Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access Rootkit


  • This topic is locked This topic is locked
14 replies to this topic

#1 MarkPeter

MarkPeter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 30 April 2012 - 08:21 AM

I was directed here from "BC Advisor". I am having intermittent browser redirects on all of my browsers (IE8, Chrome, Firefox), often to the site Happili.com. aswMBR identified the rootkit, so I'm attaching that log. The GMER scan didn't locate anything and produced an empty log file.

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Mark at 5:36:22 on 2012-04-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6012.1316 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Servers\mysql\bin\mysqld.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\PROGRA~2\POPFile\popfileib.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\explorer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <local>;192.168.*.*
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.2\pdfforgeToolbarIE.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.2\pdfforgeToolbarIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HttpWatch Basic: {f1f69322-008f-4895-b2bf-ad194219825a} - C:\Program Files (x86)\HttpWatch\httpwatchsc.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.2\pdfforgeToolbarIE.dll
EB: HttpWatch Basic: {2b4c4770-27fd-4a09-b17d-33ca580965fb} - C:\Program Files (x86)\HttpWatch\httpwatch.dll
uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Adobe] rundll32.exe "C:\Users\Mark\AppData\Local\Apple\Adobe\weiplhyp.dll",DllRegisterServer
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [HttpWatch_RegIEPlugin] C:\Program Files (x86)\HttpWatch\regieplugin.exe
mRun: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
dRun: [Adobe] rundll32.exe "C:\Users\Mark\AppData\Local\Apple\Adobe\weiplhyp.dll",DllRegisterServer
StartupFolder: C:\Users\Mark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
StartupFolder: C:\Users\Mark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RUNPOP~1.LNK - C:\Program Files (x86)\POPFile\runpopfile.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\MozyHome\mozystat.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download Using &BitSpirit - C:\Program Files (x86)\BitSpirit\bsurl.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {D103E85B-5D67-42c1-8C83-F01079DBAB26} - {2B4C4770-27FD-4A09-B17D-33CA580965FB} - C:\Program Files (x86)\HttpWatch\httpwatch.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vendoraccess.providence.org/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0197D29D-28A5-431D-A168-537B0C13380F} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{5CCEDC49-7F21-4F68-8EC7-279E396D3258} : DhcpNameServer = 68.111.16.30 68.111.16.25
TCP: Interfaces\{E3A3BF4F-1E99-47A5-A3C8-51175C939739} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E3A3BF4F-1E99-47A5-A3C8-51175C939739}\0514E4542514 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{E3A3BF4F-1E99-47A5-A3C8-51175C939739}\055627E656C6C656F594E647C6F514962707F62747 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{E3A3BF4F-1E99-47A5-A3C8-51175C939739}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{E3A3BF4F-1E99-47A5-A3C8-51175C939739}\372696 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E3A3BF4F-1E99-47A5-A3C8-51175C939739}\844534023556E637164796F6E6024374 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.2\pdfforgeToolbarIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HttpWatch Basic: {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files (x86)\HttpWatch\httpwatchsc.dll
BHO-X64: HttpWatch Basic - No File
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.2\pdfforgeToolbarIE.dll
EB-X64: {2B4C4770-27FD-4A09-B17D-33CA580965FB} - No File
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [HttpWatch_RegIEPlugin] C:\Program Files (x86)\HttpWatch\regieplugin.exe
mRun-x64: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\q7u2zxqx.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - component: C:\Program Files (x86)\HttpWatch\Firefox\components\nphttpwatchff.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Mark\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HttpWatch\Firefox\components\nphttpwatchff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 O2MDGRDR;O2MDGRDR;C:\windows\system32\DRIVERS\o2mdgx64.sys --> C:\windows\system32\DRIVERS\o2mdgx64.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-13 1160824]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120427.001\IDSviA64.sys [2012-4-27 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-4-10 784792]
R2 IDMWFP;IDMWFP;C:\windows\system32\DRIVERS\idmwfp.sys --> C:\windows\system32\DRIVERS\idmwfp.sys [?]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe [2012-4-29 138232]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-12-9 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-12-9 126392]
R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-9 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 O2SDGRDR;O2SDGRDR;C:\windows\system32\DRIVERS\o2sdgx64.sys --> C:\windows\system32\DRIVERS\o2sdgx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-12-9 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-23 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-8-14 8192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 253088]
S3 andnetadb;ADB Interface DriverNet;C:\windows\system32\Drivers\lgandnetadb.sys --> C:\windows\system32\Drivers\lgandnetadb.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-13 138360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-23 136176]
S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\windows\system32\DRIVERS\ivusb.sys --> C:\windows\system32\DRIVERS\ivusb.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096]
.
=============== Created Last 30 ================
.
2012-04-30 12:35:42 -------- d-s---w- C:\ComboFix
2012-04-30 06:51:21 405624 ----a-w- C:\windows\System32\drivers\NISx64\1307000.009\symnets.sys
2012-04-30 06:51:20 737912 ----a-w- C:\windows\System32\drivers\NISx64\1307000.009\srtsp64.sys
2012-04-30 06:51:20 451192 ----a-r- C:\windows\System32\drivers\NISx64\1307000.009\symds64.sys
2012-04-30 06:51:20 37496 ----a-w- C:\windows\System32\drivers\NISx64\1307000.009\srtspx64.sys
2012-04-30 06:51:20 190072 ----a-w- C:\windows\System32\drivers\NISx64\1307000.009\ironx64.sys
2012-04-30 06:51:20 1092728 ----a-w- C:\windows\System32\drivers\NISx64\1307000.009\symefa64.sys
2012-04-30 06:51:19 167048 ----a-w- C:\windows\System32\drivers\NISx64\1307000.009\ccsetx64.sys
2012-04-30 06:50:48 -------- d-----w- C:\windows\System32\drivers\NISx64\1307000.009
2012-04-30 00:26:16 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-30 00:26:15 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-30 00:26:15 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-30 00:21:33 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-30 00:21:33 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-30 00:21:33 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-30 00:21:32 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-30 00:21:32 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-30 00:21:32 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-30 00:21:32 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-30 00:02:49 738936 ----a-r- C:\windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys
2012-04-30 00:02:49 451192 ----a-r- C:\windows\System32\drivers\NISx64\1306020.00A\SymDS64.sys
2012-04-30 00:02:49 405624 ----a-r- C:\windows\System32\drivers\NISx64\1306020.00A\symnets.sys
2012-04-30 00:02:49 37496 ----a-r- C:\windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys
2012-04-30 00:02:49 190072 ----a-r- C:\windows\System32\drivers\NISx64\1306020.00A\Ironx64.sys
2012-04-30 00:02:49 167048 ----a-r- C:\windows\System32\drivers\NISx64\1306020.00A\ccSetx64.sys
2012-04-30 00:02:49 1092728 ----a-r- C:\windows\System32\drivers\NISx64\1306020.00A\SymEFA64.sys
2012-04-30 00:02:42 -------- d-----w- C:\windows\System32\drivers\NISx64\1306020.00A
2012-04-29 01:39:37 -------- d-----w- C:\Downloads
2012-04-25 05:24:03 154272 ----a-w- C:\windows\System32\drivers\idmwfp.sys
2012-04-09 22:48:21 -------- d-----w- C:\1972 Honky Chateau
2012-04-08 18:48:51 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 19:59:11 -------- d-----w- C:\Program Files (x86)\pdfforge Toolbar
2012-04-04 19:59:11 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-04-04 19:59:11 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-30 00:03:57 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-04-28 22:23:04 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 5:36:51.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 AM

Posted 30 April 2012 - 09:48 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MarkPeter

MarkPeter
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 30 April 2012 - 03:01 PM

ComboFix log is below. It quarantined several files. I did a quick check on browsers and have not seen any redirects as yet. Previously they happened very often from a Google search results page.


