Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google keeps redirecting


  • This topic is locked This topic is locked
14 replies to this topic

#1 mandango

mandango

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 28 April 2012 - 02:08 AM

hi there
i was successful in fixing all the bugs from the Smart HDD virus following your instruction manuals except for the google redirects. I have tried a number of fixes to solve it but none worked.

Note that the GMER scan came up with a nil report, hence no ark file is attached. Pls also note that it only aloowed me to check the boxes for services, registry, files and c:\

Thanks for your help!
Kind regards
Dan

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Chen at 15:56:58 on 2012-04-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3559.1682 [GMT 10:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.news.com.au/
uDefault_Page_URL = hxxp://toshiba.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ReImage Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: ReImage Browser Helper: {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [adcbcaaefdacdct] "C:\ProgramData\adcbcaaefdacdct.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BD2C892E-6EC1-4CD6-B39C-F402F96C8BF2} : DhcpNameServer = 192.168.1.254
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ReImage Helper Verifier: {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll
BHO-X64: Update Timer - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: ReImage Browser Helper: {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll
BHO-X64: script helper for ie - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun-x64: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-20 1160824]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120427.001\IDSviA64.sys [2012-4-28 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-29 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-11 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-16 654408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [2012-4-16 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [?]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [2012-4-15 103792]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [2012-4-15 126392]
R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-1-18 995744]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-4-8 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-16 138360]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-4-15 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-9 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-2 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 OlmarikFixer;Olmarik fixer kernel-mode driver;\??\C:\windows\system32\drivers\OlmarikFixer.sys --> C:\windows\system32\drivers\OlmarikFixer.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-04-28 05:20:25 -------- d-----w- C:\Users\Chen\AppData\Local\{38B993D1-F079-4512-B3B8-429E1CC2585F}
2012-04-28 05:12:01 -------- d-----w- C:\Users\Chen\AppData\Local\{600EB53C-EC07-4B08-9040-DB9698626CD6}
2012-04-28 01:11:07 -------- d-----w- C:\Users\Chen\AppData\Local\{07B7F389-4CB5-4CC1-B5EC-BD474F82A30A}
2012-04-27 12:37:03 -------- d-----w- C:\Users\Chen\AppData\Local\{46266ABA-E2F5-41FF-B1C0-8C29FC8DCC10}
2012-04-27 12:34:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-27 12:11:03 29000 ----a-w- C:\windows\System32\drivers\OlmarikFixer.sys
2012-04-27 10:46:23 110080 ----a-r- C:\Users\Chen\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconF7A21AF7.exe
2012-04-27 10:46:23 110080 ----a-r- C:\Users\Chen\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconD7F16134.exe
2012-04-27 10:46:23 110080 ----a-r- C:\Users\Chen\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\Icon1226A4C5.exe
2012-04-27 10:46:23 -------- d-----w- C:\sh4ldr
2012-04-27 10:46:23 -------- d-----w- C:\Program Files\Enigma Software Group
2012-04-27 10:46:01 -------- d-----w- C:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-27 10:45:58 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-04-27 09:58:34 -------- d-----w- C:\Users\Chen\AppData\Local\{4501426F-4B26-4528-B23E-3905DB84B493}
2012-04-26 10:27:44 -------- d-----w- C:\Users\Chen\AppData\Local\{0A69F058-5760-4E7B-8F67-2924418105F9}
2012-04-26 02:16:57 -------- d-----w- C:\Users\Chen\AppData\Local\Adobe
2012-04-26 00:13:13 -------- d-----w- C:\Users\Chen\AppData\Local\{F4250AD5-78B4-420E-946B-89C7D7999E7A}
2012-04-25 09:39:58 -------- d-----w- C:\Users\Chen\AppData\Local\{1B9CAE99-EB28-47DA-A23E-D7C3A9FD6BF6}
2012-04-25 08:28:36 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6850a2741cd22bd01\DXSETUP.exe
2012-04-25 08:28:36 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\68d12cc31cd22bd02\MeshBetaRemover.exe
2012-04-25 08:28:35 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6850a2741cd22bd01\DSETUP.dll
2012-04-25 08:28:35 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6850a2741cd22bd01\dsetup32.dll
2012-04-25 08:28:25 -------- d-----w- C:\Users\Chen\AppData\Local\{87285B9E-4FEA-4AF3-8FE0-E21532721338}
2012-04-25 08:27:16 -------- d-----w- C:\Users\Chen\AppData\Local\{46FE0C69-0E00-4924-9699-545AF4F308E1}
2012-04-25 05:03:11 -------- d-----w- C:\Users\Chen\AppData\Local\{532C22E4-ECDD-4261-86F9-E9F2EA1D4AD5}
2012-04-24 22:02:32 -------- d-----w- C:\Users\Chen\AppData\Local\{B99F9843-91FD-4F4F-B805-F6CC2ECE06F6}
2012-04-24 13:03:09 -------- d-----w- C:\Users\Chen\AppData\Local\{80FCC312-E0F7-4707-AEC3-AC1B13D6637D}
2012-04-24 08:07:53 -------- d-----w- C:\Users\Chen\AppData\Local\Tific
2012-04-22 03:50:56 -------- d-----w- C:\Users\Chen\AppData\Local\{7DFC677B-D455-4190-A8D1-9C8403603604}
2012-04-22 01:01:05 -------- d-----w- C:\Users\Chen\AppData\Local\{4A8DFB3C-BE91-4A3F-B3D3-C167BC86A6BA}
2012-04-21 11:21:30 -------- d-----w- C:\Users\Chen\AppData\Local\{B29A6FA3-547A-4E63-A2C5-72013F65EA93}
2012-04-21 06:57:41 -------- d-----w- C:\Users\Chen\AppData\Local\{266369A8-F569-422C-A214-6D6AA66F8C3A}
2012-04-20 22:54:11 -------- d-----w- C:\Users\Chen\AppData\Local\{EB7DDF92-CD73-44F2-A80A-AFE68A9F32BC}
2012-04-20 10:33:38 -------- d-----w- C:\Users\Chen\AppData\Local\{696478B4-4700-40E7-9505-18A3CF5C5F79}
2012-04-19 10:50:38 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-04-19 09:35:12 -------- d-----w- C:\Users\Chen\AppData\Local\{572EA269-C8B0-4296-95A5-F994AFA2FE80}
2012-04-18 11:38:12 -------- d-----w- C:\Users\Chen\AppData\Roaming\SoftGrid Client
2012-04-18 11:38:12 -------- d-----w- C:\Users\Chen\AppData\Local\SoftGrid Client
2012-04-18 11:37:15 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-04-18 11:36:56 -------- d-----w- C:\Users\Chen\AppData\Roaming\TP
2012-04-18 10:54:50 -------- d-----w- C:\Users\Chen\AppData\Local\{8B2B324A-B2DC-4E3F-BD59-12B436AF71AC}
2012-04-16 22:23:07 -------- d-----w- C:\Users\Chen\AppData\Local\{FE3076B6-63E3-4870-A841-6875BCD5457E}
2012-04-16 11:41:40 -------- d-----w- C:\Users\Chen\AppData\Local\{42A031F3-8E4D-4B09-8677-668204A2EDC4}
2012-04-16 10:53:14 912504 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symefa64.sys
2012-04-16 10:53:14 450680 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symds64.sys
2012-04-16 10:53:14 386168 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symnets.sys
2012-04-16 10:53:13 744568 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\srtsp64.sys
2012-04-16 10:53:13 40568 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\srtspx64.sys
2012-04-16 10:53:13 171128 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\ironx64.sys
2012-04-16 10:53:02 -------- d-----w- C:\windows\System32\drivers\NISx64\1207010.003
2012-04-16 07:30:06 -------- d-----w- C:\Users\Chen\AppData\Local\{DFC6BC12-F817-4D6C-9412-FC7FAE60A6A2}
