Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer restarts every time I open a folder


  • This topic is locked This topic is locked
17 replies to this topic

#1 problemcomputer2012

problemcomputer2012

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 07 May 2012 - 04:15 AM

So earlier today I downloaded uTorrent and then I start to download a language learning program. After that, I wasn't able to open any folders (my computer, control panal, my documents, etc). As soon as I do, an error comes up and the computer restarts (or half restarts). But it won't let me open any folders. Because of this, I wasn't able to make any changes to my current firewall.

Also, since I bought my computer in China, my operating system is in Mandarin Chinese, so there are some Chinese characters in the reports. Here I've tried to provide a translation:

In the DDS report:
1. After Microsoft Windows 7 家庭普通版 (Family edition)
2. After AV: 趋势科技网络安全专家 and SP: 趋势科技网络安全专家 (Trend Sceince and Technology Internet Safety Expert)
3. After FW: 趋势科技个人防火墙 (Trend Science and Technology Personal Firewall)
4. S2 gupdate;Google 更新服务 (update service)
5. S3 NisSrv;Microsoft 网络检查 (network inspection)

In GMER report:

1) After C:/Users/toshiba/AppData/Local/Temp/mbr.sys 系统找不到指定的文件 (system unable to find selected file)
2) occurs quite often 浏览器 (browser)
3) After AttachedDevice \FileSystem\fastfat \Fat 文件系统筛选器管理器 (Filing system sizer superviser) - sorry, I don't quite know how to translate this

Thanks so much and I hope to hear from you soon.

Here is my DDS report:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by toshiba at 15:48:04 on 2012-05-07
Microsoft Windows 7 家庭普通版 6.1.7600.0.936.86.2052.18.1787.754 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: 趋势科技网络安全专家 *Disabled/Outdated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: 趋势科技网络安全专家 *Disabled/Outdated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: 趋势科技个人防火墙 *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Metfone 3G\AssistantServices.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Metfone 3G\UIExec.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://toshiba.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWisd.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWisd.dll
BHO: Baidu Toolbar BHO: {77fef28e-eb96-44ff-b511-3185dea48697} - c:\program files\baidu\toolbar\BaiduBarX.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: 967DE405-450A-B340-5027-4D27C7B9B9C7 Class: {967de405-450a-b340-5027-4d27c7b9b9c7} - c:\program files\baidu\{967de405-450a-b340-5027-4d27c7b9b9c7}\AddressBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: ADDICT-THING Class: {d0b687e7-08d9-457c-8b9e-b1c1b9685215} - c:\programdata\addict-thing\bhoclass.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWisd.dll
TB: 百度工具栏: {b580cf65-e151-49c3-b73f-70b13fca8e86} - c:\program files\baidu\toolbar\BaiduBarX.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [QQMusic] "c:\program files\tencent\qqmusic\QQMusic.exe" /background
uRun: [Google Update] "c:\users\toshiba\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [Microsoft Pinyin IME Migration] c:\progra~1\common~1\micros~1\ime12\imesc\IMSCMIG.EXE /INSTALL
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [kwmusic] "c:\program files\kwmusic\Kwmusic.exe" /autorun
mRun: [UIExec] "c:\program files\metfone 3g\UIExec.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] c:\program files\sweetim\communicator\SweetPacksUpdateManager.exe
StartupFolder: c:\users\toshiba\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: 导出到 Microsoft Excel(&X) - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{701A7266-0C6B-4491-96D9-E9BAEAD80F23} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{701A7266-0C6B-4491-96D9-E9BAEAD80F23}\35541435F4E494E474 : DhcpNameServer = 10.10.10.100
TCP: Interfaces\{701A7266-0C6B-4491-96D9-E9BAEAD80F23}\74275656E6024577F6E60274D2840213 : DhcpNameServer = 124.108.48.5 124.108.48.6
TCP: Interfaces\{701A7266-0C6B-4491-96D9-E9BAEAD80F23}\84947484C414E444350234F464645454 : DhcpNameServer = 192.168.3.1 210.245.24.20
TCP: Interfaces\{701A7266-0C6B-4491-96D9-E9BAEAD80F23}\A5F6F6D634166656 : DhcpNameServer = 192.168.1.1
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKsl05c01b4a;MpKsl05c01b4a;c:\programdata\microsoft\microsoft antimalware\definition updates\{af6849bc-833e-43da-8a08-652ea2b62116}\MpKsl05c01b4a.sys [2012-5-7 29904]
R1 NdisLwf;PandaVPN Driver;c:\windows\system32\drivers\ndislwf.sys [2011-7-24 34304]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-10-8 146448]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-24 172032]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-28 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-9-22 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-10-8 283152]
R2 UI Assistant Service;UI Assistant Service;c:\program files\metfone 3g\AssistantServices.exe [2012-4-13 261456]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-5-24 5340160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-5-24 152064]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-5-24 7680]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-3-4 67624]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-5-24 24064]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-5-24 182304]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google 更新服务 (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-25 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google 更新服务 (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-25 135664]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-4-13 9216]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft 网络检查;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-5-24 51512]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-9-22 51792]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-5-24 497008]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-5-24 689416]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2012-4-13 107776]
.
=============== Created Last 30 ================
.
2012-05-07 06:43:04 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{af6849bc-833e-43da-8a08-652ea2b62116}\offreg.dll
2012-05-07 06:43:04 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{af6849bc-833e-43da-8a08-652ea2b62116}\MpKsl05c01b4a.sys
2012-05-07 05:09:43 -------- d-----w- c:\programdata\SweetIM
2012-05-07 05:09:43 -------- d-----w- c:\program files\SweetIM
2012-05-07 05:09:21 -------- d-----w- c:\programdata\Premium
2012-05-07 05:06:58 -------- d-----w- c:\programdata\ADDICT-THING
2012-05-07 05:05:58 -------- d-----w- c:\programdata\InstallMate
2012-05-07 05:00:27 -------- d-----w- c:\program files\Conduit
2012-05-07 05:00:24 -------- d-----w- c:\users\toshiba\appdata\local\CRE
2012-05-07 04:59:51 -------- d-----w- c:\users\toshiba\appdata\local\Conduit
2012-05-07 04:59:49 -------- d-----w- c:\program files\uTorrentControl2
2012-05-07 04:58:54 -------- d-----w- c:\program files\uTorrent
2012-05-07 04:57:32 -------- d-----w- c:\users\toshiba\appdata\roaming\uTorrent
2012-05-07 04:44:53 -------- d-----w- c:\programdata\hsswpr
2012-05-06 16:00:42 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{af6849bc-833e-43da-8a08-652ea2b62116}\mpengine.dll
2012-04-13 15:41:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 15:41:45 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 15:41:45 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 15:41:44 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 15:41:15 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-13 15:41:13 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 07:54:25 -------- d-----w- C:\UserData
2012-04-13 07:11:58 107776 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys
2012-04-13 07:11:57 126976 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2012-04-13 07:11:57 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-04-13 07:11:57 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext2.sys
2012-04-13 07:11:57 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext.sys
2012-04-13 07:11:57 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-04-13 07:11:56 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2012-04-13 07:11:56 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-04-13 07:11:21 -------- d-----w- c:\windows\system32\SupportAppCB
2012-04-13 07:11:16 -------- d-----w- c:\program files\Metfone 3G
.
==================== Find3M ====================
.
2012-03-20 12:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 12:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 15:50:06.79 ===============