ComboFix 12-04-31.02 - Mark 04/30/2012 12:36:54.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6012.3459 [GMT -7:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
C:\install.exe
C:\setup.exe
C:\Thumbs.db
c:\users\Mark\AppData\Local\Apple\Adobe\weiplhyp.dll
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\800000cb.$
c:\windows\My.ini
c:\windows\system32\Thumbs.db
c:\windows\SysWow64\Temp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 19:44 . 2012-04-30 19:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-30 06:50 . 2012-04-30 19:45 -------- d-----w- c:\windows\system32\drivers\NISx64\1307000.009
2012-04-30 00:26 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-30 00:26 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-30 00:26 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-30 00:21 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-30 00:21 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-30 00:21 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-30 00:21 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-30 00:21 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-30 00:21 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-30 00:21 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-29 01:39 . 2012-04-30 08:26 -------- d-----w- C:\Downloads
2012-04-25 05:24 . 2012-04-23 11:26 154272 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-09 22:48 . 2012-04-09 22:48 -------- d-----w- C:\1972 Honky Chateau
2012-04-08 18:48 . 2012-04-28 22:23 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 19:59 . 2012-04-10 20:07 -------- d-----w- c:\program files (x86)\pdfforge Toolbar
2012-04-04 19:59 . 2012-04-10 20:07 -------- d-----w- c:\program files (x86)\Application Updater
2012-04-04 19:59 . 2012-04-04 19:59 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 12:26 . 2012-04-30 12:26 3160 ----a-w- C:\Attach.txt.zip
2012-04-30 00:03 . 2010-12-15 20:59 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-28 22:23 . 2011-05-20 19:44 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38 . 2012-03-19 05:58 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-19 05:58 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-19 05:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-19 05:58 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-19 05:58 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-19 05:58 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-19 05:58 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-06-11 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-02 2454840]
"HttpWatch_RegIEPlugin"="c:\program files (x86)\HttpWatch\regieplugin.exe" [2010-12-22 592168]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-03 95504]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-03 273528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-04-10 981856]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files (x86)\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
Run POPFile.lnk - c:\program files (x86)\POPFile\runpopfile.exe [2011-9-2 72050]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-9-29 5059352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 253088]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-09-23 4476096]
S0 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-13 1160824]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120427.001\IDSvia64.sys [2012-04-27 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307000.009\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-04-10 784792]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-12-08 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-23 822192]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 22:23]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:36]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-09-29 16:50 4525336 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-09-29 16:50 4525336 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;192.168.*.*
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download Using &BitSpirit - c:\program files (x86)\BitSpirit\bsurl.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\q7u2zxqx.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Adobe - c:\users\Mark\AppData\Local\Apple\Adobe\weiplhyp.dll
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKU-Default-Run-Adobe - c:\users\Mark\AppData\Local\Apple\Adobe\weiplhyp.dll
BHO-{FF6C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files (x86)\DAP\DAPIELoader64.dll
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Android SDK Tools - p:\java\android-sdk-windows\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="c:\servers\mysql\bin\mysqld MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-393029618-3043048630-1572372043-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):00,a5,7f,02,e1,25,a1,e4,9e,74,72,13,53,4f,36,1d,a3,64,c4,2d,67,
fe,09,ca,f6,cd,01,df,23,75,49,5f,80,d8,15,72,9e,ba,3d,12,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-393029618-3043048630-1572372043-1001_Classes\Wow6432Node\CLSID\{cb6373f4-a572-4870-9db8-03bc21db2304}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a3
"Therad"=dword:00000015
"MData"=hex(0):28,5c,85,85,37,0c,94,60,a3,86,80,8a,d1,99,da,1f,b6,59,b6,f9,0e,
b1,a9,d9,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
c:\program files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
c:\progra~2\POPFile\popfileib.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2012-04-30 12:56:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 19:56
.
Pre-Run: 78,863,503,360 bytes free
Post-Run: 85,483,380,736 bytes free
.
- - End Of File - - 9AAF80BAFFF7665D6EB9144F205BEA3A

#4 MarkPeter

MarkPeter
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 30 April 2012 - 04:05 PM

Update: I'm still getting browser redirects to Happili.com. So far, only from Chrome.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 AM

Posted 30 April 2012 - 04:13 PM

Hello

I want you to uninstall chrome and if asked about user data or settings then remove them also

restart the computer to complete the process and then reinstall it - check for redirects


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 MarkPeter

MarkPeter
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 30 April 2012 - 05:19 PM

Ok, re-installed Chrome. No new redirects as yet. Here are the logs.