2012-04-16 07:21:30 -------- d-----w- C:\windows\SysWow64\Wat
2012-04-16 07:21:30 -------- d-----w- C:\windows\System32\Wat
2012-04-16 07:09:59 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-16 06:21:35 -------- d-----w- C:\Users\Chen\AppData\Roaming\Malwarebytes
2012-04-16 06:21:15 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-04-16 06:21:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-16 06:21:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-16 05:59:44 -------- d-----w- C:\rei
2012-04-16 05:59:40 -------- d-----w- C:\Program Files\Reimage
2012-04-16 05:59:37 -------- d-----w- C:\Program Files (x86)\ReImageCompanion
2012-04-16 04:20:58 -------- d-----w- C:\Users\Chen\AppData\Local\{55465910-02B7-48BB-ABF9-48DB6E68585F}
2012-04-16 03:45:07 -------- d-----w- C:\Users\Chen\AppData\Roaming\Tific
2012-04-16 03:08:21 -------- d-----w- C:\Users\Chen\AppData\Local\{5B7EC2D2-5929-4B05-B927-997B1C0B8201}
2012-04-16 02:45:11 -------- d-----w- C:\Users\Chen\AppData\Local\{9415C0B6-496F-4612-A864-A730B5C360C6}
2012-04-16 02:28:43 90112 ----a-w- C:\ProgramData\adcbcaaefdacdct.exe
2012-04-16 00:11:40 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-04-15 23:00:59 427520 ----a-w- C:\windows\SysWow64\SearchIndexer.exe
2012-04-15 22:59:37 421888 ----a-w- C:\windows\System32\KernelBase.dll
2012-04-15 22:58:52 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-04-15 22:58:52 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-04-15 22:57:14 -------- d-----w- C:\Users\Chen\AppData\Local\{F90F0E8A-67EA-4084-B021-424021A68321}
2012-04-15 21:15:02 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-15 21:15:02 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-15 21:15:02 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-15 21:15:02 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-15 21:15:02 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-15 21:15:02 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-15 21:15:02 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-15 21:13:20 77312 ----a-w- C:\windows\System32\packager.dll
2012-04-15 21:13:20 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-04-15 21:04:33 -------- d-----w- C:\Users\Chen\AppData\Local\{EAC0DDA8-BAEC-488A-A5AA-BB6320820172}
2012-04-15 14:06:38 -------- d-----w- C:\Users\Chen\AppData\Local\{09C25146-AEC4-4852-B2FD-5554469B53E6}
2012-04-15 12:36:57 -------- d-----w- C:\Users\Chen\AppData\Local\Windows Live
2012-04-15 12:33:20 -------- d-----w- C:\Users\Chen\AppData\Roaming\Windows Live Writer
2012-04-15 12:33:20 -------- d-----w- C:\Users\Chen\AppData\Local\Windows Live Writer
2012-04-15 12:32:20 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-15 12:32:19 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-15 12:32:19 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-15 12:32:18 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-04-15 12:32:18 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-04-15 12:32:18 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-15 12:32:18 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-04-15 12:28:32 -------- d-----w- C:\Users\Chen\AppData\Local\ATI
2012-04-15 12:28:23 -------- d-----w- C:\Users\Chen\AppData\Local\Toshiba
2012-04-15 12:27:10 -------- d-----w- C:\Users\Chen\AppData\Local\VirtualStore
2012-04-15 11:04:17 -------- d-----w- C:\ProgramData\Symantec
2012-04-15 11:04:17 -------- d-----w- C:\Program Files (x86)\Symantec
2012-04-15 11:03:58 -------- d-----w- C:\windows\System32\drivers\NortonPCCheckupx64\0200030.0CA
2012-04-15 11:03:58 -------- d-----w- C:\windows\System32\drivers\NortonPCCheckupx64
2012-04-15 11:03:58 -------- d-----w- C:\Program Files\Norton PC Checkup
2012-04-15 11:03:58 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup
2012-04-15 11:03:31 174200 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-04-15 11:03:31 -------- d-----w- C:\Program Files\Symantec
2012-04-15 11:03:31 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-04-15 11:03:00 -------- d-----w- C:\windows\System32\drivers\NISx64
2012-04-15 11:02:58 -------- d-----w- C:\ProgramData\Norton
2012-04-15 11:02:58 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-04-15 11:01:59 -------- d-----w- C:\ProgramData\NortonInstaller
2012-04-15 11:01:59 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-04-15 11:01:45 -------- d-----w- C:\Program Files (x86)\Amazon
2012-04-15 11:01:20 -------- d-----r- C:\Program Files (x86)\Skype
2012-04-15 10:59:04 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-04-15 10:56:45 -------- d-----w- C:\ProgramData\WildTangent
2012-04-15 10:56:45 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2012-04-15 10:56:45 -------- d-----w- C:\Program Files (x86)\TOSHIBA Games
2012-04-15 10:52:19 138656 ----a-w- C:\windows\System32\TODDSrv.exe
2012-04-15 10:51:41 -------- d-----w- C:\Program Files (x86)\TOSHIBA Corporation
2012-04-15 10:47:37 14112 ----a-w- C:\windows\System32\drivers\regi.sys
2012-04-15 10:47:23 -------- d-----w- C:\Program Files (x86)\Common Files\InterVideo
2012-04-15 10:46:45 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis
2012-04-15 10:46:30 -------- d-----w- C:\ProgramData\Corel
2012-04-15 10:46:30 -------- d-----w- C:\Program Files (x86)\Corel
2012-04-15 10:44:16 -------- d-----w- C:\Program Files (x86)\Common Files\Toshiba Shared
2012-04-15 10:44:12 482384 ----a-w- C:\windows\System32\drivers\tos_sps64.sys
2012-04-15 10:44:10 4178264 ----a-w- C:\windows\SysWow64\D3DX9_41.dll
2012-04-15 10:43:49 38096 ----a-w- C:\windows\System32\drivers\PGEffect.sys
2012-04-15 10:38:11 99320 ----a-w- C:\windows\System32\tosWirelessLANIndicatorCP.dll
2012-04-15 10:37:43 -------- d-----w- C:\windows\SysWow64\sda
2012-04-15 10:37:35 307304 ----a-w- C:\windows\System32\drivers\rtsuvstor.sys
2012-04-15 10:37:35 250984 ----a-w- C:\windows\System32\drivers\RtsUStor.sys
2012-04-15 10:37:34 9888360 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll
2012-04-15 10:37:34 422504 ----a-w- C:\windows\System32\RtsUStor.dll
2012-04-15 10:37:34 -------- d-----w- C:\Program Files (x86)\Realtek
2012-04-15 10:36:50 -------- d-----w- C:\windows\SysWow64\Atheros_L1e
2012-04-15 10:35:58 40832 ----a-w- C:\windows\System32\drivers\TosBtCi.dll
2012-04-15 10:35:01 42096 ----a-r- C:\windows\System32\drivers\btfilter.sys
2012-04-15 10:34:20 -------- d-----w- C:\Program Files (x86)\TOH Class Filter
2012-04-15 10:32:28 -------- d-----w- C:\Program Files\Synaptics
2012-04-15 10:31:21 63648 ----a-w- C:\windows\System32\athihvui.dll
2012-04-15 10:31:21 443040 ----a-w- C:\windows\System32\athihvs.dll
2012-04-15 10:31:21 2675712 ----a-w- C:\windows\System32\drivers\athrx.sys
2012-04-15 10:31:21 -------- d-----w- C:\windows\System32\nn-NO
2012-04-15 10:31:21 -------- d-----w- C:\windows\Options
2012-04-15 10:31:21 -------- d-----w- C:\Program Files (x86)\Atheros
2012-04-15 10:30:34 -------- d-----w- C:\ProgramData\Atheros
2012-04-15 10:28:00 -------- d-----w- C:\Program Files\CONEXANT
2012-04-15 10:25:45 116752 ----a-w- C:\windows\System32\drivers\AtihdW76.sys
2012-04-15 10:22:42 -------- d-----w- C:\Program Files (x86)\Toshiba
2012-04-15 10:22:11 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2012-04-15 10:22:11 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2012-04-15 10:21:18 0 ----a-w- C:\windows\ativpsrm.bin
2012-04-15 10:20:12 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-04-15 10:20:12 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-04-15 10:16:22 -------- d-----w- C:\TOSHIBA
2012-04-15 10:15:36 -------- d-sh--w- C:\$RECYCLE.BIN
.
==================== Find3M ====================
.
2012-03-06 06:53:37 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 15:57:56.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 AM

