6 Update 20

Java™ 6 Update 26

Jewel Quest 3

JMicron Flash Media Controller Driver

JMP 9

JMP Profiler Core

JMP Profiler GUI

K-Lite Codec Pack 6.9.0 (Full)

LEGO MINDSTORMS NXT - English Language Pack

LEGO MINDSTORMS NXT Migration Package

LEGO MINDSTORMS NXT Software v2.0

Malwarebytes Anti-Malware version 1.60.0.1800

Mass Effect

Mass Effect 2

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 8.0 (x86 en-US)

NVIDIA PhysX

Origin

PDF Settings CS5

PDFlite 0.4

PDFLite Toolbar

Penguins!

Picasa 3

Polar Bowler

Quickbooks Financial Center

QuickTime

Real Alternative 2.0.2

Realtek Ethernet Controller Driver For Windows 7

Realtek HDMI Audio Driver for ATI

Realtek High Definition Audio Driver

Secunia PSI (2.0.0.4003)

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Sid Meier's Civilization 4 - Warlords

Skype Click to Call

Skype Launcher

Skype™ 5.5

Smart Defrag 2

TOSHIBA Application Installer

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA eco Utility

TOSHIBA Face Recognition

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

Toshiba Online Backup

TOSHIBA Quality Application

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Sleep Utility

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Utility Common Driver

Virtual Families

Virtual Villagers - The Secret City

WildTangent Games

WildTangent ORB Game Console

Winamp

Winamp Detector Plug-in

Windows Live Sync

Wolfram CDF Player (M-WIN-D 8.0.4 2609533)

Zuma's Revenge



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 AM

Posted 25 January 2012 - 07:54 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Java™ 6 Update 20
Java™ 6 Update 26


and click on remove



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Edmorf

Edmorf
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, Fl
  • Local time:09:03 AM

Posted 25 January 2012 - 11:08 AM

Hi gringo,

Ok, I did as requested, and after installing the new version of java (and getting rid of the previous 2 ones) I installed the TFC which got rid of many files..., then I did the malwarebytes(which was updated to its latest version), fast scan and here are the results(found one trojan agent):

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.25.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Eduardo :: TOSHI-MOROSHI [administrator]

1/25/2012 10:45:29 AM
mbam-log-2012-01-25 (10-45-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194316
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


I did later the hijack this, and here is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:15 AM, on 1/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Eduardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eduardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eduardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eduardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Eduardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eduardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eduardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eduardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eduardo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61737
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - Startup: Dropbox.lnk = Eduardo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service for PDFLite Toolbar - Unknown owner - C:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10914 bytes


this computer is now connected to the internet, and apparently is running ok. I uninstalled firefox because it wasn't working, now I am using google chrome




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users