Attached Files

  • Attached File  ark.txt   31.56KB   0 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 PM

Posted 07 May 2012 - 09:21 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Microsoft Security Essentials
AV: 趋势科技网络安全专家


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 problemcomputer2012

problemcomputer2012
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 07 May 2012 - 01:30 PM

Thanks for the quick response. After running the security check and Comboflix I am still having the same problem. If I try to open a file, it still forces the computer to restart rather than opening the folder.

Here is the output of Security check:

Results of screen317's Security Check version 0.99.32
Windows 7 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 22
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Trend Micro Internet Security SfCtlCom.exe
Trend Micro Internet Security UfSeAgnt.exe
Trend Micro Internet Security TmProxy.exe
Trend Micro Internet Security TmPfw.exe
Trend Micro BM TMBMSRV.exe
``````````End of Log````````````

Here is the output of Comboflix:


ComboFix 12-05-07.02 - toshiba 2/05/08 周二 2:11.1.2 - x86
Microsoft Windows 7 家庭普通版 6.1.7600.0.936.86.2052.18.1787.1162 [GMT 8:00]
执行位置: c:\users\toshiba\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: 趋势科技网络安全专家 *Disabled/Outdated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: 趋势科技个人防火墙 *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: 趋势科技网络安全专家 *Disabled/Outdated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\service
c:\windows\system32\service\02092011_TIS17_SfFniAU.log
c:\windows\system32\service\05022012_TIS17_SfFniAU.log
c:\windows\system32\service\06122010_TIS17_SfFniAU.log
c:\windows\system32\service\12102011_TIS17_SfFniAU.log
c:\windows\system32\service\13112010_TIS17_SfFniAU.log
c:\windows\system32\service\16112011_TIS17_SfFniAU.log
c:\windows\system32\service\21012012_TIS17_SfFniAU.log
c:\windows\system32\service\21092011_TIS17_SfFniAU.log
c:\windows\system32\service\26032012_TIS17_SfFniAU.log
c:\windows\system32\service\26082011_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((((( 2012-04-07 至 2012-05-07 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-05-07 18:19 . 2012-05-07 18:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 12:15 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C008FED-354B-4163-8A04-ECA80A92BEDA}\mpengine.dll
2012-05-07 05:09 . 2012-05-07 05:10 -------- d-----w- c:\programdata\SweetIM
2012-05-07 05:09 . 2012-05-07 05:10 -------- d-----w- c:\program files\SweetIM
2012-05-07 05:09 . 2012-05-07 05:09 -------- d-----w- c:\programdata\Premium
2012-05-07 05:06 . 2012-05-07 05:09 -------- d-----w- c:\programdata\ADDICT-THING
2012-05-07 05:05 . 2012-05-07 05:09 -------- d-----w- c:\programdata\InstallMate
2012-05-07 05:00 . 2012-05-07 05:00 -------- d-----w- c:\program files\Conduit
2012-05-07 05:00 . 2012-05-07 05:00 -------- d-----w- c:\users\toshiba\AppData\Local\CRE
2012-05-07 04:59 . 2012-05-07 04:59 -------- d-----w- c:\users\toshiba\AppData\Local\Conduit
2012-05-07 04:58 . 2012-05-07 04:58 -------- d-----w- c:\program files\uTorrent
2012-05-07 04:57 . 2012-05-07 06:52 -------- d-----w- c:\users\toshiba\AppData\Roaming\uTorrent
2012-05-07 04:44 . 2012-05-07 04:44 -------- d-----w- c:\programdata\hsswpr
2012-05-06 16:00 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-13 15:41 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 15:41 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 15:41 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 15:41 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 15:41 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-13 15:41 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 07:54 . 2012-04-13 07:54 -------- d-----w- C:\UserData
2012-04-13 07:11 . 2011-03-26 02:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys
2012-04-13 07:11 . 2011-03-26 02:37 126976 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2012-04-13 07:11 . 2011-03-26 02:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-04-13 07:11 . 2011-03-26 02:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext2.sys
2012-04-13 07:11 . 2011-03-26 02:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext.sys
2012-04-13 07:11 . 2011-03-26 02:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-04-13 07:11 . 2011-03-26 02:37 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2012-04-13 07:11 . 2011-03-26 02:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-04-13 07:11 . 2012-04-13 07:11 -------- d-----w- c:\windows\system32\SupportAppCB
2012-04-13 07:11 . 2012-04-13 07:15 -------- d-----w- c:\program files\Metfone 3G
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 12:44 . 2012-03-20 12:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 12:44 . 2012-03-20 12:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-11 01:49 . 2012-03-11 01:49 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-11 01:49 . 2012-03-11 01:49 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-11 01:49 . 2012-03-11 01:49 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-11 01:49 . 2012-03-11 01:49 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-11 01:49 . 2012-03-11 01:49 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-11 01:49 . 2012-03-11 01:49 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-11 01:49 . 2012-03-11 01:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-11 01:49 . 2012-03-11 01:49 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-11 01:49 . 2012-03-11 01:49 367104 ----a-w- c:\windows\system32\html.iec
2012-03-11 01:49 . 2012-03-11 01:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-11 01:49 . 2012-03-11 01:49 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-11 01:49 . 2012-03-11 01:49 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-11 01:49 . 2012-03-11 01:49 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-11 01:49 . 2012-03-11 01:49 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-11 01:49 . 2012-03-11 01:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-11 01:49 . 2012-03-11 01:49 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-11 01:49 . 2012-03-11 01:49 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-15 05:44 . 2012-03-14 11:17 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 11:17 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 11:17 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 19:53 . 2012-02-10 19:54 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEAC0909-2175-446C-B64C-5EBB4DECF432}\gapaengine.dll
2012-02-10 05:41 . 2012-03-14 11:24 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-14 11:24 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 11:24 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 11:24 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 11:24 739840 ----a-w- c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2007-07-17 07:59 1379352 ----a-w- c:\program files\Wisdom-soft\tbWisd.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{967DE405-450A-B340-5027-4D27C7B9B9C7}]
2011-01-25 08:53 1184176 ----a-w- c:\program files\Baidu\{967DE405-450A-B340-5027-4D27C7B9B9C7}\AddressBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0B687E7-08D9-457C-8B9E-B1C1B9685215}]