Posted 28 April 2012 - 02:21 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mandango

mandango
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 29 April 2012 - 02:55 AM

Hi Gringo

Thanks for getting back so quick.
I ran combofix and it seems to have done the trick. Tried both google and bing a dozen times without any issues. I keep my fingers crossed and if you don't hear from me over the next couple of days it should be all good unless you see something else that needs attention in the combofix log below.

Thanks a million and best regards
Dan

ComboFix 12-04-28.01 - Chen 29/04/2012 16:39:32.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3559.2056 [GMT 10:00]
Running from: c:\users\Chen\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\adcbcaaefdacdct.exe
c:\programdata\bCCcUpqSkJDinQ
c:\users\Chen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
c:\users\Chen\Desktop\SMART_HDD.lnk
c:\windows\SysWow64\bdaplgin.ax
c:\windows\SysWow64\cero.rs
c:\windows\SysWow64\csrr.rs
c:\windows\SysWow64\esrb.rs
c:\windows\SysWow64\g711codc.ax
c:\windows\SysWow64\grb.rs
c:\windows\SysWow64\iac25_32.ax
c:\windows\SysWow64\ir41_32.ax
c:\windows\SysWow64\ivfsrc.ax
c:\windows\SysWow64\ksproxy.ax
c:\windows\SysWow64\kstvtune.ax
c:\windows\SysWow64\Kswdmcap.ax
c:\windows\SysWow64\ksxbar.ax
c:\windows\SysWow64\Mpeg2Data.ax
c:\windows\SysWow64\mpg2splt.ax
c:\windows\SysWow64\MSDvbNP.ax
c:\windows\SysWow64\MSNP.ax
c:\windows\SysWow64\oflc.rs
c:\windows\SysWow64\pegi-fi.rs
c:\windows\SysWow64\pegi-pt.rs
c:\windows\SysWow64\pegi.rs
c:\windows\SysWow64\pegibbfc.rs
c:\windows\SysWow64\psisrndr.ax
c:\windows\SysWow64\usk.rs
c:\windows\SysWow64\VBICodec.ax
c:\windows\SysWow64\vbisurf.ax
c:\windows\SysWow64\vidcap.ax
c:\windows\SysWow64\WEB.rs
c:\windows\SysWow64\WSTPager.ax
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 06:57 . 2012-04-29 06:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 12:34 . 2012-04-27 12:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-27 12:11 . 2012-04-27 12:11 29000 ----a-w- c:\windows\system32\drivers\OlmarikFixer.sys
2012-04-27 10:46 . 2012-04-27 10:46 -------- d-----w- C:\sh4ldr
2012-04-27 10:46 . 2012-04-27 10:46 -------- d-----w- c:\program files\Enigma Software Group
2012-04-27 10:46 . 2012-04-27 10:46 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-27 10:45 . 2012-04-27 10:45 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-25 08:28 . 2012-04-25 08:28 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6850a2741cd22bd01\DXSETUP.exe
2012-04-25 08:28 . 2012-04-25 08:28 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\68d12cc31cd22bd02\MeshBetaRemover.exe
2012-04-25 08:28 . 2012-04-25 08:28 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6850a2741cd22bd01\DSETUP.dll
2012-04-25 08:28 . 2012-04-25 08:28 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6850a2741cd22bd01\dsetup32.dll
2012-04-19 10:50 . 2012-04-20 07:43 -------- d-----w- c:\programdata\VirtualizedApplications
2012-04-18 11:37 . 2012-04-19 12:20 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-04-16 07:21 . 2012-04-16 07:21 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-16 07:21 . 2012-04-16 07:21 -------- d-----w- c:\windows\system32\Wat
2012-04-16 07:09 . 2012-04-16 07:09 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-16 06:21 . 2012-04-16 06:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-16 06:21 . 2012-04-16 06:21 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 06:21 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-16 05:59 . 2012-04-16 06:01 -------- d-----w- C:\rei
2012-04-16 05:59 . 2012-04-16 05:59 -------- d-----w- c:\program files\Reimage
2012-04-16 05:59 . 2012-04-16 05:59 -------- d-----w- c:\program files (x86)\ReImageCompanion
2012-04-16 00:11 . 2012-04-16 00:11 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-04-15 23:00 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-04-15 22:59 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-04-15 22:58 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-15 22:58 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-15 21:15 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-15 21:15 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-15 21:15 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-15 21:15 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-15 21:15 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-15 21:15 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-15 21:15 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-15 21:13 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-15 21:13 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-15 12:32 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-15 12:32 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-15 12:32 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-15 12:32 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-15 12:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-15 12:32 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-15 12:32 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-15 12:24 . 2012-04-15 12:24 -------- d-----w- c:\users\Public\Symantec
2012-04-15 12:24 . 2012-04-28 05:46 -------- d-----w- c:\users\Chen
2012-04-15 11:04 . 2012-04-15 11:04 -------- d-----w- c:\programdata\Symantec
2012-04-15 11:04 . 2012-04-15 11:04 -------- d-----w- c:\program files (x86)\Symantec
2012-04-15 11:03 . 2012-04-15 11:04 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2012-04-15 11:03 . 2012-04-15 11:03 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2012-04-15 11:03 . 2012-04-15 11:03 -------- d-----w- c:\program files\Norton PC Checkup
2012-04-15 11:03 . 2012-04-15 23:22 -------- d-----w- c:\program files\Symantec
2012-04-15 11:03 . 2012-04-15 23:22 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-15 11:03 . 2012-04-15 11:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-15 11:03 . 2012-04-16 22:19 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-04-15 11:02 . 2012-04-15 12:26 -------- d-----w- c:\programdata\Norton
2012-04-15 11:02 . 2012-04-15 11:03 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-04-15 11:01 . 2012-04-15 11:03 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-04-15 11:01 . 2012-04-15 11:01 -------- d-----w- c:\program files (x86)\Amazon
2012-04-15 11:01 . 2012-04-15 11:01 -------- d-----r- c:\program files (x86)\Skype
2012-04-15 11:01 . 2012-04-15 11:01 -------- d-----w- c:\programdata\Skype
2012-04-15 10:59 . 2012-04-15 10:59 -------- d-----w- c:\program files (x86)\Microsoft
2012-04-15 10:56 . 2012-04-15 21:06 -------- d-----w- c:\programdata\WildTangent
2012-04-15 10:56 . 2012-04-15 10:58 -------- d-----w- c:\program files (x86)\TOSHIBA Games
2012-04-15 10:56 . 2012-04-15 10:56 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-04-15 10:53 . 2012-04-15 10:53 -------- d-----w- c:\windows\SysWow64\Macromed
2012-04-15 10:52 . 2010-10-20 21:41 138656 ----a-w- c:\windows\system32\TODDSrv.exe
2012-04-15 10:51 . 2012-04-15 10:51 -------- d-----w- c:\program files (x86)\TOSHIBA Corporation
2012-04-15 10:47 . 2007-04-17 18:51 14112 ----a-w- c:\windows\system32\drivers\regi.sys
2012-04-15 10:47 . 2012-04-15 10:47 -------- d-----w- c:\program files (x86)\Common Files\InterVideo
2012-04-15 10:46 . 2012-04-15 10:46 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2012-04-15 10:46 . 2012-04-15 10:46 -------- d-----w- c:\programdata\Corel
2012-04-15 10:46 . 2012-04-15 10:46 -------- d-----w- c:\program files (x86)\Corel
2012-04-15 10:44 . 2012-04-15 10:44 -------- d-----w- c:\program files (x86)\Common Files\Toshiba Shared
2012-04-15 10:44 . 2011-04-26 03:51 482384 ----a-w- c:\windows\system32\drivers\tos_sps64.sys
2012-04-15 10:44 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-04-15 10:43 . 2011-02-09 02:07 38096 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2012-04-15 10:39 . 2012-04-15 10:58 -------- d-----w- c:\programdata\TOSHIBA
2012-04-15 10:38 . 2011-02-17 23:42 99320 ----a-w- c:\windows\system32\tosWirelessLANIndicatorCP.dll
2012-04-15 10:37 . 2012-04-15 10:37 -------- d-----w- c:\windows\SysWow64\sda
2012-04-15 10:37 . 2010-12-01 23:12 250984 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-04-15 10:37 . 2010-11-30 21:40 307304 ----a-w- c:\windows\system32\drivers\rtsuvstor.sys
2012-04-15 10:37 . 2012-04-15 10:37 -------- d-----w- c:\program files (x86)\Realtek
2012-04-15 10:37 . 2010-12-01 23:12 9888360 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-04-15 10:37 . 2010-12-01 23:12 422504 ----a-w- c:\windows\system32\RtsUStor.dll
2012-04-15 10:36 . 2012-04-15 10:36 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-04-15 10:35 . 2009-06-19 04:42 40832 ----a-w- c:\windows\system32\drivers\TosBtCi.dll
2012-04-15 10:35 . 2010-10-18 21:14 42096 ----a-r- c:\windows\system32\drivers\btfilter.sys
2012-04-15 10:34 . 2012-04-15 10:34 -------- d-----w- c:\program files (x86)\TOH Class Filter
2012-04-15 10:32 . 2012-04-15 10:32 -------- d-----w- c:\program files\Synaptics
2012-04-15 10:31 . 2012-04-15 10:31 -------- d-----w- c:\windows\system32\nn-NO
2012-04-15 10:31 . 2012-04-15 10:31 -------- d-----w- c:\windows\Options
2012-04-15 10:31 . 2012-04-15 10:31 -------- d-----w- c:\program files (x86)\Atheros
2012-04-15 10:31 . 2010-12-21 02:20 63648 ----a-w- c:\windows\system32\athihvui.dll
2012-04-15 10:31 . 2010-12-21 02:20 443040 ----a-w- c:\windows\system32\athihvs.dll
2012-04-15 10:31 . 2010-12-18 02:46 2675712 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-04-15 10:30 . 2012-04-15 10:31 -------- d-----w- c:\programdata\Atheros
2012-04-15 10:28 . 2012-04-15 10:28 -------- d-----w- c:\program files\CONEXANT
2012-04-15 10:25 . 2010-09-24 14:46 116752 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-04-15 10:22 . 2012-04-15 10:53 -------- d-----w- c:\program files (x86)\Toshiba
2012-04-15 10:22 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2012-04-15 10:22 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2012-04-15 10:21 . 2012-04-15 10:21 -------- d-----w- c:\programdata\ATI
2012-04-15 10:21 . 2012-04-15 10:21 0 ----a-w- c:\windows\ativpsrm.bin
2012-04-15 10:20 . 2012-04-15 10:20 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-15 10:20 . 2012-04-15 10:20 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-04-15 10:16 . 2012-04-15 11:04 -------- d-----w- C:\TOSHIBA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 12:35 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-24 336384]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-05-04 1110360]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 OlmarikFixer;Olmarik fixer kernel-mode driver;c:\windows\system32\drivers\OlmarikFixer.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120427.001\IDSvia64.sys [2012-04-12 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [2010-02-02 103792]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [2009-08-24 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-15 138360]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.news.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 192.168.1.254
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\ReImageCompanion\tdataprotocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-adcbcaaefdacdct - c:\programdata\adcbcaaefdacdct.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-Browser companion helper - c:\program files (x86)\BrowserCompanion\BCHelper.exe
SafeBoot-15231349.sys
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2012-04-29 17:21:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-29 07:21
.
Pre-Run: 585,139,679,232 bytes free
Post-Run: 584,998,051,840 bytes free
.
- - End Of File - - BC6905D80FCAD06069AB1A16797E6385

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 AM

Posted 29 April 2012 - 05:29 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mandango

mandango
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 29 April 2012 - 06:59 AM