14:51:40.0731 1184 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
14:51:41.0199 1184 ============================================================
14:51:41.0199 1184 Current date / time: 2012/04/30 14:51:41.0199
14:51:41.0199 1184 SystemInfo:
14:51:41.0199 1184
14:51:41.0199 1184 OS Version: 6.1.7601 ServicePack: 1.0
14:51:41.0199 1184 Product type: Workstation
14:51:41.0199 1184 ComputerName: BRAHMS
14:51:41.0199 1184 UserName: Mark
14:51:41.0199 1184 Windows directory: C:\windows
14:51:41.0199 1184 System windows directory: C:\windows
14:51:41.0199 1184 Running under WOW64
14:51:41.0199 1184 Processor architecture: Intel x64
14:51:41.0199 1184 Number of processors: 8
14:51:41.0199 1184 Page size: 0x1000
14:51:41.0199 1184 Boot type: Normal boot
14:51:41.0199 1184 ============================================================
14:51:42.0432 1184 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:51:42.0447 1184 ============================================================
14:51:42.0447 1184 \Device\Harddisk0\DR0:
14:51:42.0447 1184 MBR partitions:
14:51:42.0447 1184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x389E6000
14:51:42.0447 1184 ============================================================
14:51:42.0557 1184 C: <-> \Device\Harddisk0\DR0\Partition0
14:51:42.0557 1184 ============================================================
14:51:42.0557 1184 Initialize success
14:51:42.0557 1184 ============================================================
14:52:53.0529 5224 ============================================================
14:52:53.0529 5224 Scan started
14:52:53.0529 5224 Mode: Manual; TDLFS;
14:52:53.0529 5224 ============================================================
14:52:54.0589 5224 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
14:52:54.0603 5224 1394ohci - ok
14:52:54.0643 5224 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
14:52:54.0658 5224 ACPI - ok
14:52:54.0715 5224 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
14:52:54.0717 5224 AcpiPmi - ok
14:52:54.0838 5224 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:52:54.0841 5224 AdobeARMservice - ok
14:52:54.0996 5224 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:52:55.0009 5224 AdobeFlashPlayerUpdateSvc - ok
14:52:55.0064 5224 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
14:52:55.0089 5224 adp94xx - ok
14:52:55.0128 5224 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
14:52:55.0138 5224 adpahci - ok
14:52:55.0168 5224 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
14:52:55.0188 5224 adpu320 - ok
14:52:55.0225 5224 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
14:52:55.0225 5224 AeLookupSvc - ok
14:52:55.0304 5224 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
14:52:55.0322 5224 AFD - ok
14:52:55.0376 5224 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
14:52:55.0379 5224 agp440 - ok
14:52:55.0397 5224 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
14:52:55.0399 5224 ALG - ok
14:52:55.0415 5224 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
14:52:55.0417 5224 aliide - ok
14:52:55.0431 5224 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
14:52:55.0433 5224 amdide - ok
14:52:55.0455 5224 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
14:52:55.0457 5224 AmdK8 - ok
14:52:55.0473 5224 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
14:52:55.0475 5224 AmdPPM - ok
14:52:55.0507 5224 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
14:52:55.0510 5224 amdsata - ok
14:52:55.0533 5224 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
14:52:55.0546 5224 amdsbs - ok
14:52:55.0565 5224 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
14:52:55.0565 5224 amdxata - ok
14:52:55.0593 5224 andnetadb (ac00b4a1faf27cc2ff99d0961fc9b77c) C:\windows\system32\Drivers\lgandnetadb.sys
14:52:55.0596 5224 andnetadb - ok
14:52:55.0661 5224 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
14:52:55.0664 5224 AppID - ok
14:52:55.0684 5224 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
14:52:55.0686 5224 AppIDSvc - ok
14:52:55.0732 5224 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
14:52:55.0735 5224 Appinfo - ok
14:52:55.0849 5224 Application Updater (f81aa50926463340975c22203df936e0) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
14:52:55.0869 5224 Application Updater - ok
14:52:55.0918 5224 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll
14:52:55.0934 5224 AppMgmt - ok
14:52:56.0238 5224 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
14:52:56.0254 5224 arc - ok
14:52:56.0301 5224 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
14:52:56.0310 5224 arcsas - ok
14:52:56.0350 5224 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
14:52:56.0355 5224 AsyncMac - ok
14:52:56.0523 5224 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
14:52:56.0523 5224 atapi - ok
14:52:56.0625 5224 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
14:52:56.0650 5224 AudioEndpointBuilder - ok
14:52:56.0656 5224 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
14:52:56.0659 5224 AudioSrv - ok
14:52:56.0735 5224 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
14:52:56.0738 5224 AxInstSV - ok
14:52:56.0785 5224 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
14:52:56.0821 5224 b06bdrv - ok
14:52:56.0862 5224 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
14:52:56.0874 5224 b57nd60a - ok
14:52:56.0905 5224 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
14:52:56.0908 5224 BDESVC - ok
14:52:56.0919 5224 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
14:52:56.0921 5224 Beep - ok
14:52:57.0032 5224 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
14:52:57.0054 5224 BFE - ok
14:52:57.0438 5224 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
14:52:57.0443 5224 BHDrvx64 - ok
14:52:57.0629 5224 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
14:52:57.0653 5224 BITS - ok
14:52:57.0705 5224 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
14:52:57.0708 5224 blbdrive - ok
14:52:57.0766 5224 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
14:52:57.0769 5224 bowser - ok
14:52:57.0794 5224 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
14:52:57.0796 5224 BrFiltLo - ok
14:52:57.0806 5224 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
14:52:57.0808 5224 BrFiltUp - ok
14:52:57.0863 5224 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
14:52:57.0866 5224 BridgeMP - ok
14:52:57.0935 5224 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
14:52:57.0937 5224 Browser - ok
14:52:57.0972 5224 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
14:52:57.0987 5224 Brserid - ok
14:52:58.0002 5224 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
14:52:58.0004 5224 BrSerWdm - ok
14:52:58.0013 5224 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
14:52:58.0015 5224 BrUsbMdm - ok
14:52:58.0025 5224 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
14:52:58.0027 5224 BrUsbSer - ok
14:52:58.0044 5224 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
14:52:58.0047 5224 BTHMODEM - ok
14:52:58.0095 5224 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
14:52:58.0098 5224 bthserv - ok
14:52:58.0128 5224 catchme - ok
14:52:58.0269 5224 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys
14:52:58.0270 5224 ccSet_NIS - ok
14:52:58.0284 5224 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
14:52:58.0286 5224 cdfs - ok
14:52:58.0352 5224 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
14:52:58.0361 5224 cdrom - ok
14:52:58.0428 5224 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
14:52:58.0430 5224 CertPropSvc - ok
14:52:58.0449 5224 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
14:52:58.0451 5224 circlass - ok
14:52:58.0512 5224 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
14:52:58.0531 5224 CLFS - ok
14:52:58.0595 5224 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:52:58.0598 5224 clr_optimization_v2.0.50727_32 - ok
14:52:58.0634 5224 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:52:58.0638 5224 clr_optimization_v2.0.50727_64 - ok
14:52:58.0705 5224 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:52:58.0714 5224 clr_optimization_v4.0.30319_32 - ok
14:52:58.0744 5224 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:52:58.0755 5224 clr_optimization_v4.0.30319_64 - ok
14:52:58.0780 5224 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
14:52:58.0781 5224 CmBatt - ok
14:52:58.0826 5224 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
14:52:58.0829 5224 cmdide - ok
14:52:58.0914 5224 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
14:52:58.0938 5224 CNG - ok
14:52:59.0022 5224 CnxtHdAudService (a7d943bcfb70f1f053c274b348267b55) C:\windows\system32\drivers\CHDRT64.sys
14:52:59.0025 5224 CnxtHdAudService - ok
14:52:59.0062 5224 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
14:52:59.0063 5224 Compbatt - ok
14:52:59.0126 5224 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
14:52:59.0127 5224 CompositeBus - ok
14:52:59.0141 5224 COMSysApp - ok
14:52:59.0156 5224 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
14:52:59.0158 5224 crcdisk - ok
14:52:59.0234 5224 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
14:52:59.0241 5224 CryptSvc - ok
14:52:59.0318 5224 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\windows\system32\drivers\csc.sys
14:52:59.0342 5224 CSC - ok
14:52:59.0430 5224 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\windows\System32\cscsvc.dll
14:52:59.0454 5224 CscService - ok
14:52:59.0505 5224 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
14:52:59.0528 5224 DcomLaunch - ok
14:52:59.0564 5224 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
14:52:59.0579 5224 defragsvc - ok
14:52:59.0653 5224 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
14:52:59.0655 5224 DfsC - ok
14:52:59.0703 5224 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
14:52:59.0725 5224 Dhcp - ok
14:52:59.0752 5224 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
14:52:59.0752 5224 discache - ok
14:52:59.0784 5224 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
14:52:59.0787 5224 Disk - ok
14:52:59.0880 5224 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
14:52:59.0883 5224 Dnscache - ok
14:52:59.0952 5224 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
14:52:59.0966 5224 dot3svc - ok
14:52:59.0986 5224 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
14:52:59.0993 5224 DPS - ok
14:53:00.0011 5224 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
14:53:00.0013 5224 drmkaud - ok
14:53:00.0082 5224 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
14:53:00.0086 5224 DXGKrnl - ok
14:53:00.0139 5224 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
14:53:00.0140 5224 EapHost - ok
14:53:00.0365 5224 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
14:53:00.0430 5224 ebdrv - ok
14:53:00.0545 5224 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:53:00.0548 5224 eeCtrl - ok
14:53:00.0682 5224 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