2012-05-03 11:07 140800 ----a-w- c:\programdata\ADDICT-THING\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 11:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-02-19 06:46 1337648 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-24 39408]
"QQMusic"="c:\program files\Tencent\QQMusic\QQMusic.exe" [2011-08-27 411000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-10 1697064]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-19 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-31 32112]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-08 1028488]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"UIExec"="c:\program files\Metfone 3G\UIExec.exe" [2011-04-27 139088]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
.
c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google 更新服务 (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-24 135664]
R3 gupdatem;Google 更新服务 (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-24 135664]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 9216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft 网络检查;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 182304]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-10-08 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-10-08 689416]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2011-03-26 107776]
S1 NdisLwf;PandaVPN Driver;c:\windows\system32\DRIVERS\ndislwf.sys [2011-07-24 34304]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-10-08 146448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 172032]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-10-08 283152]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Metfone 3G\AssistantServices.exe [2011-04-27 261456]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 5340160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 152064]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
‘计划任务’ 文件夹 里的内容
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-24 16:29]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-24 16:29]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957738070-1683547623-2571408956-1000Core.job
- c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 03:09]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957738070-1683547623-2571408956-1000UA.job
- c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 03:09]
.
.
------- 而外的扫描 -------
.
uInternet Settings,ProxyOverride = *.local
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: 导出到 Microsoft Excel(&X) - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-kwmusic - c:\program files\KWMUSIC\Kwmusic.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2012-05-08 02:23:14
ComboFix-quarantined-files.txt 2012-05-07 18:23
.
Pre-Run: 10 个目录 68,848,336,896 可用字节
Post-Run: 15 个目录 69,549,023,232 可用字节
.
- - End Of File - - 3C976C066B50B0DDAAF73081923DF8EC

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 PM

Posted 07 May 2012 - 02:36 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 problemcomputer2012

problemcomputer2012
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 07 May 2012 - 10:49 PM

Tdsskiller report:

10:51:06.0091 5704 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:51:06.0872 5704 ============================================================
10:51:06.0872 5704 Current date / time: 2012/05/08 10:51:06.0872
10:51:06.0872 5704 SystemInfo:
10:51:06.0872 5704
10:51:06.0872 5704 OS Version: 6.1.7600 ServicePack: 0.0
10:51:06.0872 5704 Product type: Workstation
10:51:06.0872 5704 ComputerName: TOSHIBA-PC
10:51:06.0882 5704 UserName: toshiba
10:51:06.0882 5704 Windows directory: C:\windows
10:51:06.0882 5704 System windows directory: C:\windows
10:51:06.0882 5704 Processor architecture: Intel x86
10:51:06.0882 5704 Number of processors: 2
10:51:06.0882 5704 Page size: 0x1000
10:51:06.0882 5704 Boot type: Normal boot
10:51:06.0882 5704 ============================================================
10:51:08.0257 5704 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:51:08.0257 5704 ============================================================
10:51:08.0257 5704 \Device\Harddisk0\DR0:
10:51:08.0257 5704 MBR partitions:
10:51:08.0257 5704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1242D800
10:51:08.0288 5704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1271C800, BlocksNum 0x8CA0000
10:51:08.0304 5704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B3BD000, BlocksNum 0x955A000
10:51:08.0304 5704 ============================================================
10:51:08.0350 5704 C: <-> \Device\Harddisk0\DR0\Partition0
10:51:08.0380 5704 E: <-> \Device\Harddisk0\DR0\Partition1
10:51:08.0410 5704 F: <-> \Device\Harddisk0\DR0\Partition2
10:51:08.0410 5704 ============================================================
10:51:08.0410 5704 Initialize success
10:51:08.0410 5704 ============================================================
10:51:11.0120 5880 ============================================================
10:51:11.0120 5880 Scan started
10:51:11.0120 5880 Mode: Manual;
10:51:11.0120 5880 ============================================================
10:51:12.0747 5880 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
10:51:12.0747 5880 1394ohci - ok
10:51:12.0817 5880 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
10:51:12.0817 5880 ACPI - ok
10:51:12.0867 5880 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
10:51:12.0867 5880 AcpiPmi - ok
10:51:12.0947 5880 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
10:51:12.0957 5880 adp94xx - ok
10:51:12.0997 5880 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
10:51:13.0007 5880 adpahci - ok
10:51:13.0057 5880 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
10:51:13.0057 5880 adpu320 - ok
10:51:13.0107 5880 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
10:51:13.0107 5880 AeLookupSvc - ok
10:51:13.0187 5880 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
10:51:13.0187 5880 AFD - ok
10:51:13.0227 5880 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
10:51:13.0227 5880 agp440 - ok
10:51:13.0297 5880 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
10:51:13.0307 5880 aic78xx - ok
10:51:13.0357 5880 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
10:51:13.0367 5880 ALG - ok
10:51:13.0427 5880 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
10:51:13.0427 5880 aliide - ok
10:51:13.0497 5880 AMD External Events Utility (3e158a239992177c895458d9457a8859) C:\windows\system32\atiesrxx.exe
10:51:13.0497 5880 AMD External Events Utility - ok
10:51:13.0517 5880 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
10:51:13.0517 5880 amdagp - ok
10:51:13.0547 5880 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
10:51:13.0547 5880 amdide - ok
10:51:13.0577 5880 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
10:51:13.0577 5880 AmdK8 - ok
10:51:14.0047 5880 amdkmdag (4ac9456b06b5cf56aad4c547dd3df553) C:\windows\system32\DRIVERS\atipmdag.sys
10:51:14.0197 5880 amdkmdag - ok
10:51:14.0367 5880 amdkmdap (a9db7f34f76bef9c97f3574058ffca92) C:\windows\system32\DRIVERS\atikmpag.sys
10:51:14.0367 5880 amdkmdap - ok
10:51:14.0437 5880 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
10:51:14.0437 5880 AmdPPM - ok
10:51:14.0487 5880 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
10:51:14.0497 5880 amdsata - ok
10:51:14.0537 5880 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
10:51:14.0537 5880 amdsbs - ok
10:51:14.0557 5880 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