hi gringo

the reports from TDSS killer aswMBR are pasted below

best regards
Dan



21:32:33.0933 5152 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
21:32:35.0181 5152 ============================================================
21:32:35.0181 5152 Current date / time: 2012/04/29 21:32:35.0181
21:32:35.0181 5152 SystemInfo:
21:32:35.0181 5152
21:32:35.0181 5152 OS Version: 6.1.7601 ServicePack: 1.0
21:32:35.0181 5152 Product type: Workstation
21:32:35.0181 5152 ComputerName: CHEN-PC
21:32:35.0181 5152 UserName: Chen
21:32:35.0181 5152 Windows directory: C:\windows
21:32:35.0181 5152 System windows directory: C:\windows
21:32:35.0181 5152 Running under WOW64
21:32:35.0181 5152 Processor architecture: Intel x64
21:32:35.0181 5152 Number of processors: 4
21:32:35.0181 5152 Page size: 0x1000
21:32:35.0181 5152 Boot type: Normal boot
21:32:35.0181 5152 ============================================================
21:32:36.0912 5152 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:32:36.0928 5152 ============================================================
21:32:36.0928 5152 \Device\Harddisk0\DR0:
21:32:36.0928 5152 MBR partitions:
21:32:36.0928 5152 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48AE1800
21:32:36.0928 5152 ============================================================
21:32:36.0959 5152 C: <-> \Device\Harddisk0\DR0\Partition0
21:32:36.0959 5152 ============================================================
21:32:36.0959 5152 Initialize success
21:32:36.0959 5152 ============================================================
21:32:53.0043 2220 ============================================================
21:32:53.0043 2220 Scan started
21:32:53.0043 2220 Mode: Manual;
21:32:53.0043 2220 ============================================================
21:32:55.0570 2220 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:32:55.0570 2220 1394ohci - ok
21:32:55.0632 2220 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:32:55.0648 2220 ACPI - ok
21:32:55.0663 2220 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:32:55.0663 2220 AcpiPmi - ok
21:32:55.0741 2220 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
21:32:55.0741 2220 adp94xx - ok
21:32:55.0773 2220 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
21:32:55.0773 2220 adpahci - ok
21:32:55.0804 2220 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
21:32:55.0804 2220 adpu320 - ok
21:32:55.0819 2220 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:32:55.0819 2220 AeLookupSvc - ok
21:32:55.0866 2220 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
21:32:55.0882 2220 AFD - ok
21:32:55.0913 2220 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:32:55.0913 2220 agp440 - ok
21:32:55.0929 2220 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:32:55.0929 2220 ALG - ok
21:32:55.0960 2220 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:32:55.0960 2220 aliide - ok
21:32:56.0022 2220 AMD External Events Utility (1a79b2153a4827e719dbec3049e2e363) C:\windows\system32\atiesrxx.exe
21:32:56.0022 2220 AMD External Events Utility - ok
21:32:56.0038 2220 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:32:56.0038 2220 amdide - ok
21:32:56.0069 2220 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
21:32:56.0085 2220 AmdK8 - ok
21:32:56.0584 2220 amdkmdag (0b1f1b34307ff83fb771bfedcd47fc8d) C:\windows\system32\DRIVERS\atikmdag.sys
21:32:56.0802 2220 amdkmdag - ok
21:32:56.0958 2220 amdkmdap (253a2752d51458f504dfd174d7529301) C:\windows\system32\DRIVERS\atikmpag.sys
21:32:56.0958 2220 amdkmdap - ok
21:32:57.0005 2220 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
21:32:57.0005 2220 AmdPPM - ok
21:32:57.0052 2220 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:32:57.0052 2220 amdsata - ok
21:32:57.0083 2220 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
21:32:57.0083 2220 amdsbs - ok
21:32:57.0099 2220 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:32:57.0114 2220 amdxata - ok
21:32:57.0145 2220 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:32:57.0145 2220 AppID - ok
21:32:57.0177 2220 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:32:57.0192 2220 AppIDSvc - ok
21:32:57.0223 2220 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
21:32:57.0223 2220 Appinfo - ok
21:32:57.0301 2220 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
21:32:57.0301 2220 arc - ok
21:32:57.0317 2220 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
21:32:57.0317 2220 arcsas - ok
21:32:57.0364 2220 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:32:57.0364 2220 AsyncMac - ok
21:32:57.0364 2220 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:32:57.0364 2220 atapi - ok
21:32:57.0535 2220 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys
21:32:57.0598 2220 athr - ok
21:32:57.0754 2220 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\windows\system32\drivers\AtihdW76.sys
21:32:57.0754 2220 AtiHDAudioService - ok
21:32:57.0816 2220 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:32:57.0832 2220 AudioEndpointBuilder - ok
21:32:57.0832 2220 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:32:57.0832 2220 AudioSrv - ok
21:32:57.0879 2220 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
21:32:57.0879 2220 AxInstSV - ok
21:32:57.0941 2220 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
21:32:57.0957 2220 b06bdrv - ok
21:32:57.0988 2220 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:32:58.0003 2220 b57nd60a - ok
21:32:58.0081 2220 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:32:58.0097 2220 BBSvc - ok
21:32:58.0144 2220 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:32:58.0159 2220 BDESVC - ok
21:32:58.0206 2220 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:32:58.0206 2220 Beep - ok
21:32:58.0284 2220 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
21:32:58.0284 2220 BFE - ok
21:32:58.0487 2220 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
21:32:58.0503 2220 BHDrvx64 - ok
21:32:58.0690 2220 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
21:32:58.0721 2220 BITS - ok
21:32:58.0799 2220 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:32:58.0799 2220 blbdrive - ok
21:32:58.0861 2220 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:32:58.0861 2220 bowser - ok
21:32:58.0908 2220 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
21:32:58.0924 2220 BrFiltLo - ok
21:32:58.0939 2220 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
21:32:58.0955 2220 BrFiltUp - ok
21:32:59.0002 2220 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
21:32:59.0017 2220 BridgeMP - ok
21:32:59.0064 2220 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
21:32:59.0064 2220 Browser - ok
21:32:59.0111 2220 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:32:59.0111 2220 Brserid - ok
21:32:59.0142 2220 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:32:59.0142 2220 BrSerWdm - ok
21:32:59.0158 2220 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:32:59.0158 2220 BrUsbMdm - ok
21:32:59.0173 2220 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:32:59.0173 2220 BrUsbSer - ok
21:32:59.0220 2220 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys
21:32:59.0220 2220 BtFilter - ok
21:32:59.0251 2220 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
21:32:59.0251 2220 BTHMODEM - ok
21:32:59.0298 2220 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
21:32:59.0314 2220 bthserv - ok
21:32:59.0361 2220 catchme - ok
21:32:59.0407 2220 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:32:59.0407 2220 cdfs - ok
21:32:59.0454 2220 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:32:59.0454 2220 cdrom - ok
21:32:59.0501 2220 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:32:59.0501 2220 CertPropSvc - ok
21:32:59.0595 2220 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
21:32:59.0610 2220 cfWiMAXService - ok
21:32:59.0673 2220 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
21:32:59.0673 2220 circlass - ok
21:32:59.0719 2220 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:32:59.0735 2220 CLFS - ok
21:32:59.0797 2220 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:32:59.0797 2220 clr_optimization_v2.0.50727_32 - ok
21:32:59.0844 2220 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:32:59.0844 2220 clr_optimization_v2.0.50727_64 - ok
21:32:59.0922 2220 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:32:59.0938 2220 clr_optimization_v4.0.30319_32 - ok
21:32:59.0985 2220 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:32:59.0985 2220 clr_optimization_v4.0.30319_64 - ok
21:33:00.0031 2220 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:33:00.0031 2220 CmBatt - ok
21:33:00.0047 2220 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:33:00.0047 2220 cmdide - ok
21:33:00.0109 2220 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
21:33:00.0109 2220 CNG - ok
21:33:00.0234 2220 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
21:33:00.0265 2220 CnxtHdAudService - ok
21:33:00.0390 2220 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
21:33:00.0390 2220 Compbatt - ok
21:33:00.0437 2220 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
21:33:00.0453 2220 CompositeBus - ok
21:33:00.0468 2220 COMSysApp - ok
21:33:00.0546 2220 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
21:33:00.0562 2220 ConfigFree Service - ok
21:33:00.0609 2220 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
21:33:00.0609 2220 crcdisk - ok
21:33:00.0671 2220 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
21:33:00.0671 2220 CryptSvc - ok
21:33:00.0811 2220 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:33:00.0811 2220 cvhsvc - ok
21:33:00.0905 2220 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:33:00.0905 2220 DcomLaunch - ok
21:33:00.0967 2220 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
21:33:00.0983 2220 defragsvc - ok
21:33:01.0061 2220 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:33:01.0061 2220 DfsC - ok
21:33:01.0139 2220 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
21:33:01.0139 2220 Dhcp - ok
21:33:01.0170 2220 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:33:01.0186 2220 discache - ok
21:33:01.0233 2220 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
21:33:01.0233 2220 Disk - ok
21:33:01.0279 2220 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
21:33:01.0279 2220 Dnscache - ok
21:33:01.0311 2220 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
21:33:01.0326 2220 dot3svc - ok
21:33:01.0342 2220 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
21:33:01.0342 2220 DPS - ok
21:33:01.0389 2220 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:33:01.0389 2220 drmkaud - ok
21:33:01.0435 2220 DXGKrnl (85dbf6ec7bdfa6187f4a1ec8f3145cd0) C:\windows\System32\drivers\dxgkrnl.sys
21:33:01.0451 2220 DXGKrnl - ok
21:33:01.0482 2220 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
21:33:01.0482 2220 EapHost - ok
21:33:01.0669 2220 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
21:33:01.0716 2220 ebdrv - ok
21:33:01.0794 2220 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:33:01.0810 2220 eeCtrl - ok
21:33:01.0888 2220 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
21:33:01.0903 2220 EFS - ok
21:33:01.0997 2220 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
21:33:02.0013 2220 ehRecvr - ok
21:33:02.0044 2220 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
21:33:02.0044 2220 ehSched - ok
21:33:02.0122 2220 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
21:33:02.0122 2220 elxstor - ok
21:33:02.0215 2220 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:33:02.0215 2220 EraserUtilRebootDrv - ok
21:33:02.0231 2220 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:33:02.0231 2220 ErrDev - ok
21:33:02.0278 2220 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
21:33:02.0293 2220 EventSystem - ok
21:33:02.0340 2220 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:33:02.0356 2220 exfat - ok
21:33:02.0371 2220 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:33:02.0387 2220 fastfat - ok
21:33:02.0465 2220 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
21:33:02.0481 2220 Fax - ok
21:33:02.0512 2220 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
21:33:02.0512 2220 fdc - ok
21:33:02.0543 2220 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
21:33:02.0559 2220 fdPHost - ok
21:33:02.0574 2220 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
21:33:02.0590 2220 FDResPub - ok
21:33:02.0637 2220 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:33:02.0637 2220 FileInfo - ok