14:53:00.0685 5224 EFS - ok
14:53:00.0817 5224 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
14:53:00.0845 5224 ehRecvr - ok
14:53:00.0874 5224 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
14:53:00.0883 5224 ehSched - ok
14:53:00.0994 5224 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
14:53:01.0027 5224 elxstor - ok
14:53:01.0168 5224 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:53:01.0169 5224 EraserUtilRebootDrv - ok
14:53:01.0227 5224 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
14:53:01.0229 5224 ErrDev - ok
14:53:01.0282 5224 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
14:53:01.0296 5224 EventSystem - ok
14:53:01.0333 5224 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
14:53:01.0347 5224 exfat - ok
14:53:01.0379 5224 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
14:53:01.0391 5224 fastfat - ok
14:53:01.0484 5224 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
14:53:01.0508 5224 Fax - ok
14:53:01.0534 5224 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
14:53:01.0536 5224 fdc - ok
14:53:01.0554 5224 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
14:53:01.0555 5224 fdPHost - ok
14:53:01.0565 5224 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
14:53:01.0566 5224 FDResPub - ok
14:53:01.0578 5224 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
14:53:01.0580 5224 FileInfo - ok
14:53:01.0596 5224 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
14:53:01.0598 5224 Filetrace - ok
14:53:01.0614 5224 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
14:53:01.0616 5224 flpydisk - ok
14:53:01.0647 5224 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
14:53:01.0660 5224 FltMgr - ok
14:53:01.0776 5224 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
14:53:01.0812 5224 FontCache - ok
14:53:01.0887 5224 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:53:01.0890 5224 FontCache3.0.0.0 - ok
14:53:01.0924 5224 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
14:53:01.0926 5224 FsDepends - ok
14:53:01.0958 5224 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
14:53:01.0959 5224 Fs_Rec - ok
14:53:02.0020 5224 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
14:53:02.0032 5224 fvevol - ok
14:53:02.0050 5224 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
14:53:02.0052 5224 gagp30kx - ok
14:53:02.0151 5224 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
14:53:02.0164 5224 GameConsoleService - ok
14:53:02.0264 5224 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
14:53:02.0288 5224 gpsvc - ok
14:53:02.0358 5224 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:53:02.0366 5224 gupdate - ok
14:53:02.0407 5224 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:53:02.0408 5224 gupdatem - ok
14:53:02.0427 5224 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
14:53:02.0429 5224 hcw85cir - ok
14:53:02.0499 5224 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
14:53:02.0533 5224 HdAudAddService - ok
14:53:02.0606 5224 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
14:53:02.0608 5224 HDAudBus - ok
14:53:02.0641 5224 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
14:53:02.0642 5224 HECIx64 - ok
14:53:02.0658 5224 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
14:53:02.0660 5224 HidBatt - ok
14:53:02.0680 5224 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
14:53:02.0688 5224 HidBth - ok
14:53:02.0706 5224 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
14:53:02.0708 5224 HidIr - ok
14:53:02.0734 5224 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
14:53:02.0737 5224 hidserv - ok
14:53:02.0766 5224 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
14:53:02.0768 5224 HidUsb - ok
14:53:02.0827 5224 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
14:53:02.0839 5224 hkmsvc - ok
14:53:02.0909 5224 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
14:53:02.0916 5224 HomeGroupListener - ok
14:53:02.0972 5224 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
14:53:02.0984 5224 HomeGroupProvider - ok
14:53:03.0012 5224 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
14:53:03.0015 5224 HpSAMD - ok
14:53:03.0084 5224 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\windows\system32\Drivers\ANDROIDUSB.sys
14:53:03.0086 5224 HTCAND64 - ok
14:53:03.0173 5224 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
14:53:03.0196 5224 HTTP - ok
14:53:03.0259 5224 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
14:53:03.0259 5224 hwpolicy - ok
14:53:03.0283 5224 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
14:53:03.0285 5224 i8042prt - ok
14:53:03.0339 5224 iaStor (5e60dd5f090ab4a563c7204c289c4650) C:\windows\system32\DRIVERS\iaStor.sys
14:53:03.0342 5224 iaStor - ok
14:53:03.0400 5224 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
14:53:03.0434 5224 iaStorV - ok
14:53:03.0515 5224 IDMWFP (2a63036283b36b3b68cdc6f85a7d53ed) C:\windows\system32\DRIVERS\idmwfp.sys
14:53:03.0516 5224 IDMWFP - ok
14:53:03.0598 5224 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:53:03.0600 5224 IDriverT - ok
14:53:03.0732 5224 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:53:03.0765 5224 idsvc - ok
14:53:04.0086 5224 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120427.001\IDSvia64.sys
14:53:04.0088 5224 IDSVia64 - ok
14:53:04.0212 5224 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
14:53:04.0214 5224 iirsp - ok
14:53:04.0319 5224 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
14:53:04.0345 5224 IKEEXT - ok
14:53:04.0390 5224 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
14:53:04.0394 5224 intelide - ok
14:53:04.0415 5224 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
14:53:04.0416 5224 intelppm - ok
14:53:04.0438 5224 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
14:53:04.0441 5224 IPBusEnum - ok
14:53:04.0495 5224 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:53:04.0503 5224 IpFilterDriver - ok
14:53:04.0635 5224 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
14:53:04.0652 5224 iphlpsvc - ok
14:53:04.0708 5224 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
14:53:04.0710 5224 IPMIDRV - ok
14:53:04.0749 5224 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
14:53:04.0760 5224 IPNAT - ok
14:53:04.0789 5224 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
14:53:04.0791 5224 IRENUM - ok
14:53:04.0810 5224 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
14:53:04.0812 5224 isapnp - ok
14:53:04.0845 5224 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
14:53:04.0860 5224 iScsiPrt - ok
14:53:04.0929 5224 IviRegMgr (f415a88162d23977b5edae4f0410e903) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:53:04.0932 5224 IviRegMgr - ok
14:53:04.0997 5224 ivusb (2f9f76349bb8c578873a58c840ba0589) C:\windows\system32\DRIVERS\ivusb.sys
14:53:05.0000 5224 ivusb - ok
14:53:05.0032 5224 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
14:53:05.0032 5224 kbdclass - ok
14:53:05.0086 5224 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
14:53:05.0089 5224 kbdhid - ok
14:53:05.0145 5224 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:53:05.0146 5224 KeyIso - ok
14:53:05.0178 5224 KMService - ok
14:53:05.0200 5224 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
14:53:05.0206 5224 KSecDD - ok
14:53:05.0226 5224 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
14:53:05.0233 5224 KSecPkg - ok
14:53:05.0257 5224 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
14:53:05.0259 5224 ksthunk - ok
14:53:05.0313 5224 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
14:53:05.0349 5224 KtmRm - ok
14:53:05.0376 5224 L1C (ff60e112fc03f6d0eb74b3bfd7d6b7c9) C:\windows\system32\DRIVERS\L1C62x64.sys
14:53:05.0378 5224 L1C - ok
14:53:05.0455 5224 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
14:53:05.0465 5224 LanmanServer - ok
14:53:05.0527 5224 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
14:53:05.0529 5224 LanmanWorkstation - ok
14:53:05.0552 5224 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
14:53:05.0554 5224 lltdio - ok
14:53:05.0599 5224 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
14:53:05.0613 5224 lltdsvc - ok
14:53:05.0630 5224 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
14:53:05.0631 5224 lmhosts - ok
14:53:05.0700 5224 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:53:05.0713 5224 LMS - ok
14:53:05.0743 5224 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
14:53:05.0746 5224 LSI_FC - ok
14:53:05.0764 5224 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
14:53:05.0767 5224 LSI_SAS - ok
14:53:05.0782 5224 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
14:53:05.0784 5224 LSI_SAS2 - ok
14:53:05.0803 5224 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
14:53:05.0812 5224 LSI_SCSI - ok
14:53:05.0842 5224 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
14:53:05.0851 5224 luafv - ok
14:53:05.0903 5224 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
14:53:05.0906 5224 Mcx2Svc - ok
14:53:05.0924 5224 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
14:53:05.0926 5224 megasas - ok
14:53:05.0961 5224 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
14:53:05.0977 5224 MegaSR - ok
14:53:06.0063 5224 Microsoft SharePoint Workspace Audit Service - ok
14:53:06.0098 5224 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
14:53:06.0099 5224 MMCSS - ok
14:53:06.0111 5224 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
14:53:06.0113 5224 Modem - ok
14:53:06.0134 5224 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
14:53:06.0135 5224 monitor - ok
14:53:06.0146 5224 MotDev - ok
14:53:06.0209 5224 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\windows\system32\DRIVERS\motmodem.sys
14:53:06.0211 5224 motmodem - ok
14:53:06.0318 5224 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
14:53:06.0327 5224 MotoHelper - ok
14:53:06.0387 5224 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
14:53:06.0387 5224 mouclass - ok
14:53:06.0417 5224 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
14:53:06.0419 5224 mouhid - ok
14:53:06.0476 5224 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
14:53:06.0478 5224 mountmgr - ok
14:53:06.0574 5224 mozybackup (82a4b602578dedf49343efa622afbb61) C:\Program Files\MozyHome\mozybackup.exe
14:53:06.0574 5224 mozybackup - ok
14:53:06.0602 5224 mozyFilter (e7b36791858fa16d1d90e095898724e1) C:\windows\system32\DRIVERS\mozy.sys
14:53:06.0603 5224 mozyFilter - ok
14:53:06.0654 5224 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
14:53:06.0663 5224 mpio - ok
14:53:06.0682 5224 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
14:53:06.0684 5224 mpsdrv - ok
14:53:06.0889 5224 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
14:53:06.0907 5224 MpsSvc - ok
14:53:06.0961 5224 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
14:53:06.0965 5224 MRxDAV - ok
14:53:07.0024 5224 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
14:53:07.0038 5224 mrxsmb - ok