10:51:14.0577 5880 amdxata - ok
10:51:14.0617 5880 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
10:51:14.0617 5880 AppID - ok
10:51:14.0678 5880 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
10:51:14.0678 5880 AppIDSvc - ok
10:51:14.0708 5880 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll
10:51:14.0708 5880 Appinfo - ok
10:51:14.0829 5880 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:51:14.0829 5880 Apple Mobile Device - ok
10:51:14.0907 5880 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
10:51:14.0907 5880 arc - ok
10:51:14.0927 5880 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
10:51:14.0927 5880 arcsas - ok
10:51:14.0967 5880 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
10:51:14.0967 5880 AsyncMac - ok
10:51:14.0997 5880 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
10:51:15.0007 5880 atapi - ok
10:51:15.0167 5880 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys
10:51:15.0197 5880 athr - ok
10:51:15.0257 5880 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
10:51:15.0257 5880 AtiPcie - ok
10:51:15.0357 5880 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
10:51:15.0367 5880 AudioEndpointBuilder - ok
10:51:15.0377 5880 Audiosrv (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
10:51:15.0387 5880 Audiosrv - ok
10:51:15.0427 5880 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll
10:51:15.0427 5880 AxInstSV - ok
10:51:15.0507 5880 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
10:51:15.0517 5880 b06bdrv - ok
10:51:15.0577 5880 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
10:51:15.0597 5880 b57nd60x - ok
10:51:15.0847 5880 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
10:51:15.0847 5880 BBSvc - ok
10:51:15.0977 5880 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
10:51:16.0027 5880 BBUpdate - ok
10:51:16.0067 5880 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
10:51:16.0067 5880 BDESVC - ok
10:51:16.0127 5880 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
10:51:16.0127 5880 Beep - ok
10:51:16.0217 5880 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\windows\System32\bfe.dll
10:51:16.0227 5880 BFE - ok
10:51:16.0297 5880 BITS (53f476476f55a27f580661bde09c4ec4) C:\windows\system32\qmgr.dll
10:51:16.0317 5880 BITS - ok
10:51:16.0337 5880 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
10:51:16.0337 5880 blbdrive - ok
10:51:16.0497 5880 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:51:16.0507 5880 Bonjour Service - ok
10:51:16.0557 5880 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
10:51:16.0557 5880 bowser - ok
10:51:16.0587 5880 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
10:51:16.0587 5880 BrFiltLo - ok
10:51:16.0597 5880 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
10:51:16.0597 5880 BrFiltUp - ok
10:51:16.0697 5880 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
10:51:16.0697 5880 BridgeMP - ok
10:51:16.0767 5880 Browser (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll
10:51:16.0767 5880 Browser - ok
10:51:16.0827 5880 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
10:51:16.0827 5880 Brserid - ok
10:51:16.0847 5880 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
10:51:16.0847 5880 BrSerWdm - ok
10:51:16.0857 5880 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
10:51:16.0857 5880 BrUsbMdm - ok
10:51:16.0877 5880 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
10:51:16.0877 5880 BrUsbSer - ok
10:51:16.0887 5880 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
10:51:16.0887 5880 BTHMODEM - ok
10:51:16.0947 5880 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
10:51:16.0957 5880 bthserv - ok
10:51:17.0167 5880 catchme - ok
10:51:17.0217 5880 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
10:51:17.0217 5880 cdfs - ok
10:51:17.0287 5880 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
10:51:17.0287 5880 cdrom - ok
10:51:17.0377 5880 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
10:51:17.0377 5880 CertPropSvc - ok
10:51:17.0547 5880 cfWiMAXService (3653fd7871e8b5b92e9c3e2945bd293d) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
10:51:17.0547 5880 cfWiMAXService - ok
10:51:17.0607 5880 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
10:51:17.0607 5880 circlass - ok
10:51:17.0647 5880 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
10:51:17.0657 5880 CLFS - ok
10:51:17.0757 5880 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:51:17.0757 5880 clr_optimization_v2.0.50727_32 - ok
10:51:17.0887 5880 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:51:17.0907 5880 clr_optimization_v4.0.30319_32 - ok
10:51:17.0937 5880 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
10:51:17.0937 5880 CmBatt - ok
10:51:17.0967 5880 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
10:51:17.0977 5880 cmdide - ok
10:51:18.0037 5880 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys
10:51:18.0047 5880 CNG - ok
10:51:18.0147 5880 CnxtHdAudService (c2fa222ac9db9463f801451ff65ecbe8) C:\windows\system32\drivers\CHDRT32.sys
10:51:18.0157 5880 CnxtHdAudService - ok
10:51:18.0207 5880 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
10:51:18.0207 5880 Compbatt - ok
10:51:18.0247 5880 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
10:51:18.0257 5880 CompositeBus - ok
10:51:18.0277 5880 COMSysApp - ok
10:51:18.0427 5880 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
10:51:18.0427 5880 ConfigFree Service - ok
10:51:18.0457 5880 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
10:51:18.0457 5880 crcdisk - ok
10:51:18.0537 5880 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\windows\system32\cryptsvc.dll
10:51:18.0537 5880 CryptSvc - ok
10:51:18.0607 5880 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
10:51:18.0627 5880 DcomLaunch - ok
10:51:18.0667 5880 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
10:51:18.0677 5880 defragsvc - ok
10:51:18.0737 5880 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
10:51:18.0747 5880 DfsC - ok
10:51:18.0817 5880 Dhcp (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll
10:51:18.0827 5880 Dhcp - ok
10:51:18.0847 5880 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
10:51:18.0857 5880 discache - ok
10:51:18.0917 5880 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
10:51:18.0917 5880 Disk - ok
10:51:18.0967 5880 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll
10:51:18.0967 5880 Dnscache - ok
10:51:19.0007 5880 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll
10:51:19.0017 5880 dot3svc - ok
10:51:19.0047 5880 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll
10:51:19.0047 5880 DPS - ok
10:51:19.0107 5880 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
10:51:19.0107 5880 drmkaud - ok
10:51:19.0197 5880 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
10:51:19.0207 5880 DXGKrnl - ok
10:51:19.0277 5880 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
10:51:19.0287 5880 EapHost - ok
10:51:19.0688 5880 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
10:51:19.0798 5880 ebdrv - ok
10:51:19.0918 5880 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe
10:51:19.0918 5880 EFS - ok
10:51:20.0028 5880 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
10:51:20.0038 5880 elxstor - ok
10:51:20.0048 5880 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