21:33:02.0637 2220 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:33:02.0652 2220 Filetrace - ok
21:33:02.0668 2220 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
21:33:02.0668 2220 flpydisk - ok
21:33:02.0715 2220 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:33:02.0715 2220 FltMgr - ok
21:33:02.0777 2220 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
21:33:02.0793 2220 FontCache - ok
21:33:02.0902 2220 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:33:02.0902 2220 FontCache3.0.0.0 - ok
21:33:02.0949 2220 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:33:02.0949 2220 FsDepends - ok
21:33:02.0995 2220 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
21:33:02.0995 2220 fssfltr - ok
21:33:03.0136 2220 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:33:03.0151 2220 fsssvc - ok
21:33:03.0276 2220 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
21:33:03.0276 2220 Fs_Rec - ok
21:33:03.0339 2220 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:33:03.0339 2220 fvevol - ok
21:33:03.0370 2220 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
21:33:03.0370 2220 gagp30kx - ok
21:33:03.0463 2220 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:33:03.0463 2220 GamesAppService - ok
21:33:03.0541 2220 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
21:33:03.0557 2220 gpsvc - ok
21:33:03.0588 2220 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:33:03.0588 2220 hcw85cir - ok
21:33:03.0651 2220 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:33:03.0651 2220 HdAudAddService - ok
21:33:03.0697 2220 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
21:33:03.0697 2220 HDAudBus - ok
21:33:03.0713 2220 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
21:33:03.0713 2220 HidBatt - ok
21:33:03.0744 2220 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
21:33:03.0744 2220 HidBth - ok
21:33:03.0775 2220 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
21:33:03.0791 2220 HidIr - ok
21:33:03.0822 2220 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
21:33:03.0822 2220 hidserv - ok
21:33:03.0853 2220 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
21:33:03.0853 2220 HidUsb - ok
21:33:03.0885 2220 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
21:33:03.0900 2220 hkmsvc - ok
21:33:03.0916 2220 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
21:33:03.0931 2220 HomeGroupListener - ok
21:33:03.0978 2220 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
21:33:03.0978 2220 HomeGroupProvider - ok
21:33:04.0025 2220 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:33:04.0025 2220 HpSAMD - ok
21:33:04.0087 2220 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:33:04.0103 2220 HTTP - ok
21:33:04.0119 2220 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:33:04.0119 2220 hwpolicy - ok
21:33:04.0165 2220 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
21:33:04.0165 2220 i8042prt - ok
21:33:04.0228 2220 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:33:04.0228 2220 iaStorV - ok
21:33:04.0353 2220 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:33:04.0368 2220 idsvc - ok
21:33:04.0540 2220 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120427.001\IDSvia64.sys
21:33:04.0540 2220 IDSVia64 - ok
21:33:04.0665 2220 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
21:33:04.0665 2220 iirsp - ok
21:33:04.0758 2220 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
21:33:04.0774 2220 IKEEXT - ok
21:33:04.0821 2220 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:33:04.0821 2220 intelide - ok
21:33:04.0852 2220 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
21:33:04.0867 2220 intelppm - ok
21:33:04.0899 2220 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
21:33:04.0914 2220 IPBusEnum - ok
21:33:04.0945 2220 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:33:04.0945 2220 IpFilterDriver - ok
21:33:04.0977 2220 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
21:33:04.0992 2220 iphlpsvc - ok
21:33:05.0023 2220 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:33:05.0023 2220 IPMIDRV - ok
21:33:05.0039 2220 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:33:05.0055 2220 IPNAT - ok
21:33:05.0070 2220 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:33:05.0070 2220 IRENUM - ok
21:33:05.0101 2220 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:33:05.0101 2220 isapnp - ok
21:33:05.0164 2220 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:33:05.0164 2220 iScsiPrt - ok
21:33:05.0257 2220 IviRegMgr (f415a88162d23977b5edae4f0410e903) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:33:05.0257 2220 IviRegMgr - ok
21:33:05.0289 2220 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:33:05.0289 2220 kbdclass - ok
21:33:05.0304 2220 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
21:33:05.0304 2220 kbdhid - ok
21:33:05.0351 2220 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:33:05.0351 2220 KeyIso - ok
21:33:05.0382 2220 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
21:33:05.0382 2220 KSecDD - ok
21:33:05.0413 2220 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
21:33:05.0413 2220 KSecPkg - ok
21:33:05.0445 2220 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:33:05.0445 2220 ksthunk - ok
21:33:05.0491 2220 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
21:33:05.0523 2220 KtmRm - ok
21:33:05.0538 2220 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys
21:33:05.0538 2220 L1C - ok
21:33:05.0601 2220 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
21:33:05.0601 2220 LanmanServer - ok
21:33:05.0663 2220 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
21:33:05.0663 2220 LanmanWorkstation - ok
21:33:05.0710 2220 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:33:05.0710 2220 lltdio - ok
21:33:05.0757 2220 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
21:33:05.0772 2220 lltdsvc - ok
21:33:05.0835 2220 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
21:33:05.0835 2220 lmhosts - ok
21:33:05.0897 2220 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
21:33:05.0897 2220 LSI_FC - ok
21:33:05.0913 2220 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
21:33:05.0913 2220 LSI_SAS - ok
21:33:05.0928 2220 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
21:33:05.0928 2220 LSI_SAS2 - ok
21:33:05.0959 2220 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
21:33:05.0959 2220 LSI_SCSI - ok
21:33:05.0975 2220 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:33:05.0991 2220 luafv - ok
21:33:06.0053 2220 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
21:33:06.0053 2220 MBAMProtector - ok
21:33:06.0131 2220 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:33:06.0147 2220 MBAMService - ok
21:33:06.0178 2220 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
21:33:06.0178 2220 Mcx2Svc - ok
21:33:06.0209 2220 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
21:33:06.0209 2220 megasas - ok
21:33:06.0256 2220 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
21:33:06.0256 2220 MegaSR - ok
21:33:06.0271 2220 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:33:06.0271 2220 MMCSS - ok
21:33:06.0271 2220 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:33:06.0271 2220 Modem - ok
21:33:06.0303 2220 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:33:06.0303 2220 monitor - ok
21:33:06.0334 2220 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:33:06.0334 2220 mouclass - ok
21:33:06.0349 2220 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:33:06.0349 2220 mouhid - ok
21:33:06.0381 2220 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:33:06.0381 2220 mountmgr - ok
21:33:06.0412 2220 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:33:06.0412 2220 mpio - ok
21:33:06.0427 2220 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:33:06.0427 2220 mpsdrv - ok
21:33:06.0490 2220 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
21:33:06.0505 2220 MpsSvc - ok
21:33:06.0537 2220 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:33:06.0537 2220 MRxDAV - ok
21:33:06.0552 2220 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:33:06.0568 2220 mrxsmb - ok
21:33:06.0615 2220 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:33:06.0630 2220 mrxsmb10 - ok
21:33:06.0661 2220 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:33:06.0661 2220 mrxsmb20 - ok
21:33:06.0677 2220 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
21:33:06.0693 2220 msahci - ok
21:33:06.0708 2220 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:33:06.0708 2220 msdsm - ok
21:33:06.0739 2220 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
21:33:06.0755 2220 MSDTC - ok
21:33:06.0833 2220 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:33:06.0833 2220 Msfs - ok
21:33:06.0864 2220 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:33:06.0864 2220 mshidkmdf - ok
21:33:06.0880 2220 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:33:06.0880 2220 msisadrv - ok
21:33:06.0927 2220 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
21:33:06.0927 2220 MSiSCSI - ok
21:33:06.0942 2220 msiserver - ok
21:33:06.0958 2220 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:33:06.0958 2220 MSKSSRV - ok
21:33:06.0958 2220 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:33:06.0958 2220 MSPCLOCK - ok
21:33:06.0973 2220 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:33:06.0973 2220 MSPQM - ok
21:33:07.0005 2220 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:33:07.0005 2220 MsRPC - ok
21:33:07.0036 2220 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
21:33:07.0036 2220 mssmbios - ok
21:33:07.0067 2220 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:33:07.0067 2220 MSTEE - ok
21:33:07.0083 2220 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
21:33:07.0083 2220 MTConfig - ok
21:33:07.0098 2220 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:33:07.0098 2220 Mup - ok
21:33:07.0161 2220 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
21:33:07.0161 2220 napagent - ok
21:33:07.0223 2220 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:33:07.0239 2220 NativeWifiP - ok
21:33:07.0363 2220 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120428.016\ENG64.SYS
21:33:07.0363 2220 NAVENG - ok
21:33:07.0504 2220 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120428.016\EX64.SYS
21:33:07.0535 2220 NAVEX15 - ok
21:33:07.0722 2220 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
21:33:07.0738 2220 NDIS - ok
21:33:07.0785 2220 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:33:07.0785 2220 NdisCap - ok
21:33:07.0831 2220 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:33:07.0831 2220 NdisTapi - ok
21:33:07.0863 2220 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:33:07.0863 2220 Ndisuio - ok
21:33:07.0878 2220 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:33:07.0878 2220 NdisWan - ok
21:33:07.0894 2220 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:33:07.0909 2220 NDProxy - ok
21:33:07.0925 2220 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:33:07.0925 2220 NetBIOS - ok
21:33:07.0956 2220 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:33:07.0956 2220 NetBT - ok
21:33:07.0987 2220 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:33:08.0003 2220 Netlogon - ok
21:33:08.0050 2220 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
21:33:08.0050 2220 Netman - ok
21:33:08.0097 2220 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
21:33:08.0097 2220 netprofm - ok
21:33:08.0190 2220 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:33:08.0190 2220 NetTcpPortSharing - ok
21:33:08.0237 2220 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
21:33:08.0253 2220 nfrd960 - ok
21:33:08.0346 2220 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
21:33:08.0346 2220 NIS - ok
21:33:08.0409 2220 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
21:33:08.0424 2220 NlaSvc - ok
21:33:08.0440 2220 NOBU - ok
21:33:08.0471 2220 Norton PC Checkup Application Launcher - ok
21:33:08.0502 2220 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:33:08.0502 2220 Npfs - ok
21:33:08.0533 2220 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
21:33:08.0533 2220 nsi - ok
21:33:08.0549 2220 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:33:08.0549 2220 nsiproxy - ok
21:33:08.0658 2220 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:33:08.0689 2220 Ntfs - ok
21:33:08.0830 2220 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:33:08.0830 2220 Null - ok