14:53:07.0075 5224 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:53:07.0088 5224 mrxsmb10 - ok
14:53:07.0132 5224 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:53:07.0135 5224 mrxsmb20 - ok
14:53:07.0167 5224 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
14:53:07.0168 5224 msahci - ok
14:53:07.0229 5224 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
14:53:07.0237 5224 msdsm - ok
14:53:07.0269 5224 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
14:53:07.0283 5224 MSDTC - ok
14:53:07.0321 5224 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
14:53:07.0324 5224 Msfs - ok
14:53:07.0345 5224 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
14:53:07.0347 5224 mshidkmdf - ok
14:53:07.0360 5224 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
14:53:07.0361 5224 msisadrv - ok
14:53:07.0390 5224 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
14:53:07.0406 5224 MSiSCSI - ok
14:53:07.0409 5224 msiserver - ok
14:53:07.0425 5224 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
14:53:07.0429 5224 MSKSSRV - ok
14:53:07.0438 5224 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
14:53:07.0440 5224 MSPCLOCK - ok
14:53:07.0454 5224 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
14:53:07.0457 5224 MSPQM - ok
14:53:07.0530 5224 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
14:53:07.0546 5224 MsRPC - ok
14:53:07.0557 5224 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
14:53:07.0558 5224 mssmbios - ok
14:53:07.0636 5224 MSSQL$SQLEXPRESS - ok
14:53:07.0657 5224 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:53:07.0659 5224 MSSQLServerADHelper - ok
14:53:07.0671 5224 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
14:53:07.0674 5224 MSTEE - ok
14:53:08.0078 5224 msvsmon80 (95dc808a9a177f575de9fd49f7d97312) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe
14:53:08.0144 5224 msvsmon80 - ok
14:53:08.0274 5224 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
14:53:08.0276 5224 MTConfig - ok
14:53:08.0293 5224 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
14:53:08.0293 5224 Mup - ok
14:53:08.0353 5224 MySQL - ok
14:53:08.0428 5224 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
14:53:08.0461 5224 napagent - ok
14:53:08.0511 5224 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
14:53:08.0525 5224 NativeWifiP - ok
14:53:08.0716 5224 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120430.002\ENG64.SYS
14:53:08.0724 5224 NAVENG - ok
14:53:09.0122 5224 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120430.002\EX64.SYS
14:53:09.0155 5224 NAVEX15 - ok
14:53:09.0410 5224 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
14:53:09.0547 5224 NDIS - ok
14:53:09.0575 5224 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
14:53:09.0577 5224 NdisCap - ok
14:53:09.0599 5224 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
14:53:09.0601 5224 NdisTapi - ok
14:53:09.0657 5224 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
14:53:09.0659 5224 Ndisuio - ok
14:53:09.0713 5224 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
14:53:09.0726 5224 NdisWan - ok
14:53:09.0771 5224 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
14:53:09.0775 5224 NDProxy - ok
14:53:09.0787 5224 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
14:53:09.0789 5224 NetBIOS - ok
14:53:09.0818 5224 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
14:53:09.0829 5224 NetBT - ok
14:53:09.0873 5224 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:53:09.0874 5224 Netlogon - ok
14:53:09.0917 5224 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
14:53:09.0931 5224 Netman - ok
14:53:09.0972 5224 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
14:53:09.0994 5224 netprofm - ok
14:53:10.0058 5224 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:53:10.0061 5224 NetTcpPortSharing - ok
14:53:10.0091 5224 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
14:53:10.0093 5224 nfrd960 - ok
14:53:10.0309 5224 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
14:53:10.0318 5224 NIS - ok
14:53:10.0390 5224 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
14:53:10.0403 5224 NlaSvc - ok
14:53:10.0436 5224 Norton PC Checkup Application Launcher - ok
14:53:10.0447 5224 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
14:53:10.0449 5224 Npfs - ok
14:53:10.0473 5224 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
14:53:10.0474 5224 nsi - ok
14:53:10.0489 5224 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
14:53:10.0490 5224 nsiproxy - ok
14:53:10.0643 5224 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
14:53:10.0714 5224 Ntfs - ok
14:53:10.0883 5224 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
14:53:10.0885 5224 Null - ok
14:53:10.0938 5224 NVHDA (a842341ef3c702ef8208e610be0fd1d9) C:\windows\system32\drivers\nvhda64v.sys
14:53:10.0939 5224 NVHDA - ok
14:53:11.0847 5224 nvlddmkm (6850d89c7abdd8b4fb0b3659da961379) C:\windows\system32\DRIVERS\nvlddmkm.sys
14:53:11.0903 5224 nvlddmkm - ok
14:53:12.0015 5224 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
14:53:12.0027 5224 nvraid - ok
14:53:12.0089 5224 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
14:53:12.0097 5224 nvstor - ok
14:53:12.0121 5224 nvsvc (2cbaf74c49c472160ebd73adab8dab50) C:\windows\system32\nvvsvc.exe
14:53:12.0135 5224 nvsvc - ok
14:53:12.0187 5224 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
14:53:12.0189 5224 nv_agp - ok
14:53:12.0216 5224 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\windows\system32\DRIVERS\o2flash.exe
14:53:12.0218 5224 O2FLASH - ok
14:53:12.0247 5224 O2MDGRDR (3840f61d55dbf32f4b88fa15fb03c461) C:\windows\system32\DRIVERS\o2mdgx64.sys
14:53:12.0249 5224 O2MDGRDR - ok
14:53:12.0264 5224 O2SDGRDR (fa1eed3a10992eba9a39172b50346434) C:\windows\system32\DRIVERS\o2sdgx64.sys
14:53:12.0265 5224 O2SDGRDR - ok
14:53:12.0312 5224 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
14:53:12.0314 5224 ohci1394 - ok
14:53:12.0414 5224 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:53:12.0426 5224 ose64 - ok
14:53:12.0834 5224 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:53:12.0918 5224 osppsvc - ok
14:53:13.0048 5224 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
14:53:13.0060 5224 p2pimsvc - ok
14:53:13.0100 5224 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
14:53:13.0114 5224 p2psvc - ok
14:53:13.0154 5224 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
14:53:13.0157 5224 Parport - ok
14:53:13.0206 5224 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
14:53:13.0208 5224 partmgr - ok
14:53:13.0232 5224 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
14:53:13.0235 5224 PcaSvc - ok
14:53:13.0302 5224 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
14:53:13.0302 5224 PCCUJobMgr - ok
14:53:13.0364 5224 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
14:53:13.0371 5224 pci - ok
14:53:13.0394 5224 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
14:53:13.0394 5224 pciide - ok
14:53:13.0420 5224 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
14:53:13.0433 5224 pcmcia - ok
14:53:13.0447 5224 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
14:53:13.0448 5224 pcw - ok
14:53:13.0504 5224 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
14:53:13.0522 5224 PEAUTH - ok
14:53:13.0628 5224 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll
14:53:13.0656 5224 PeerDistSvc - ok
14:53:13.0743 5224 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
14:53:13.0746 5224 PerfHost - ok
14:53:13.0846 5224 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
14:53:13.0846 5224 PGEffect - ok
14:53:13.0987 5224 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
14:53:14.0018 5224 pla - ok
14:53:14.0105 5224 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
14:53:14.0116 5224 PlugPlay - ok
14:53:14.0136 5224 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
14:53:14.0138 5224 PNRPAutoReg - ok
14:53:14.0165 5224 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
14:53:14.0167 5224 PNRPsvc - ok
14:53:14.0208 5224 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
14:53:14.0222 5224 PolicyAgent - ok
14:53:14.0251 5224 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
14:53:14.0259 5224 Power - ok
14:53:14.0345 5224 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
14:53:14.0347 5224 PptpMiniport - ok
14:53:14.0373 5224 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
14:53:14.0376 5224 Processor - ok
14:53:14.0397 5224 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
14:53:14.0411 5224 ProfSvc - ok
14:53:14.0452 5224 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:53:14.0453 5224 ProtectedStorage - ok
14:53:14.0513 5224 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
14:53:14.0520 5224 Psched - ok
14:53:14.0589 5224 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
14:53:14.0602 5224 PSI_SVC_2 - ok
14:53:14.0642 5224 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
14:53:14.0645 5224 QIOMem - ok
14:53:14.0781 5224 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
14:53:14.0814 5224 ql2300 - ok
14:53:14.0929 5224 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
14:53:14.0941 5224 ql40xx - ok
14:53:14.0979 5224 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
14:53:14.0990 5224 QWAVE - ok
14:53:15.0001 5224 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
14:53:15.0002 5224 QWAVEdrv - ok
14:53:15.0019 5224 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
14:53:15.0022 5224 RasAcd - ok
14:53:15.0052 5224 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
14:53:15.0054 5224 RasAgileVpn - ok
14:53:15.0066 5224 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
14:53:15.0070 5224 RasAuto - ok
14:53:15.0127 5224 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
14:53:15.0130 5224 Rasl2tp - ok
14:53:15.0169 5224 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
14:53:15.0183 5224 RasMan - ok
14:53:15.0198 5224 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
14:53:15.0200 5224 RasPppoe - ok
14:53:15.0212 5224 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
14:53:15.0214 5224 RasSstp - ok
14:53:15.0243 5224 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
14:53:15.0254 5224 rdbss - ok
14:53:15.0269 5224 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
14:53:15.0271 5224 rdpbus - ok
14:53:15.0279 5224 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
14:53:15.0279 5224 RDPCDD - ok
14:53:15.0336 5224 RDPDR (1b6163c503398b23ff8b939c67747683) C:\windows\system32\drivers\rdpdr.sys
14:53:15.0349 5224 RDPDR - ok
14:53:15.0369 5224 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
14:53:15.0369 5224 RDPENCDD - ok
14:53:15.0375 5224 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
14:53:15.0376 5224 RDPREFMP - ok
14:53:15.0434 5224 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
14:53:15.0447 5224 RDPWD - ok
14:53:15.0516 5224 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
14:53:15.0527 5224 rdyboost - ok
14:53:15.0543 5224 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