10:51:20.0048 5880 ErrDev - ok
10:51:20.0138 5880 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
10:51:20.0148 5880 EventSystem - ok
10:51:20.0178 5880 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
10:51:20.0188 5880 exfat - ok
10:51:20.0218 5880 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
10:51:20.0218 5880 fastfat - ok
10:51:20.0318 5880 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe
10:51:20.0338 5880 Fax - ok
10:51:20.0358 5880 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
10:51:20.0358 5880 fdc - ok
10:51:20.0378 5880 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
10:51:20.0378 5880 fdPHost - ok
10:51:20.0408 5880 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
10:51:20.0408 5880 FDResPub - ok
10:51:20.0428 5880 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
10:51:20.0428 5880 FileInfo - ok
10:51:20.0458 5880 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
10:51:20.0458 5880 Filetrace - ok
10:51:20.0488 5880 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
10:51:20.0488 5880 flpydisk - ok
10:51:20.0548 5880 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
10:51:20.0558 5880 FltMgr - ok
10:51:20.0668 5880 FontCache (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll
10:51:20.0678 5880 FontCache - ok
10:51:20.0738 5880 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:51:20.0748 5880 FontCache3.0.0.0 - ok
10:51:20.0778 5880 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
10:51:20.0778 5880 FsDepends - ok
10:51:20.0808 5880 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys
10:51:20.0808 5880 Fs_Rec - ok
10:51:20.0868 5880 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
10:51:20.0868 5880 fvevol - ok
10:51:20.0918 5880 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\windows\system32\DRIVERS\FwLnk.sys
10:51:20.0918 5880 FwLnk - ok
10:51:20.0978 5880 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
10:51:20.0978 5880 gagp30kx - ok
10:51:21.0028 5880 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
10:51:21.0028 5880 GEARAspiWDM - ok
10:51:21.0108 5880 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll
10:51:21.0118 5880 gpsvc - ok
10:51:21.0258 5880 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:51:21.0268 5880 gupdate - ok
10:51:21.0288 5880 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:51:21.0298 5880 gupdatem - ok
10:51:21.0348 5880 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:51:21.0358 5880 gusvc - ok
10:51:21.0398 5880 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
10:51:21.0398 5880 hcw85cir - ok
10:51:21.0458 5880 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
10:51:21.0458 5880 HdAudAddService - ok
10:51:21.0498 5880 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
10:51:21.0498 5880 HDAudBus - ok
10:51:21.0514 5880 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
10:51:21.0514 5880 HidBatt - ok
10:51:21.0561 5880 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
10:51:21.0561 5880 HidBth - ok
10:51:21.0592 5880 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
10:51:21.0592 5880 HidIr - ok
10:51:21.0639 5880 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
10:51:21.0639 5880 hidserv - ok
10:51:21.0704 5880 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
10:51:21.0704 5880 HidUsb - ok
10:51:21.0744 5880 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll
10:51:21.0744 5880 hkmsvc - ok
10:51:21.0774 5880 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll
10:51:21.0784 5880 HomeGroupListener - ok
10:51:21.0824 5880 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll
10:51:21.0824 5880 HomeGroupProvider - ok
10:51:21.0874 5880 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
10:51:21.0884 5880 HpSAMD - ok
10:51:21.0964 5880 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
10:51:21.0974 5880 HTTP - ok
10:51:22.0004 5880 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
10:51:22.0004 5880 hwpolicy - ok
10:51:22.0054 5880 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
10:51:22.0054 5880 i8042prt - ok
10:51:22.0134 5880 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
10:51:22.0144 5880 iaStorV - ok
10:51:22.0294 5880 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:51:22.0304 5880 idsvc - ok
10:51:22.0374 5880 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
10:51:22.0384 5880 iirsp - ok
10:51:22.0504 5880 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll
10:51:23.0274 5880 IKEEXT - ok
10:51:23.0314 5880 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
10:51:23.0314 5880 intelide - ok
10:51:23.0354 5880 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
10:51:23.0354 5880 intelppm - ok
10:51:23.0394 5880 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
10:51:23.0404 5880 IPBusEnum - ok
10:51:23.0434 5880 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:51:23.0444 5880 IpFilterDriver - ok
10:51:23.0544 5880 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\windows\System32\iphlpsvc.dll
10:51:23.0554 5880 iphlpsvc - ok
10:51:23.0574 5880 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
10:51:23.0574 5880 IPMIDRV - ok
10:51:23.0594 5880 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
10:51:23.0594 5880 IPNAT - ok
10:51:23.0761 5880 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
10:51:23.0792 5880 iPod Service - ok
10:51:23.0833 5880 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
10:51:23.0833 5880 IRENUM - ok
10:51:23.0853 5880 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
10:51:23.0853 5880 isapnp - ok
10:51:23.0893 5880 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
10:51:23.0903 5880 iScsiPrt - ok
10:51:23.0963 5880 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
10:51:23.0963 5880 kbdclass - ok
10:51:24.0013 5880 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
10:51:24.0013 5880 kbdhid - ok
10:51:24.0033 5880 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
10:51:24.0043 5880 KeyIso - ok
10:51:24.0073 5880 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
10:51:24.0073 5880 KSecDD - ok
10:51:24.0103 5880 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys
10:51:24.0123 5880 KSecPkg - ok
10:51:24.0183 5880 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
10:51:24.0193 5880 KtmRm - ok
10:51:24.0253 5880 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\windows\system32\DRIVERS\L1C62x86.sys
10:51:24.0253 5880 L1C - ok
10:51:24.0343 5880 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\windows\System32\srvsvc.dll
10:51:24.0343 5880 LanmanServer - ok
10:51:24.0393 5880 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll
10:51:24.0393 5880 LanmanWorkstation - ok
10:51:24.0463 5880 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
10:51:24.0463 5880 lltdio - ok
10:51:24.0503 5880 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
10:51:24.0513 5880 lltdsvc - ok
10:51:24.0533 5880 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
10:51:24.0533 5880 lmhosts - ok
10:51:24.0593 5880 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
10:51:24.0593 5880 LSI_FC - ok
10:51:24.0613 5880 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
10:51:24.0613 5880 LSI_SAS - ok
10:51:24.0633 5880 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
10:51:24.0633 5880 LSI_SAS2 - ok
10:51:24.0653 5880 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