21:33:08.0877 2220 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:33:08.0877 2220 nvraid - ok
21:33:08.0908 2220 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:33:08.0923 2220 nvstor - ok
21:33:08.0955 2220 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:33:08.0955 2220 nv_agp - ok
21:33:08.0970 2220 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:33:08.0970 2220 ohci1394 - ok
21:33:09.0033 2220 OlmarikFixer (549e48ce8281bcda6e20fd0e6b85bd53) C:\windows\system32\drivers\OlmarikFixer.sys
21:33:09.0033 2220 OlmarikFixer - ok
21:33:09.0126 2220 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:33:09.0126 2220 ose - ok
21:33:09.0407 2220 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:33:09.0438 2220 osppsvc - ok
21:33:09.0547 2220 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:33:09.0563 2220 p2pimsvc - ok
21:33:09.0594 2220 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
21:33:09.0610 2220 p2psvc - ok
21:33:09.0672 2220 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
21:33:09.0672 2220 Parport - ok
21:33:09.0688 2220 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
21:33:09.0688 2220 partmgr - ok
21:33:09.0735 2220 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
21:33:09.0735 2220 PcaSvc - ok
21:33:09.0828 2220 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
21:33:09.0828 2220 PCCUJobMgr - ok
21:33:09.0844 2220 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:33:09.0859 2220 pci - ok
21:33:09.0875 2220 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
21:33:09.0875 2220 pciide - ok
21:33:09.0906 2220 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
21:33:09.0922 2220 pcmcia - ok
21:33:09.0937 2220 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:33:09.0937 2220 pcw - ok
21:33:09.0984 2220 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:33:10.0000 2220 PEAUTH - ok
21:33:10.0078 2220 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
21:33:10.0078 2220 PerfHost - ok
21:33:10.0109 2220 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
21:33:10.0109 2220 PGEffect - ok
21:33:10.0187 2220 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
21:33:10.0218 2220 pla - ok
21:33:10.0296 2220 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
21:33:10.0312 2220 PlugPlay - ok
21:33:10.0343 2220 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
21:33:10.0359 2220 PNRPAutoReg - ok
21:33:10.0390 2220 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:33:10.0405 2220 PNRPsvc - ok
21:33:10.0452 2220 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
21:33:10.0452 2220 PolicyAgent - ok
21:33:10.0499 2220 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
21:33:10.0499 2220 Power - ok
21:33:10.0593 2220 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:33:10.0593 2220 PptpMiniport - ok
21:33:10.0608 2220 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
21:33:10.0608 2220 Processor - ok
21:33:10.0639 2220 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
21:33:10.0655 2220 ProfSvc - ok
21:33:10.0671 2220 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:33:10.0671 2220 ProtectedStorage - ok
21:33:10.0717 2220 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:33:10.0717 2220 Psched - ok
21:33:10.0795 2220 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
21:33:10.0795 2220 PSI_SVC_2 - ok
21:33:10.0858 2220 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
21:33:10.0858 2220 QIOMem - ok
21:33:10.0951 2220 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
21:33:10.0983 2220 ql2300 - ok
21:33:11.0092 2220 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
21:33:11.0107 2220 ql40xx - ok
21:33:11.0154 2220 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
21:33:11.0185 2220 QWAVE - ok
21:33:11.0201 2220 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:33:11.0201 2220 QWAVEdrv - ok
21:33:11.0217 2220 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:33:11.0232 2220 RasAcd - ok
21:33:11.0263 2220 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:33:11.0263 2220 RasAgileVpn - ok
21:33:11.0295 2220 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
21:33:11.0326 2220 RasAuto - ok
21:33:11.0357 2220 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:33:11.0357 2220 Rasl2tp - ok
21:33:11.0373 2220 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
21:33:11.0388 2220 RasMan - ok
21:33:11.0404 2220 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:33:11.0404 2220 RasPppoe - ok
21:33:11.0435 2220 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:33:11.0435 2220 RasSstp - ok
21:33:11.0466 2220 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:33:11.0466 2220 rdbss - ok
21:33:11.0482 2220 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
21:33:11.0482 2220 rdpbus - ok
21:33:11.0513 2220 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:33:11.0513 2220 RDPCDD - ok
21:33:11.0529 2220 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:33:11.0529 2220 RDPENCDD - ok
21:33:11.0544 2220 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:33:11.0544 2220 RDPREFMP - ok
21:33:11.0575 2220 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
21:33:11.0591 2220 RDPWD - ok
21:33:11.0653 2220 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:33:11.0653 2220 rdyboost - ok
21:33:11.0685 2220 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
21:33:11.0685 2220 regi - ok
21:33:11.0716 2220 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
21:33:11.0731 2220 RemoteAccess - ok
21:33:11.0763 2220 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
21:33:11.0778 2220 RemoteRegistry - ok
21:33:11.0794 2220 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
21:33:11.0794 2220 RpcEptMapper - ok
21:33:11.0825 2220 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
21:33:11.0825 2220 RpcLocator - ok
21:33:11.0856 2220 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:33:11.0872 2220 RpcSs - ok
21:33:11.0903 2220 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:33:11.0903 2220 rspndr - ok
21:33:11.0934 2220 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
21:33:11.0934 2220 RSUSBSTOR - ok
21:33:11.0950 2220 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
21:33:11.0965 2220 RSUSBVSTOR - ok
21:33:11.0981 2220 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:33:11.0981 2220 SamSs - ok
21:33:11.0997 2220 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:33:11.0997 2220 sbp2port - ok
21:33:12.0028 2220 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
21:33:12.0043 2220 SCardSvr - ok
21:33:12.0075 2220 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:33:12.0075 2220 scfilter - ok
21:33:12.0137 2220 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
21:33:12.0153 2220 Schedule - ok
21:33:12.0184 2220 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:33:12.0184 2220 SCPolicySvc - ok
21:33:12.0215 2220 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
21:33:12.0231 2220 SDRSVC - ok
21:33:12.0324 2220 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:33:12.0324 2220 SeaPort - ok
21:33:12.0387 2220 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:33:12.0387 2220 secdrv - ok
21:33:12.0418 2220 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
21:33:12.0433 2220 seclogon - ok
21:33:12.0449 2220 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
21:33:12.0449 2220 SENS - ok
21:33:12.0465 2220 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
21:33:12.0480 2220 SensrSvc - ok
21:33:12.0480 2220 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
21:33:12.0480 2220 Serenum - ok
21:33:12.0543 2220 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
21:33:12.0543 2220 Serial - ok
21:33:12.0574 2220 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
21:33:12.0574 2220 sermouse - ok
21:33:12.0636 2220 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
21:33:12.0636 2220 SessionEnv - ok
21:33:12.0636 2220 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:33:12.0636 2220 sffdisk - ok
21:33:12.0652 2220 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:33:12.0652 2220 sffp_mmc - ok
21:33:12.0667 2220 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:33:12.0667 2220 sffp_sd - ok
21:33:12.0667 2220 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
21:33:12.0667 2220 sfloppy - ok
21:33:12.0745 2220 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
21:33:12.0761 2220 Sftfs - ok
21:33:12.0948 2220 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:33:12.0948 2220 sftlist - ok
21:33:13.0011 2220 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
21:33:13.0011 2220 Sftplay - ok
21:33:13.0042 2220 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
21:33:13.0042 2220 Sftredir - ok
21:33:13.0073 2220 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
21:33:13.0073 2220 Sftvol - ok
21:33:13.0104 2220 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:33:13.0104 2220 sftvsa - ok
21:33:13.0151 2220 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
21:33:13.0151 2220 SharedAccess - ok
21:33:13.0198 2220 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
21:33:13.0213 2220 ShellHWDetection - ok
21:33:13.0245 2220 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
21:33:13.0245 2220 SiSRaid2 - ok
21:33:13.0260 2220 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
21:33:13.0260 2220 SiSRaid4 - ok
21:33:13.0291 2220 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:33:13.0291 2220 Smb - ok
21:33:13.0354 2220 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
21:33:13.0354 2220 SNMPTRAP - ok
21:33:13.0385 2220 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:33:13.0385 2220 spldr - ok
21:33:13.0416 2220 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
21:33:13.0432 2220 Spooler - ok
21:33:13.0619 2220 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
21:33:13.0650 2220 sppsvc - ok
21:33:13.0759 2220 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
21:33:13.0759 2220 sppuinotify - ok
21:33:13.0900 2220 SpyHunter 4 Service (45a20a8416ee7dc7711953cc68b07643) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
21:33:13.0915 2220 SpyHunter 4 Service - ok
21:33:14.0040 2220 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS
21:33:14.0056 2220 SRTSP - ok
21:33:14.0071 2220 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS
21:33:14.0071 2220 SRTSPX - ok
21:33:14.0118 2220 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:33:14.0118 2220 srv - ok
21:33:14.0149 2220 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:33:14.0149 2220 srv2 - ok
21:33:14.0181 2220 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
21:33:14.0181 2220 SrvHsfHDA - ok
21:33:14.0274 2220 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
21:33:14.0290 2220 SrvHsfV92 - ok
21:33:14.0430 2220 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
21:33:14.0446 2220 SrvHsfWinac - ok
21:33:14.0461 2220 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:33:14.0477 2220 srvnet - ok
21:33:14.0524 2220 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
21:33:14.0524 2220 SSDPSRV - ok
21:33:14.0539 2220 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
21:33:14.0555 2220 SstpSvc - ok
21:33:14.0571 2220 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
21:33:14.0571 2220 stexstor - ok
21:33:14.0649 2220 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
21:33:14.0649 2220 stisvc - ok
21:33:14.0695 2220 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
21:33:14.0695 2220 swenum - ok
21:33:14.0742 2220 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
21:33:14.0758 2220 swprv - ok
21:33:14.0914 2220 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS
21:33:14.0914 2220 SymDS - ok
21:33:14.0961 2220 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS
21:33:14.0976 2220 SymEFA - ok
21:33:15.0007 2220 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
21:33:15.0007 2220 SymEvent - ok
21:33:15.0023 2220 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS
21:33:15.0039 2220 SymIRON - ok
21:33:15.0070 2220 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS
21:33:15.0070 2220 SymNetS - ok
21:33:15.0163 2220 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
21:33:15.0179 2220 SynTP - ok
21:33:15.0366 2220 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
21:33:15.0397 2220 SysMain - ok
21:33:15.0491 2220 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
21:33:15.0507 2220 TabletInputService - ok
21:33:15.0538 2220 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
21:33:15.0553 2220 TapiSrv - ok