14:53:15.0544 5224 regi - ok
14:53:15.0569 5224 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
14:53:15.0572 5224 RemoteAccess - ok
14:53:15.0590 5224 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
14:53:15.0600 5224 RemoteRegistry - ok
14:53:15.0663 5224 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\windows\system32\Drivers\RimUsb_AMD64.sys
14:53:15.0666 5224 RimUsb - ok
14:53:15.0694 5224 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
14:53:15.0697 5224 RimVSerPort - ok
14:53:15.0716 5224 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
14:53:15.0718 5224 ROOTMODEM - ok
14:53:15.0730 5224 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
14:53:15.0731 5224 RpcEptMapper - ok
14:53:15.0752 5224 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
14:53:15.0754 5224 RpcLocator - ok
14:53:15.0837 5224 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
14:53:15.0840 5224 RpcSs - ok
14:53:15.0865 5224 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
14:53:15.0867 5224 rspndr - ok
14:53:15.0986 5224 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
14:53:15.0992 5224 rtl8192se - ok
14:53:16.0038 5224 s3cap (e60c0a09f997826c7627b244195ab581) C:\windows\system32\drivers\vms3cap.sys
14:53:16.0039 5224 s3cap - ok
14:53:16.0087 5224 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:53:16.0088 5224 SamSs - ok
14:53:16.0145 5224 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
14:53:16.0153 5224 sbp2port - ok
14:53:16.0176 5224 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
14:53:16.0189 5224 SCardSvr - ok
14:53:16.0234 5224 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
14:53:16.0236 5224 scfilter - ok
14:53:16.0314 5224 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
14:53:16.0344 5224 Schedule - ok
14:53:16.0398 5224 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
14:53:16.0398 5224 SCPolicySvc - ok
14:53:16.0455 5224 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
14:53:16.0458 5224 sdbus - ok
14:53:16.0520 5224 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
14:53:16.0532 5224 SDRSVC - ok
14:53:16.0558 5224 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
14:53:16.0560 5224 secdrv - ok
14:53:16.0566 5224 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
14:53:16.0567 5224 seclogon - ok
14:53:16.0578 5224 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
14:53:16.0579 5224 SENS - ok
14:53:16.0587 5224 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
14:53:16.0590 5224 SensrSvc - ok
14:53:16.0617 5224 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
14:53:16.0619 5224 Serenum - ok
14:53:16.0638 5224 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
14:53:16.0640 5224 Serial - ok
14:53:16.0707 5224 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
14:53:16.0709 5224 sermouse - ok
14:53:16.0761 5224 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
14:53:16.0764 5224 SessionEnv - ok
14:53:16.0818 5224 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
14:53:16.0820 5224 sffdisk - ok
14:53:16.0830 5224 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
14:53:16.0831 5224 sffp_mmc - ok
14:53:16.0835 5224 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
14:53:16.0836 5224 sffp_sd - ok
14:53:16.0849 5224 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
14:53:16.0851 5224 sfloppy - ok
14:53:16.0913 5224 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
14:53:16.0934 5224 SharedAccess - ok
14:53:17.0015 5224 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
14:53:17.0036 5224 ShellHWDetection - ok
14:53:17.0058 5224 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
14:53:17.0061 5224 SiSRaid2 - ok
14:53:17.0078 5224 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
14:53:17.0081 5224 SiSRaid4 - ok
14:53:17.0118 5224 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
14:53:17.0120 5224 Smb - ok
14:53:17.0157 5224 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
14:53:17.0160 5224 SNMPTRAP - ok
14:53:17.0169 5224 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
14:53:17.0170 5224 spldr - ok
14:53:17.0217 5224 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
14:53:17.0244 5224 Spooler - ok
14:53:17.0484 5224 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
14:53:17.0550 5224 sppsvc - ok
14:53:17.0662 5224 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
14:53:17.0665 5224 sppuinotify - ok
14:53:17.0791 5224 SQLBrowser (3612108d36ea74f6f9fc5005e88e353b) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:53:17.0802 5224 SQLBrowser - ok
14:53:17.0919 5224 SQLWriter (27a547b061c44d72afa6c1e71665d4a5) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:53:17.0933 5224 SQLWriter - ok
14:53:18.0109 5224 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\System32\Drivers\NISx64\1307000.009\SRTSP64.SYS
14:53:18.0171 5224 SRTSP - ok
14:53:18.0189 5224 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\NISx64\1307000.009\SRTSPX64.SYS
14:53:18.0189 5224 SRTSPX - ok
14:53:18.0268 5224 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
14:53:18.0282 5224 srv - ok
14:53:18.0359 5224 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
14:53:18.0375 5224 srv2 - ok
14:53:18.0400 5224 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
14:53:18.0413 5224 srvnet - ok
14:53:18.0446 5224 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
14:53:18.0459 5224 SSDPSRV - ok
14:53:18.0471 5224 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
14:53:18.0472 5224 SstpSvc - ok
14:53:18.0500 5224 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
14:53:18.0503 5224 stexstor - ok
14:53:18.0599 5224 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
14:53:18.0618 5224 stisvc - ok
14:53:18.0663 5224 storflt (7785dc213270d2fc066538daf94087e7) C:\windows\system32\drivers\vmstorfl.sys
14:53:18.0664 5224 storflt - ok
14:53:18.0685 5224 StorSvc (c40841817ef57d491f22eb103da587cc) C:\windows\system32\storsvc.dll
14:53:18.0688 5224 StorSvc - ok
14:53:18.0701 5224 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\windows\system32\drivers\storvsc.sys
14:53:18.0703 5224 storvsc - ok
14:53:18.0713 5224 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
14:53:18.0714 5224 swenum - ok
14:53:18.0860 5224 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:53:18.0888 5224 SwitchBoard - ok
14:53:18.0940 5224 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
14:53:18.0955 5224 swprv - ok
14:53:19.0097 5224 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS
14:53:19.0109 5224 SymDS - ok
14:53:19.0221 5224 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS
14:53:19.0242 5224 SymEFA - ok
14:53:19.0282 5224 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
14:53:19.0283 5224 SymEvent - ok
14:53:19.0341 5224 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS
14:53:19.0342 5224 SymIRON - ok
14:53:19.0385 5224 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1307000.009\SYMNETS.SYS
14:53:19.0387 5224 SymNetS - ok
14:53:19.0443 5224 SynTP (56f16a398affe40afab04ba0081cdc27) C:\windows\system32\DRIVERS\SynTP.sys
14:53:19.0445 5224 SynTP - ok
14:53:19.0613 5224 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
14:53:19.0645 5224 SysMain - ok
14:53:19.0772 5224 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
14:53:19.0775 5224 TabletInputService - ok
14:53:19.0802 5224 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
14:53:19.0812 5224 TapiSrv - ok
14:53:19.0846 5224 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
14:53:19.0847 5224 TBS - ok
14:53:20.0035 5224 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
14:53:20.0074 5224 Tcpip - ok
14:53:20.0274 5224 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
14:53:20.0283 5224 TCPIP6 - ok
14:53:20.0400 5224 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
14:53:20.0402 5224 tcpipreg - ok
14:53:20.0427 5224 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
14:53:20.0427 5224 tdcmdpst - ok
14:53:20.0449 5224 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
14:53:20.0451 5224 TDPIPE - ok
14:53:20.0497 5224 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
14:53:20.0499 5224 TDTCP - ok
14:53:20.0553 5224 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
14:53:20.0557 5224 tdx - ok
14:53:20.0612 5224 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
14:53:20.0613 5224 TermDD - ok
14:53:20.0671 5224 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
14:53:20.0688 5224 TermService - ok
14:53:20.0713 5224 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
14:53:20.0714 5224 Themes - ok
14:53:20.0741 5224 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
14:53:20.0742 5224 Thpdrv - ok
14:53:20.0753 5224 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
14:53:20.0754 5224 Thpevm - ok
14:53:20.0801 5224 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe
14:53:20.0819 5224 Thpsrv - ok
14:53:20.0843 5224 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
14:53:20.0844 5224 THREADORDER - ok
14:53:20.0892 5224 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
14:53:20.0893 5224 TMachInfo - ok
14:53:20.0933 5224 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
14:53:20.0948 5224 TODDSrv - ok
14:53:21.0054 5224 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
14:53:21.0073 5224 TosCoSrv - ok
14:53:21.0127 5224 TOSHIBA Bluetooth Service (8f099be5db17d025e19652851399b9f1) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
14:53:21.0139 5224 TOSHIBA Bluetooth Service - ok
14:53:21.0214 5224 TOSHIBA eco Utility Service (152da63a2843e7e63eca8ae90d853763) C:\Program Files\TOSHIBA\TECO\TecoService.exe
14:53:21.0227 5224 TOSHIBA eco Utility Service - ok
14:53:21.0278 5224 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
14:53:21.0290 5224 TOSHIBA HDD SSD Alert Service - ok
14:53:21.0401 5224 Tosrfcom - ok
14:53:21.0441 5224 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
14:53:21.0442 5224 tosrfec - ok
14:53:21.0495 5224 Tosrfusb (8197b0eae0d804ac3466045ddc5da98b) C:\windows\system32\DRIVERS\tosrfusb.sys
14:53:21.0503 5224 Tosrfusb - ok
14:53:21.0554 5224 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
14:53:21.0583 5224 tos_sps64 - ok
14:53:21.0666 5224 TPCHSrv (6f9e17819bfa53cff67cb1e16669500f) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
14:53:21.0695 5224 TPCHSrv - ok
14:53:21.0803 5224 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
14:53:21.0805 5224 TrkWks - ok
14:53:21.0873 5224 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
14:53:21.0885 5224 TrustedInstaller - ok
14:53:21.0949 5224 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
14:53:21.0951 5224 tssecsrv - ok
14:53:22.0014 5224 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
14:53:22.0016 5224 TsUsbFlt - ok
14:53:22.0086 5224 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
14:53:22.0090 5224 tunnel - ok
14:53:22.0109 5224 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
14:53:22.0109 5224 TVALZ - ok