10:51:24.0653 5880 LSI_SCSI - ok
10:51:24.0703 5880 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
10:51:24.0703 5880 luafv - ok
10:51:24.0763 5880 massfilter (79ec6c0033776f89dd5131241f0170e1) C:\windows\system32\drivers\massfilter.sys
10:51:24.0763 5880 massfilter - ok
10:51:24.0803 5880 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
10:51:24.0813 5880 megasas - ok
10:51:24.0843 5880 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
10:51:24.0853 5880 MegaSR - ok
10:51:24.0893 5880 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
10:51:24.0903 5880 MMCSS - ok
10:51:24.0913 5880 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
10:51:24.0923 5880 Modem - ok
10:51:24.0963 5880 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
10:51:24.0963 5880 monitor - ok
10:51:25.0003 5880 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
10:51:25.0003 5880 mouclass - ok
10:51:25.0033 5880 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
10:51:25.0043 5880 mouhid - ok
10:51:25.0063 5880 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
10:51:25.0063 5880 mountmgr - ok
10:51:25.0143 5880 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\windows\system32\DRIVERS\MpFilter.sys
10:51:25.0143 5880 MpFilter - ok
10:51:25.0193 5880 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
10:51:25.0193 5880 mpio - ok
10:51:25.0223 5880 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
10:51:25.0223 5880 mpsdrv - ok
10:51:25.0563 5880 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\windows\system32\mpssvc.dll
10:51:25.0593 5880 MpsSvc - ok
10:51:25.0894 5880 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
10:51:25.0904 5880 MRxDAV - ok
10:51:26.0174 5880 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
10:51:26.0184 5880 mrxsmb - ok
10:51:26.0244 5880 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
10:51:26.0254 5880 mrxsmb10 - ok
10:51:26.0294 5880 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
10:51:26.0294 5880 mrxsmb20 - ok
10:51:26.0324 5880 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
10:51:26.0324 5880 msahci - ok
10:51:26.0354 5880 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
10:51:26.0354 5880 msdsm - ok
10:51:26.0384 5880 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
10:51:26.0394 5880 MSDTC - ok
10:51:26.0444 5880 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
10:51:26.0454 5880 Msfs - ok
10:51:26.0484 5880 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
10:51:26.0484 5880 mshidkmdf - ok
10:51:26.0504 5880 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
10:51:26.0504 5880 msisadrv - ok
10:51:26.0544 5880 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
10:51:26.0554 5880 MSiSCSI - ok
10:51:26.0554 5880 msiserver - ok
10:51:26.0614 5880 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
10:51:26.0614 5880 MSKSSRV - ok
10:51:26.0794 5880 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:51:26.0794 5880 MsMpSvc - ok
10:51:26.0844 5880 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
10:51:26.0854 5880 MSPCLOCK - ok
10:51:26.0874 5880 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
10:51:26.0874 5880 MSPQM - ok
10:51:26.0904 5880 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
10:51:26.0904 5880 MsRPC - ok
10:51:26.0934 5880 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
10:51:26.0934 5880 mssmbios - ok
10:51:26.0984 5880 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
10:51:26.0984 5880 MSTEE - ok
10:51:26.0994 5880 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
10:51:26.0994 5880 MTConfig - ok
10:51:27.0024 5880 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
10:51:27.0024 5880 Mup - ok
10:51:27.0074 5880 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll
10:51:27.0084 5880 napagent - ok
10:51:27.0164 5880 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
10:51:27.0174 5880 NativeWifiP - ok
10:51:27.0284 5880 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
10:51:27.0304 5880 NDIS - ok
10:51:27.0344 5880 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
10:51:27.0354 5880 NdisCap - ok
10:51:27.0404 5880 NdisLwf (f71a53ae42438bfd119790f3e8b455a6) C:\windows\system32\DRIVERS\ndislwf.sys
10:51:27.0404 5880 NdisLwf - ok
10:51:27.0444 5880 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
10:51:27.0444 5880 NdisTapi - ok
10:51:27.0464 5880 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
10:51:27.0464 5880 Ndisuio - ok
10:51:27.0504 5880 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
10:51:27.0514 5880 NdisWan - ok
10:51:27.0534 5880 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
10:51:27.0534 5880 NDProxy - ok
10:51:27.0584 5880 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
10:51:27.0584 5880 NetBIOS - ok
10:51:27.0614 5880 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
10:51:27.0624 5880 NetBT - ok
10:51:27.0664 5880 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
10:51:27.0664 5880 Netlogon - ok
10:51:27.0744 5880 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
10:51:27.0754 5880 Netman - ok
10:51:27.0804 5880 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
10:51:27.0814 5880 netprofm - ok
10:51:27.0884 5880 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:51:27.0884 5880 NetTcpPortSharing - ok
10:51:27.0954 5880 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
10:51:27.0964 5880 nfrd960 - ok
10:51:28.0024 5880 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\windows\system32\DRIVERS\NisDrvWFP.sys
10:51:28.0034 5880 NisDrv - ok
10:51:28.0164 5880 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
10:51:28.0174 5880 NisSrv - ok
10:51:28.0224 5880 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll
10:51:28.0234 5880 NlaSvc - ok
10:51:28.0254 5880 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
10:51:28.0254 5880 Npfs - ok
10:51:28.0284 5880 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
10:51:28.0294 5880 nsi - ok
10:51:28.0304 5880 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
10:51:28.0314 5880 nsiproxy - ok
10:51:28.0474 5880 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
10:51:28.0494 5880 Ntfs - ok
10:51:28.0524 5880 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
10:51:28.0524 5880 Null - ok
10:51:28.0554 5880 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
10:51:28.0564 5880 nvraid - ok
10:51:28.0604 5880 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
10:51:28.0614 5880 nvstor - ok
10:51:28.0644 5880 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
10:51:28.0644 5880 nv_agp - ok
10:51:28.0814 5880 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:51:28.0824 5880 odserv - ok
10:51:28.0864 5880 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
10:51:28.0864 5880 ohci1394 - ok
10:51:28.0924 5880 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:51:28.0924 5880 ose - ok
10:51:28.0984 5880 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
10:51:28.0994 5880 p2pimsvc - ok
10:51:29.0044 5880 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
10:51:29.0054 5880 p2psvc - ok
10:51:29.0084 5880 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
10:51:29.0094 5880 Parport - ok
10:51:29.0104 5880 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
10:51:29.0114 5880 partmgr - ok
10:51:29.0134 5880 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