21:33:15.0569 2220 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
21:33:15.0569 2220 TBS - ok
21:33:15.0756 2220 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
21:33:15.0772 2220 Tcpip - ok
21:33:15.0990 2220 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
21:33:16.0006 2220 TCPIP6 - ok
21:33:16.0131 2220 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:33:16.0131 2220 tcpipreg - ok
21:33:16.0162 2220 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:33:16.0162 2220 tdcmdpst - ok
21:33:16.0177 2220 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:33:16.0177 2220 TDPIPE - ok
21:33:16.0209 2220 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
21:33:16.0209 2220 TDTCP - ok
21:33:16.0240 2220 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:33:16.0240 2220 tdx - ok
21:33:16.0287 2220 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
21:33:16.0287 2220 TermDD - ok
21:33:16.0349 2220 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
21:33:16.0365 2220 TermService - ok
21:33:16.0380 2220 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
21:33:16.0380 2220 Themes - ok
21:33:16.0411 2220 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:33:16.0411 2220 THREADORDER - ok
21:33:16.0505 2220 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:33:16.0505 2220 TMachInfo - ok
21:33:16.0536 2220 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
21:33:16.0536 2220 TODDSrv - ok
21:33:16.0661 2220 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
21:33:16.0677 2220 TosCoSrv - ok
21:33:16.0723 2220 TOSHIBA Bluetooth Service (8f099be5db17d025e19652851399b9f1) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
21:33:16.0739 2220 TOSHIBA Bluetooth Service - ok
21:33:16.0848 2220 TOSHIBA eco Utility Service (2ecc833ea37cece0052d4d9adc184177) C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:33:16.0848 2220 TOSHIBA eco Utility Service - ok
21:33:16.0895 2220 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:33:16.0895 2220 TOSHIBA HDD SSD Alert Service - ok
21:33:16.0942 2220 Tosrfcom - ok
21:33:16.0973 2220 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
21:33:16.0973 2220 tosrfec - ok
21:33:17.0020 2220 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys
21:33:17.0020 2220 Tosrfusb - ok
21:33:17.0067 2220 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
21:33:17.0067 2220 tos_sps64 - ok
21:33:17.0145 2220 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:33:17.0160 2220 TPCHSrv - ok
21:33:17.0269 2220 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
21:33:17.0269 2220 TrkWks - ok
21:33:17.0316 2220 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
21:33:17.0332 2220 TrustedInstaller - ok
21:33:17.0394 2220 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:33:17.0394 2220 tssecsrv - ok
21:33:17.0410 2220 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:33:17.0410 2220 TsUsbFlt - ok
21:33:17.0425 2220 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
21:33:17.0441 2220 TsUsbGD - ok
21:33:17.0488 2220 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:33:17.0488 2220 tunnel - ok
21:33:17.0550 2220 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:33:17.0550 2220 TVALZ - ok
21:33:17.0581 2220 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
21:33:17.0581 2220 TVALZFL - ok
21:33:17.0628 2220 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
21:33:17.0628 2220 uagp35 - ok
21:33:17.0675 2220 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:33:17.0675 2220 udfs - ok
21:33:17.0722 2220 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
21:33:17.0722 2220 UI0Detect - ok
21:33:17.0737 2220 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:33:17.0737 2220 uliagpkx - ok
21:33:17.0753 2220 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
21:33:17.0753 2220 umbus - ok
21:33:17.0784 2220 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
21:33:17.0784 2220 UmPass - ok
21:33:17.0800 2220 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
21:33:17.0815 2220 upnphost - ok
21:33:17.0862 2220 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
21:33:17.0862 2220 usbaudio - ok
21:33:17.0893 2220 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:33:17.0909 2220 usbccgp - ok
21:33:17.0925 2220 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:33:17.0925 2220 usbcir - ok
21:33:17.0940 2220 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
21:33:17.0940 2220 usbehci - ok
21:33:17.0987 2220 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
21:33:17.0987 2220 usbhub - ok
21:33:18.0018 2220 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
21:33:18.0018 2220 usbohci - ok
21:33:18.0034 2220 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
21:33:18.0034 2220 usbprint - ok
21:33:18.0065 2220 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:33:18.0065 2220 USBSTOR - ok
21:33:18.0081 2220 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
21:33:18.0081 2220 usbuhci - ok
21:33:18.0112 2220 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
21:33:18.0127 2220 usbvideo - ok
21:33:18.0143 2220 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
21:33:18.0143 2220 UxSms - ok
21:33:18.0174 2220 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:33:18.0174 2220 VaultSvc - ok
21:33:18.0221 2220 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:33:18.0221 2220 vdrvroot - ok
21:33:18.0252 2220 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
21:33:18.0268 2220 vds - ok
21:33:18.0299 2220 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:33:18.0299 2220 vga - ok
21:33:18.0299 2220 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:33:18.0299 2220 VgaSave - ok
21:33:18.0330 2220 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:33:18.0330 2220 vhdmp - ok
21:33:18.0361 2220 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:33:18.0361 2220 viaide - ok
21:33:18.0393 2220 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:33:18.0393 2220 volmgr - ok
21:33:18.0424 2220 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:33:18.0424 2220 volmgrx - ok
21:33:18.0439 2220 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
21:33:18.0455 2220 volsnap - ok
21:33:18.0486 2220 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
21:33:18.0486 2220 vsmraid - ok
21:33:18.0580 2220 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
21:33:18.0611 2220 VSS - ok
21:33:18.0720 2220 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:33:18.0720 2220 vwifibus - ok
21:33:18.0767 2220 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:33:18.0767 2220 vwififlt - ok
21:33:18.0876 2220 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
21:33:18.0892 2220 W32Time - ok
21:33:18.0923 2220 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
21:33:18.0923 2220 WacomPen - ok
21:33:18.0970 2220 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:33:18.0970 2220 WANARP - ok
21:33:18.0985 2220 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:33:18.0985 2220 Wanarpv6 - ok
21:33:19.0079 2220 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
21:33:19.0110 2220 WatAdminSvc - ok
21:33:19.0204 2220 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
21:33:19.0235 2220 wbengine - ok
21:33:19.0344 2220 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
21:33:19.0375 2220 WbioSrvc - ok
21:33:19.0407 2220 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
21:33:19.0422 2220 wcncsvc - ok
21:33:19.0438 2220 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
21:33:19.0453 2220 WcsPlugInService - ok
21:33:19.0516 2220 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
21:33:19.0516 2220 Wd - ok
21:33:19.0563 2220 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:33:19.0578 2220 Wdf01000 - ok
21:33:19.0609 2220 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:33:19.0609 2220 WdiServiceHost - ok
21:33:19.0609 2220 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:33:19.0625 2220 WdiSystemHost - ok
21:33:19.0656 2220 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
21:33:19.0672 2220 WebClient - ok
21:33:19.0687 2220 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
21:33:19.0703 2220 Wecsvc - ok
21:33:19.0719 2220 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
21:33:19.0719 2220 wercplsupport - ok
21:33:19.0750 2220 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
21:33:19.0750 2220 WerSvc - ok
21:33:19.0828 2220 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:33:19.0828 2220 WfpLwf - ok
21:33:19.0828 2220 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:33:19.0828 2220 WIMMount - ok
21:33:19.0859 2220 WinDefend - ok
21:33:19.0859 2220 WinHttpAutoProxySvc - ok
21:33:19.0921 2220 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
21:33:19.0937 2220 Winmgmt - ok
21:33:20.0062 2220 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
21:33:20.0093 2220 WinRM - ok
21:33:20.0249 2220 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
21:33:20.0265 2220 Wlansvc - ok
21:33:20.0343 2220 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:33:20.0343 2220 wlcrasvc - ok
21:33:20.0483 2220 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:33:20.0499 2220 wlidsvc - ok
21:33:20.0655 2220 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
21:33:20.0655 2220 WmiAcpi - ok
21:33:20.0733 2220 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
21:33:20.0733 2220 wmiApSrv - ok
21:33:20.0779 2220 WMPNetworkSvc - ok
21:33:20.0857 2220 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
21:33:20.0873 2220 WPCSvc - ok
21:33:20.0904 2220 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
21:33:20.0904 2220 WPDBusEnum - ok
21:33:20.0935 2220 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:33:20.0935 2220 ws2ifsl - ok
21:33:20.0951 2220 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
21:33:20.0951 2220 wscsvc - ok
21:33:20.0951 2220 WSearch - ok
21:33:21.0076 2220 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
21:33:21.0138 2220 wuauserv - ok
21:33:21.0263 2220 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:33:21.0263 2220 WudfPf - ok
21:33:21.0294 2220 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:33:21.0294 2220 WUDFRd - ok
21:33:21.0341 2220 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
21:33:21.0341 2220 wudfsvc - ok
21:33:21.0372 2220 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
21:33:21.0403 2220 WwanSvc - ok
21:33:21.0419 2220 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:33:21.0497 2220 \Device\Harddisk0\DR0 - ok
21:33:21.0513 2220 Boot (0x1200) (c2fd0818b8469161983522aea797982e) \Device\Harddisk0\DR0\Partition0
21:33:21.0513 2220 \Device\Harddisk0\DR0\Partition0 - ok
21:33:21.0513 2220 ============================================================
21:33:21.0513 2220 Scan finished
21:33:21.0513 2220 ============================================================
21:33:21.0528 6104 Detected object count: 0
21:33:21.0528 6104 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 21:42:27
-----------------------------
21:42:27.607 OS Version: Windows x64 6.1.7601 Service Pack 1
21:42:27.607 Number of processors: 4 586 0x100
21:42:27.607 ComputerName: CHEN-PC UserName: Chen
21:42:29.136 Initialize success
21:47:42.769 AVAST engine defs: 12042900
21:47:53.002 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:47:53.002 Disk 0 Vendor: TOSHIBA_MK6475GSX GT001M Size: 610480MB BusType: 11
21:47:53.018 Disk 0 MBR read successfully
21:47:53.034 Disk 0 MBR scan
21:47:53.034 Disk 0 Windows VISTA default MBR code
21:47:53.049 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:47:53.080 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595395 MB offset 3074048
21:47:53.112 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13584 MB offset 1222443008
21:47:53.221 Disk 0 scanning C:\windows\system32\drivers
21:48:02.955 Service scanning
21:48:41.238 Modules scanning
21:48:41.253 Disk 0 trace - called modules:
21:48:41.300 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:48:41.316 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004140790]
21:48:41.331 3 CLASSPNP.SYS[fffff8800162c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003e51060]
21:48:42.345 AVAST engine scan C:\windows
21:48:46.261 AVAST engine scan C:\windows\system32
21:52:04.958 AVAST engine scan C:\windows\system32\drivers
21:52:25.800 AVAST engine scan C:\Users\Chen
21:54:23.221 Disk 0 MBR has been saved successfully to "C:\Users\Chen\Desktop\MBR.dat"
21:54:23.221 The log file has been saved successfully to "C:\Users\Chen\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 AM