14:53:22.0132 5224 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
14:53:22.0132 5224 TVALZFL - ok
14:53:22.0160 5224 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
14:53:22.0163 5224 uagp35 - ok
14:53:22.0199 5224 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
14:53:22.0212 5224 udfs - ok
14:53:22.0241 5224 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
14:53:22.0244 5224 UI0Detect - ok
14:53:22.0272 5224 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
14:53:22.0274 5224 uliagpkx - ok
14:53:22.0351 5224 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
14:53:22.0353 5224 umbus - ok
14:53:22.0369 5224 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
14:53:22.0371 5224 UmPass - ok
14:53:22.0432 5224 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\windows\System32\umrdp.dll
14:53:22.0445 5224 UmRdpService - ok
14:53:22.0654 5224 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:53:22.0705 5224 UNS - ok
14:53:22.0828 5224 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
14:53:22.0841 5224 upnphost - ok
14:53:22.0964 5224 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
14:53:22.0977 5224 usbaudio - ok
14:53:23.0010 5224 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
14:53:23.0020 5224 usbccgp - ok
14:53:23.0081 5224 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
14:53:23.0084 5224 usbcir - ok
14:53:23.0101 5224 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
14:53:23.0104 5224 usbehci - ok
14:53:23.0144 5224 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
14:53:23.0164 5224 usbhub - ok
14:53:23.0190 5224 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
14:53:23.0193 5224 usbohci - ok
14:53:23.0220 5224 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
14:53:23.0222 5224 usbprint - ok
14:53:23.0279 5224 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
14:53:23.0281 5224 usbscan - ok
14:53:23.0309 5224 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:53:23.0313 5224 USBSTOR - ok
14:53:23.0331 5224 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
14:53:23.0333 5224 usbuhci - ok
14:53:23.0369 5224 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
14:53:23.0383 5224 usbvideo - ok
14:53:23.0409 5224 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys
14:53:23.0413 5224 usb_rndisx - ok
14:53:23.0442 5224 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
14:53:23.0443 5224 UxSms - ok
14:53:23.0488 5224 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:53:23.0489 5224 VaultSvc - ok
14:53:23.0536 5224 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\windows\system32\DRIVERS\VClone.sys
14:53:23.0538 5224 VClone - ok
14:53:23.0561 5224 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
14:53:23.0561 5224 vdrvroot - ok
14:53:23.0635 5224 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
14:53:23.0659 5224 vds - ok
14:53:23.0680 5224 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
14:53:23.0682 5224 vga - ok
14:53:23.0698 5224 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
14:53:23.0700 5224 VgaSave - ok
14:53:23.0729 5224 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
14:53:23.0741 5224 vhdmp - ok
14:53:23.0755 5224 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
14:53:23.0757 5224 viaide - ok
14:53:23.0780 5224 vmbus (86ea3e79ae350fea5331a1303054005f) C:\windows\system32\drivers\vmbus.sys
14:53:23.0794 5224 vmbus - ok
14:53:23.0812 5224 VMBusHID (7de90b48f210d29649380545db45a187) C:\windows\system32\drivers\VMBusHID.sys
14:53:23.0814 5224 VMBusHID - ok
14:53:23.0831 5224 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
14:53:23.0833 5224 volmgr - ok
14:53:23.0906 5224 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
14:53:23.0918 5224 volmgrx - ok
14:53:23.0946 5224 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
14:53:23.0956 5224 volsnap - ok
14:53:23.0998 5224 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\windows\system32\DRIVERS\vpchbus.sys
14:53:24.0000 5224 vpcbus - ok
14:53:24.0049 5224 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\windows\system32\DRIVERS\vpcnfltr.sys
14:53:24.0051 5224 vpcnfltr - ok
14:53:24.0070 5224 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\windows\system32\DRIVERS\vpcusb.sys
14:53:24.0072 5224 vpcusb - ok
14:53:24.0140 5224 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\windows\system32\drivers\vpcvmm.sys
14:53:24.0142 5224 vpcvmm - ok
14:53:24.0176 5224 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
14:53:24.0191 5224 vsmraid - ok
14:53:24.0321 5224 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
14:53:24.0361 5224 VSS - ok
14:53:24.0483 5224 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
14:53:24.0485 5224 vwifibus - ok
14:53:24.0498 5224 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
14:53:24.0500 5224 vwififlt - ok
14:53:24.0550 5224 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
14:53:24.0564 5224 W32Time - ok
14:53:24.0582 5224 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
14:53:24.0585 5224 WacomPen - ok
14:53:24.0656 5224 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
14:53:24.0659 5224 WANARP - ok
14:53:24.0662 5224 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
14:53:24.0662 5224 Wanarpv6 - ok
14:53:24.0764 5224 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
14:53:24.0799 5224 WatAdminSvc - ok
14:53:24.0941 5224 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
14:53:24.0978 5224 wbengine - ok
14:53:25.0083 5224 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
14:53:25.0096 5224 WbioSrvc - ok
14:53:25.0137 5224 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
14:53:25.0154 5224 wcncsvc - ok
14:53:25.0171 5224 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
14:53:25.0174 5224 WcsPlugInService - ok
14:53:25.0205 5224 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
14:53:25.0207 5224 Wd - ok
14:53:25.0258 5224 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
14:53:25.0293 5224 Wdf01000 - ok
14:53:25.0307 5224 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
14:53:25.0309 5224 WdiServiceHost - ok
14:53:25.0312 5224 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
14:53:25.0314 5224 WdiSystemHost - ok
14:53:25.0383 5224 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
14:53:25.0398 5224 WebClient - ok
14:53:25.0430 5224 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
14:53:25.0439 5224 Wecsvc - ok
14:53:25.0452 5224 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
14:53:25.0456 5224 wercplsupport - ok
14:53:25.0482 5224 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
14:53:25.0485 5224 WerSvc - ok
14:53:25.0521 5224 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
14:53:25.0522 5224 WfpLwf - ok
14:53:25.0539 5224 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
14:53:25.0542 5224 WIMMount - ok
14:53:25.0602 5224 WinDefend - ok
14:53:25.0607 5224 WinHttpAutoProxySvc - ok
14:53:25.0667 5224 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
14:53:25.0680 5224 Winmgmt - ok
14:53:25.0852 5224 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
14:53:25.0899 5224 WinRM - ok
14:53:26.0066 5224 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
14:53:26.0069 5224 WinUsb - ok
14:53:26.0139 5224 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
14:53:26.0179 5224 Wlansvc - ok
14:53:26.0235 5224 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
14:53:26.0236 5224 WmiAcpi - ok
14:53:26.0280 5224 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
14:53:26.0290 5224 wmiApSrv - ok
14:53:26.0325 5224 WMPNetworkSvc - ok
14:53:26.0333 5224 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
14:53:26.0337 5224 WPCSvc - ok
14:53:26.0386 5224 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
14:53:26.0388 5224 WPDBusEnum - ok
14:53:26.0414 5224 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
14:53:26.0415 5224 ws2ifsl - ok
14:53:26.0459 5224 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
14:53:26.0462 5224 wscsvc - ok
14:53:26.0465 5224 WSearch - ok
14:53:26.0670 5224 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
14:53:26.0725 5224 wuauserv - ok
14:53:26.0887 5224 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
14:53:26.0890 5224 WudfPf - ok
14:53:26.0913 5224 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
14:53:26.0923 5224 WUDFRd - ok
14:53:26.0972 5224 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
14:53:26.0974 5224 wudfsvc - ok
14:53:27.0002 5224 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
14:53:27.0017 5224 WwanSvc - ok
14:53:27.0185 5224 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:53:27.0202 5224 YahooAUService - ok
14:53:27.0230 5224 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
14:53:27.0634 5224 \Device\Harddisk0\DR0 - ok
14:53:27.0670 5224 Boot (0x1200) (1f668e8841d5466c3d5b09f6912073ab) \Device\Harddisk0\DR0\Partition0
14:53:27.0673 5224 \Device\Harddisk0\DR0\Partition0 - ok
14:53:27.0673 5224 ============================================================
14:53:27.0673 5224 Scan finished
14:53:27.0673 5224 ============================================================
14:53:27.0684 5696 Detected object count: 0
14:53:27.0684 5696 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 14:58:52
-----------------------------
14:58:52.818 OS Version: Windows x64 6.1.7601 Service Pack 1
14:58:52.818 Number of processors: 8 586 0x1E05
14:58:52.819 ComputerName: BRAHMS UserName: Mark
14:58:54.461 Initialize success
14:59:46.869 AVAST engine defs: 12043001
15:00:06.254 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:00:06.257 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3
15:00:06.273 Disk 0 MBR read successfully
15:00:06.278 Disk 0 MBR scan
15:00:06.284 Disk 0 Windows VISTA default MBR code
15:00:06.290 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:00:06.308 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463820 MB offset 3074048
15:00:06.348 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11619 MB offset 952977408
15:00:06.428 Disk 0 scanning C:\windows\system32\drivers
15:00:21.240 Service scanning
15:00:49.549 Modules scanning
15:00:49.560 Disk 0 trace - called modules:
15:00:49.597 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
15:00:49.604 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006630790]
15:00:49.617 3 CLASSPNP.SYS[fffff88001a2c43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa800662a710]
15:00:49.627 5 thpdrv.sys[fffff88001f84cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006413050]
15:00:51.876 AVAST engine scan C:\windows
15:00:55.083 AVAST engine scan C:\windows\system32
15:04:14.575 AVAST engine scan C:\windows\system32\drivers
15:04:37.723 AVAST engine scan C:\Users\Mark
15:10:22.298 AVAST engine scan C:\ProgramData
15:13:41.046 Scan finished successfully
15:17:49.571 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:17:49.594 The log file has been saved successfully to "C:\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 AM