10:51:29.0134 5880 Parvdm - ok
10:51:29.0174 5880 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
10:51:29.0184 5880 PcaSvc - ok
10:51:29.0214 5880 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
10:51:29.0214 5880 pci - ok
10:51:29.0254 5880 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
10:51:29.0254 5880 pciide - ok
10:51:29.0304 5880 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
10:51:29.0304 5880 pcmcia - ok
10:51:29.0334 5880 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
10:51:29.0334 5880 pcw - ok
10:51:29.0424 5880 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
10:51:29.0434 5880 PEAUTH - ok
10:51:29.0494 5880 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
10:51:29.0494 5880 PGEffect - ok
10:51:29.0674 5880 pla (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll
10:51:29.0714 5880 pla - ok
10:51:29.0914 5880 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll
10:51:29.0924 5880 PlugPlay - ok
10:51:29.0954 5880 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
10:51:29.0964 5880 PNRPAutoReg - ok
10:51:30.0004 5880 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
10:51:30.0014 5880 PNRPsvc - ok
10:51:30.0074 5880 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll
10:51:30.0084 5880 PolicyAgent - ok
10:51:30.0124 5880 Power (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll
10:51:30.0134 5880 Power - ok
10:51:30.0214 5880 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
10:51:30.0214 5880 PptpMiniport - ok
10:51:30.0244 5880 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
10:51:30.0254 5880 Processor - ok
10:51:30.0304 5880 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\windows\system32\profsvc.dll
10:51:30.0314 5880 ProfSvc - ok
10:51:30.0334 5880 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
10:51:30.0344 5880 ProtectedStorage - ok
10:51:30.0484 5880 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
10:51:30.0554 5880 Psched - ok
10:51:31.0714 5880 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
10:51:31.0794 5880 ql2300 - ok
10:51:32.0154 5880 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
10:51:32.0154 5880 ql40xx - ok
10:51:32.0244 5880 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
10:51:32.0254 5880 QWAVE - ok
10:51:32.0314 5880 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
10:51:32.0314 5880 QWAVEdrv - ok
10:51:32.0324 5880 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
10:51:32.0324 5880 RasAcd - ok
10:51:32.0384 5880 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
10:51:32.0384 5880 RasAgileVpn - ok
10:51:32.0424 5880 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
10:51:32.0434 5880 RasAuto - ok
10:51:32.0474 5880 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
10:51:32.0474 5880 Rasl2tp - ok
10:51:32.0554 5880 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll
10:51:32.0564 5880 RasMan - ok
10:51:32.0614 5880 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
10:51:32.0624 5880 RasPppoe - ok
10:51:32.0664 5880 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
10:51:32.0664 5880 RasSstp - ok
10:51:32.0715 5880 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
10:51:32.0715 5880 rdbss - ok
10:51:32.0745 5880 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
10:51:32.0745 5880 rdpbus - ok
10:51:32.0775 5880 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
10:51:32.0775 5880 RDPCDD - ok
10:51:32.0815 5880 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
10:51:32.0815 5880 RDPENCDD - ok
10:51:32.0855 5880 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
10:51:32.0855 5880 RDPREFMP - ok
10:51:32.0895 5880 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\windows\system32\drivers\RDPWD.sys
10:51:32.0905 5880 RDPWD - ok
10:51:32.0965 5880 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
10:51:32.0965 5880 rdyboost - ok
10:51:33.0005 5880 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
10:51:33.0015 5880 RemoteAccess - ok
10:51:33.0065 5880 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
10:51:33.0075 5880 RemoteRegistry - ok
10:51:33.0125 5880 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
10:51:33.0135 5880 RpcEptMapper - ok
10:51:33.0165 5880 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
10:51:33.0175 5880 RpcLocator - ok
10:51:33.0235 5880 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
10:51:33.0245 5880 RpcSs - ok
10:51:33.0335 5880 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
10:51:33.0335 5880 rspndr - ok
10:51:33.0405 5880 RSUSBSTOR (b87f999e05dd9c0312c83a8752e8e66b) C:\windows\system32\Drivers\RtsUStor.sys
10:51:33.0415 5880 RSUSBSTOR - ok
10:51:33.0435 5880 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
10:51:33.0445 5880 SamSs - ok
10:51:33.0485 5880 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
10:51:33.0485 5880 sbp2port - ok
10:51:33.0535 5880 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
10:51:33.0545 5880 SCardSvr - ok
10:51:33.0555 5880 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
10:51:33.0555 5880 scfilter - ok
10:51:33.0665 5880 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll
10:51:33.0705 5880 Schedule - ok
10:51:33.0745 5880 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
10:51:33.0745 5880 SCPolicySvc - ok
10:51:33.0815 5880 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll
10:51:33.0825 5880 SDRSVC - ok
10:51:33.0865 5880 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
10:51:33.0865 5880 secdrv - ok
10:51:33.0905 5880 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
10:51:33.0905 5880 seclogon - ok
10:51:33.0935 5880 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
10:51:33.0935 5880 SENS - ok
10:51:33.0965 5880 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
10:51:33.0965 5880 SensrSvc - ok
10:51:33.0985 5880 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
10:51:33.0985 5880 Serenum - ok
10:51:34.0005 5880 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
10:51:34.0015 5880 Serial - ok
10:51:34.0015 5880 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
10:51:34.0015 5880 sermouse - ok
10:51:34.0055 5880 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll
10:51:34.0055 5880 SessionEnv - ok
10:51:34.0225 5880 SfCtlCom (cdfdf26aa495c210112e227d453f5d87) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
10:51:34.0245 5880 SfCtlCom - ok
10:51:34.0275 5880 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
10:51:34.0275 5880 sffdisk - ok
10:51:34.0285 5880 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
10:51:34.0285 5880 sffp_mmc - ok
10:51:34.0305 5880 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
10:51:34.0305 5880 sffp_sd - ok
10:51:34.0315 5880 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
10:51:34.0315 5880 sfloppy - ok
10:51:34.0375 5880 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
10:51:34.0385 5880 SharedAccess - ok
10:51:34.0435 5880 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll
10:51:34.0445 5880 ShellHWDetection - ok
10:51:34.0475 5880 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
10:51:34.0485 5880 sisagp - ok
10:51:34.0505 5880 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
10:51:34.0515 5880 SiSRaid2 - ok
10:51:34.0525 5880 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
10:51:34.0525 5880 SiSRaid4 - ok