Posted 29 April 2012 - 07:20 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mandango

mandango
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 30 April 2012 - 07:55 AM

Hi Gringo

I ran the combofix and the log report is pasted below. I haven't encountered any problems and the computer seems to be running ok.

Regards
Daniel

ComboFix 12-04-31.02 - Chen 30/04/2012 21:59:05.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3559.2172 [GMT 10:00]
Running from: c:\users\Chen\Desktop\ComboFix.exe
Command switches used :: c:\users\Chen\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 12:13 . 2012-04-30 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 12:34 . 2012-04-27 12:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-27 12:11 . 2012-04-27 12:11 29000 ----a-w- c:\windows\system32\drivers\OlmarikFixer.sys
2012-04-27 10:46 . 2012-04-27 10:46 -------- d-----w- C:\sh4ldr
2012-04-27 10:46 . 2012-04-27 10:46 -------- d-----w- c:\program files\Enigma Software Group
2012-04-27 10:46 . 2012-04-27 10:46 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-27 10:45 . 2012-04-27 10:45 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-25 08:28 . 2012-04-25 08:28 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6850a2741cd22bd01\DXSETUP.exe
2012-04-25 08:28 . 2012-04-25 08:28 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\68d12cc31cd22bd02\MeshBetaRemover.exe
2012-04-25 08:28 . 2012-04-25 08:28 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6850a2741cd22bd01\DSETUP.dll
2012-04-25 08:28 . 2012-04-25 08:28 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6850a2741cd22bd01\dsetup32.dll
2012-04-19 10:50 . 2012-04-20 07:43 -------- d-----w- c:\programdata\VirtualizedApplications
2012-04-18 11:37 . 2012-04-19 12:20 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-04-16 07:21 . 2012-04-16 07:21 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-16 07:21 . 2012-04-16 07:21 -------- d-----w- c:\windows\system32\Wat
2012-04-16 07:09 . 2012-04-16 07:09 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-16 06:21 . 2012-04-16 06:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-16 06:21 . 2012-04-16 06:21 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 06:21 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-16 05:59 . 2012-04-16 06:01 -------- d-----w- C:\rei
2012-04-16 05:59 . 2012-04-16 05:59 -------- d-----w- c:\program files\Reimage
2012-04-16 05:59 . 2012-04-16 05:59 -------- d-----w- c:\program files (x86)\ReImageCompanion
2012-04-16 00:11 . 2012-04-16 00:11 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-04-15 23:00 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-04-15 22:59 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-04-15 22:58 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-15 22:58 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-15 21:15 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-15 21:15 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-15 21:15 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-15 21:15 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-15 21:15 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-15 21:15 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-15 21:15 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-15 21:13 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-15 21:13 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-15 12:32 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-15 12:32 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-15 12:32 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-15 12:32 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-15 12:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-15 12:32 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-15 12:32 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-15 12:24 . 2012-04-15 12:24 -------- d-----w- c:\users\Public\Symantec
2012-04-15 12:24 . 2012-04-28 05:46 -------- d-----w- c:\users\Chen
2012-04-15 11:04 . 2012-04-15 11:04 -------- d-----w- c:\programdata\Symantec
2012-04-15 11:04 . 2012-04-15 11:04 -------- d-----w- c:\program files (x86)\Symantec
2012-04-15 11:03 . 2012-04-15 11:04 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2012-04-15 11:03 . 2012-04-15 11:03 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2012-04-15 11:03 . 2012-04-15 11:03 -------- d-----w- c:\program files\Norton PC Checkup
2012-04-15 11:03 . 2012-04-15 23:22 -------- d-----w- c:\program files\Symantec
2012-04-15 11:03 . 2012-04-15 23:22 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-15 11:03 . 2012-04-15 11:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-15 11:03 . 2012-04-16 22:19 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-04-15 11:02 . 2012-04-15 12:26 -------- d-----w- c:\programdata\Norton
2012-04-15 11:02 . 2012-04-15 11:03 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-04-15 11:01 . 2012-04-15 11:03 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-04-15 11:01 . 2012-04-15 11:01 -------- d-----w- c:\program files (x86)\Amazon
2012-04-15 11:01 . 2012-04-15 11:01 -------- d-----r- c:\program files (x86)\Skype
2012-04-15 11:01 . 2012-04-15 11:01 -------- d-----w- c:\programdata\Skype
2012-04-15 10:59 . 2012-04-15 10:59 -------- d-----w- c:\program files (x86)\Microsoft
2012-04-15 10:56 . 2012-04-15 21:06 -------- d-----w- c:\programdata\WildTangent
2012-04-15 10:56 . 2012-04-15 10:58 -------- d-----w- c:\program files (x86)\TOSHIBA Games
2012-04-15 10:56 . 2012-04-15 10:56 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-04-15 10:53 . 2012-04-15 10:53 -------- d-----w- c:\windows\SysWow64\Macromed
2012-04-15 10:52 . 2010-10-20 21:41 138656 ----a-w- c:\windows\system32\TODDSrv.exe
2012-04-15 10:51 . 2012-04-15 10:51 -------- d-----w- c:\program files (x86)\TOSHIBA Corporation
2012-04-15 10:47 . 2007-04-17 18:51 14112 ----a-w- c:\windows\system32\drivers\regi.sys
2012-04-15 10:47 . 2012-04-15 10:47 -------- d-----w- c:\program files (x86)\Common Files\InterVideo
2012-04-15 10:46 . 2012-04-15 10:46 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2012-04-15 10:46 . 2012-04-15 10:46 -------- d-----w- c:\programdata\Corel
2012-04-15 10:46 . 2012-04-15 10:46 -------- d-----w- c:\program files (x86)\Corel
2012-04-15 10:44 . 2012-04-15 10:44 -------- d-----w- c:\program files (x86)\Common Files\Toshiba Shared
2012-04-15 10:44 . 2011-04-26 03:51 482384 ----a-w- c:\windows\system32\drivers\tos_sps64.sys
2012-04-15 10:44 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-04-15 10:43 . 2011-02-09 02:07 38096 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2012-04-15 10:39 . 2012-04-15 10:58 -------- d-----w- c:\programdata\TOSHIBA
2012-04-15 10:38 . 2011-02-17 23:42 99320 ----a-w- c:\windows\system32\tosWirelessLANIndicatorCP.dll
2012-04-15 10:37 . 2012-04-15 10:37 -------- d-----w- c:\windows\SysWow64\sda
2012-04-15 10:37 . 2010-12-01 23:12 250984 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-04-15 10:37 . 2010-11-30 21:40 307304 ----a-w- c:\windows\system32\drivers\rtsuvstor.sys
2012-04-15 10:37 . 2012-04-15 10:37 -------- d-----w- c:\program files (x86)\Realtek
2012-04-15 10:37 . 2010-12-01 23:12 9888360 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-04-15 10:37 . 2010-12-01 23:12 422504 ----a-w- c:\windows\system32\RtsUStor.dll
2012-04-15 10:36 . 2012-04-15 10:36 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-04-15 10:35 . 2009-06-19 04:42 40832 ----a-w- c:\windows\system32\drivers\TosBtCi.dll
2012-04-15 10:35 . 2010-10-18 21:14 42096 ----a-r- c:\windows\system32\drivers\btfilter.sys
2012-04-15 10:34 . 2012-04-15 10:34 -------- d-----w- c:\program files (x86)\TOH Class Filter
2012-04-15 10:32 . 2012-04-15 10:32 -------- d-----w- c:\program files\Synaptics
2012-04-15 10:31 . 2012-04-15 10:31 -------- d-----w- c:\windows\system32\nn-NO
2012-04-15 10:31 . 2012-04-15 10:31 -------- d-----w- c:\windows\Options
2012-04-15 10:31 . 2012-04-15 10:31 -------- d-----w- c:\program files (x86)\Atheros
2012-04-15 10:31 . 2010-12-21 02:20 63648 ----a-w- c:\windows\system32\athihvui.dll
2012-04-15 10:31 . 2010-12-21 02:20 443040 ----a-w- c:\windows\system32\athihvs.dll
2012-04-15 10:31 . 2010-12-18 02:46 2675712 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-04-15 10:30 . 2012-04-15 10:31 -------- d-----w- c:\programdata\Atheros
2012-04-15 10:28 . 2012-04-15 10:28 -------- d-----w- c:\program files\CONEXANT
2012-04-15 10:25 . 2010-09-24 14:46 116752 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-04-15 10:22 . 2012-04-15 10:53 -------- d-----w- c:\program files (x86)\Toshiba
2012-04-15 10:22 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2012-04-15 10:22 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2012-04-15 10:21 . 2012-04-15 10:21 -------- d-----w- c:\programdata\ATI
2012-04-15 10:21 . 2012-04-15 10:21 0 ----a-w- c:\windows\ativpsrm.bin
2012-04-15 10:20 . 2012-04-15 10:20 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-15 10:20 . 2012-04-15 10:20 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-04-15 10:16 . 2012-04-15 11:04 -------- d-----w- C:\TOSHIBA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 12:35 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-29_07.00.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-30 12:15 . 2012-04-30 12:15 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-04-29 06:58 . 2012-04-29 06:58 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-04-29 07:28 42636 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-30 11:49 39676 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-04-15 12:28 . 2012-04-26 07:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-15 12:28 . 2012-04-30 06:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-15 12:28 . 2012-04-26 07:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-15 12:28 . 2012-04-30 06:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-30 06:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-26 07:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-15 12:25 . 2012-04-30 11:49 6448 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-382663809-3965227786-1666703076-1000_UserData.bin
- 2012-04-29 06:59 . 2012-04-29 06:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-30 12:16 . 2012-04-30 12:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-29 06:59 . 2012-04-29 06:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-30 12:16 . 2012-04-30 12:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-16 00:59 . 2012-04-30 07:11 246784 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-04-29 06:35 628904 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-30 11:51 628904 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-30 11:51 110798 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-29 06:35 110798 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-29 06:58 236908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-30 12:15 236908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-15 10:23 . 2012-04-30 12:15 1215752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-04-15 10:23 . 2012-04-29 06:58 1215752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-15 12:33 . 2012-04-30 12:15 6288360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-382663809-3965227786-1666703076-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-24 336384]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-05-04 1110360]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 OlmarikFixer;Olmarik fixer kernel-mode driver;c:\windows\system32\drivers\OlmarikFixer.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120427.001\IDSvia64.sys [2012-04-12 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [2010-02-02 103792]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [2009-08-24 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-15 138360]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.news.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 192.168.1.254
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\ReImageCompanion\tdataprotocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2012-04-30 22:38:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 12:38
ComboFix2.txt 2012-04-29 07:21
.
Pre-Run: 585,636,212,736 bytes free
Post-Run: 585,464,528,896 bytes free
.
- - End Of File - - C537F80958700B686362DE366E3F0573

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 AM

Posted 30 April 2012 - 08:13 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Bing Bar
Java™ 6 Update 20
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mandango

mandango
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 01 May 2012 - 08:14 AM

Hi Gringo

The logs for MBAM and hijack this are posted below. Computer seems to be going allright.

Regards
Daniel


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chen :: CHEN-PC [administrator]

Protection: Enabled

1/05/2012 10:31:05 PM
mbam-log-2012-05-01 (22-31-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203000
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:31 PM, on 1/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: script helper for ie - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe -update activex
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10509 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 AM

Posted 01 May 2012 - 08:24 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe -update activex
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mandango

mandango
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 03 May 2012 - 06:08 AM

hi Gringo

the eset scan identified only one threat as pasted below

regards
Daniel

C:\Qoobox\Quarantine\C\ProgramData\adcbcaaefdacdct.exe.vir a variant of Win32/Kryptik.ADQT trojan

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 AM

Posted 03 May 2012 - 07:15 AM

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\Qoobox\Quarantine\<-- combofix


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mandango

mandango
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 04 May 2012 - 08:06 AM

Hi Gringo

Thank you so much for your expert help and advice, you are a treasure

Kind regards
Daniel

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 AM

Posted 04 May 2012 - 08:13 AM

Thank you very much and you are more than welcome



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 AM

Posted 06 May 2012 - 11:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users