Posted 30 April 2012 - 08:56 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Application Updater

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 MarkPeter

MarkPeter
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 30 April 2012 - 09:39 PM

No problems running the CFScript with ComboFix. It did reboot my system. Since the first run of ComboFix and re-installing Chrome, I'm having no redirect problems on any of my browsers.


ComboFix 12-04-31.03 - Mark 04/30/2012 19:15:54.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6012.3520 [GMT -7:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
Command switches used :: c:\users\Mark\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Application Updater
c:\program files (x86)\Application Updater\ApplicationUpdater.exe
c:\program files (x86)\Application Updater\config.ini
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\wth.dll
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
c:\program files (x86)\Common Files\Spigot\wtxpcom\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Application Updater
-------\Service_Application Updater
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 02:22 . 2012-05-01 02:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-30 06:50 . 2012-04-30 19:45 -------- d-----w- c:\windows\system32\drivers\NISx64\1307000.009
2012-04-30 00:26 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-30 00:26 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-30 00:26 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-30 00:21 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-30 00:21 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-30 00:21 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-30 00:21 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-30 00:21 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-30 00:21 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-30 00:21 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-29 01:39 . 2012-04-30 08:26 -------- d-----w- C:\Downloads
2012-04-25 05:24 . 2012-04-23 11:26 154272 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-09 22:48 . 2012-04-09 22:48 -------- d-----w- C:\1972 Honky Chateau
2012-04-08 18:48 . 2012-04-28 22:23 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 19:59 . 2012-04-10 20:07 -------- d-----w- c:\program files (x86)\pdfforge Toolbar
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 12:26 . 2012-04-30 12:26 3160 ----a-w- C:\Attach.txt.zip
2012-04-30 00:03 . 2010-12-15 20:59 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-28 22:23 . 2011-05-20 19:44 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38 . 2012-03-19 05:58 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-19 05:58 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-19 05:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-19 05:58 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-19 05:58 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-19 05:58 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-19 05:58 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-30_19.47.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-30 19:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-30 22:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-30 19:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-30 22:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-30 19:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-30 22:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-23 08:01 . 2012-04-30 21:41 60306 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-01 02:26 44506 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-15 17:50 . 2012-05-01 02:26 14420 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-393029618-3043048630-1572372043-1001_UserData.bin
+ 2010-08-23 08:01 . 2012-04-30 21:41 60306 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-01 02:26 44506 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-15 17:50 . 2012-05-01 02:26 14420 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-393029618-3043048630-1572372043-1001_UserData.bin
- 2010-12-15 17:42 . 2012-04-30 14:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-15 17:42 . 2012-04-30 19:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-15 17:42 . 2012-04-30 14:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-15 17:42 . 2012-04-30 19:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-30 14:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-30 19:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-15 17:51 . 2012-05-01 02:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-15 17:51 . 2012-04-30 19:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-15 17:51 . 2012-05-01 02:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-15 17:51 . 2012-04-30 19:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-15 17:51 . 2012-05-01 02:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-15 17:51 . 2012-04-30 19:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-15 17:46 . 2012-04-30 19:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-15 17:46 . 2012-05-01 02:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-15 17:46 . 2012-05-01 02:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-15 17:46 . 2012-04-30 19:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-01 02:23 . 2012-05-01 02:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-30 19:46 . 2012-04-30 19:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-01 02:23 . 2012-05-01 02:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-30 19:46 . 2012-04-30 19:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:46 . 2012-04-30 19:58 111520 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-04-30 19:45 503748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-01 02:22 503748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-06-11 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-02 2454840]
"HttpWatch_RegIEPlugin"="c:\program files (x86)\HttpWatch\regieplugin.exe" [2010-12-22 592168]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-03 95504]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-03 273528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files (x86)\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
Run POPFile.lnk - c:\program files (x86)\POPFile\runpopfile.exe [2011-9-2 72050]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-9-29 5059352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 253088]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-09-23 4476096]
S0 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-13 1160824]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120427.001\IDSvia64.sys [2012-04-27 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307000.009\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-12-08 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-23 822192]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 22:23]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-393029618-3043048630-1572372043-1001Core.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-30 21:17]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-393029618-3043048630-1572372043-1001UA.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-30 21:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
c:\program files (x86)\DAP\DAPIELoader64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-09-29 16:50 4525336 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-09-29 16:50 4525336 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"combofix"="c:\combofix\CF13549.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;192.168.*.*
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download Using &BitSpirit - c:\program files (x86)\BitSpirit\bsurl.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\q7u2zxqx.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="c:\servers\mysql\bin\mysqld MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-393029618-3043048630-1572372043-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):00,a5,7f,02,e1,25,a1,e4,9e,74,72,13,53,4f,36,1d,a3,64,c4,2d,67,
fe,09,ca,f6,cd,01,df,23,75,49,5f,80,d8,15,72,9e,ba,3d,12,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-393029618-3043048630-1572372043-1001_Classes\Wow6432Node\CLSID\{cb6373f4-a572-4870-9db8-03bc21db2304}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a3
"Therad"=dword:00000015
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
c:\progra~2\POPFile\popfileib.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2012-04-30 19:32:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-01 02:32
ComboFix2.txt 2012-04-30 19:56
.
Pre-Run: 86,113,984,512 bytes free
Post-Run: 85,682,724,864 bytes free
.
- - End Of File - - 64AC5AFAB9B0D1E318EB2EF086CCD3CB

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 AM

Posted 30 April 2012 - 09:43 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

BitSpirit v3.6.0.550 Stable
eMule
Java™ 6 Update 29
Java™ SE Development Kit 6 Update 24
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 AM

Posted 03 May 2012 - 12:19 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 MarkPeter

MarkPeter
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 06 May 2012 - 12:54 PM

Hi Gringo,

Thanks very much for following up. My immediate problems seem to have been solved, and I've been slammed with work for the last few days. I will work on taking care of the rest of this later tonight.

Mark

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 AM

Posted 06 May 2012 - 03:16 PM

Very good because we are almost finished



see you later then



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 AM

Posted 08 May 2012 - 11:45 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 AM

Posted 11 May 2012 - 11:15 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 AM

Posted 15 May 2012 - 04:59 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users