10:51:34.0555 5880 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
10:51:34.0555 5880 Smb - ok
10:51:34.0625 5880 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
10:51:34.0635 5880 SNMPTRAP - ok
10:51:34.0655 5880 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
10:51:34.0665 5880 spldr - ok
10:51:34.0712 5880 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe
10:51:34.0728 5880 Spooler - ok
10:51:35.0068 5880 sppsvc (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe
10:51:35.0158 5880 sppsvc - ok
10:51:35.0388 5880 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll
10:51:35.0388 5880 sppuinotify - ok
10:51:35.0478 5880 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
10:51:35.0488 5880 srv - ok
10:51:35.0538 5880 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
10:51:35.0538 5880 srv2 - ok
10:51:35.0588 5880 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
10:51:35.0598 5880 srvnet - ok
10:51:35.0638 5880 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
10:51:35.0648 5880 SSDPSRV - ok
10:51:35.0698 5880 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
10:51:35.0698 5880 SstpSvc - ok
10:51:35.0868 5880 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
10:51:35.0868 5880 stexstor - ok
10:51:35.0948 5880 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll
10:51:35.0968 5880 StiSvc - ok
10:51:35.0988 5880 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
10:51:35.0998 5880 swenum - ok
10:51:36.0048 5880 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
10:51:36.0058 5880 swprv - ok
10:51:36.0138 5880 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\windows\system32\DRIVERS\SynTP.sys
10:51:36.0138 5880 SynTP - ok
10:51:36.0278 5880 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll
10:51:36.0308 5880 SysMain - ok
10:51:36.0328 5880 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll
10:51:36.0338 5880 TabletInputService - ok
10:51:36.0438 5880 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\windows\system32\DRIVERS\taphss.sys
10:51:36.0438 5880 taphss - ok
10:51:36.0488 5880 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll
10:51:36.0498 5880 TapiSrv - ok
10:51:36.0518 5880 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
10:51:36.0528 5880 TBS - ok
10:51:36.0698 5880 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
10:51:36.0728 5880 Tcpip - ok
10:51:36.0768 5880 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
10:51:36.0788 5880 TCPIP6 - ok
10:51:36.0838 5880 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
10:51:36.0838 5880 tcpipreg - ok
10:51:36.0888 5880 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
10:51:36.0888 5880 tdcmdpst - ok
10:51:36.0908 5880 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
10:51:36.0918 5880 TDPIPE - ok
10:51:36.0958 5880 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys
10:51:36.0958 5880 TDTCP - ok
10:51:36.0978 5880 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
10:51:36.0978 5880 tdx - ok
10:51:37.0008 5880 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
10:51:37.0008 5880 TermDD - ok
10:51:37.0068 5880 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll
10:51:37.0078 5880 TermService - ok
10:51:37.0098 5880 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
10:51:37.0098 5880 Themes - ok
10:51:37.0128 5880 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
10:51:37.0128 5880 THREADORDER - ok
10:51:37.0238 5880 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
10:51:37.0248 5880 TMachInfo - ok
10:51:37.0308 5880 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\windows\system32\DRIVERS\tmactmon.sys
10:51:37.0308 5880 tmactmon - ok
10:51:37.0378 5880 TMBMServer (b365e817e398ff2ac5706eab232ef6c1) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
10:51:37.0388 5880 TMBMServer - ok
10:51:37.0428 5880 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\windows\system32\DRIVERS\tmcomm.sys
10:51:37.0428 5880 tmcomm - ok
10:51:37.0458 5880 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\windows\system32\DRIVERS\tmevtmgr.sys
10:51:37.0458 5880 tmevtmgr - ok
10:51:37.0518 5880 tmlwf (ac88b1e97a3eade322eda84e69967341) C:\windows\system32\DRIVERS\tmlwf.sys
10:51:37.0528 5880 tmlwf - ok
10:51:37.0608 5880 TmPfw (255328cf08d602368b69ff1f55ebd93e) C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
10:51:37.0618 5880 TmPfw - ok
10:51:37.0638 5880 tmpreflt (c7c7959ec0940e0eddfc881fed8ec214) C:\windows\system32\DRIVERS\tmpreflt.sys
10:51:37.0638 5880 tmpreflt - ok
10:51:37.0708 5880 TmProxy (0fec6c50b2be07c57651573cdd1c721f) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
10:51:37.0718 5880 TmProxy - ok
10:51:37.0788 5880 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\windows\system32\DRIVERS\tmtdi.sys
10:51:37.0788 5880 tmtdi - ok
10:51:37.0848 5880 tmwfp (95dc30a928f5fcee5d30a191bf058146) C:\windows\system32\DRIVERS\tmwfp.sys
10:51:37.0848 5880 tmwfp - ok
10:51:37.0888 5880 tmxpflt (3e615f370f0c7db414b6bcd1c18399d4) C:\windows\system32\DRIVERS\tmxpflt.sys
10:51:37.0888 5880 tmxpflt - ok
10:51:37.0928 5880 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\windows\system32\TODDSrv.exe
10:51:37.0938 5880 TODDSrv - ok
10:51:38.0118 5880 TosCoSrv (85edf7a274435e4df051bb23f8e01581) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
10:51:38.0128 5880 TosCoSrv - ok
10:51:38.0178 5880 TOSHIBA HDD SSD Alert Service (991e324dc137402148e01c2269632c6b) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
10:51:38.0178 5880 TOSHIBA HDD SSD Alert Service - ok
10:51:38.0258 5880 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
10:51:38.0258 5880 tos_sps32 - ok
10:51:38.0298 5880 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
10:51:38.0298 5880 TrkWks - ok
10:51:38.0368 5880 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe
10:51:38.0378 5880 TrustedInstaller - ok
10:51:38.0428 5880 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
10:51:38.0428 5880 tssecsrv - ok
10:51:38.0478 5880 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
10:51:38.0488 5880 tunnel - ok
10:51:38.0548 5880 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
10:51:38.0558 5880 TVALZ - ok
10:51:38.0588 5880 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
10:51:38.0588 5880 uagp35 - ok
10:51:38.0628 5880 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
10:51:38.0628 5880 udfs - ok
10:51:38.0808 5880 UI Assistant Service (f276b960338f0c3b97fb879dc78773ff) C:\Program Files\Metfone 3G\AssistantServices.exe
10:51:38.0808 5880 UI Assistant Service - ok
10:51:38.0858 5880 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
10:51:38.0858 5880 UI0Detect - ok
10:51:38.0908 5880 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
10:51:38.0908 5880 uliagpkx - ok
10:51:38.0928 5880 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
10:51:38.0928 5880 umbus - ok
10:51:38.0958 5880 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
10:51:38.0968 5880 UmPass - ok
10:51:39.0008 5880 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
10:51:39.0018 5880 upnphost - ok
10:51:39.0038 5880 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
10:51:39.0048 5880 USBAAPL - ok
10:51:39.0078 5880 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\windows\system32\DRIVERS\usbccgp.sys
10:51:39.0078 5880 usbccgp - ok
10:51:39.0138 5880 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
10:51:39.0138 5880 usbcir - ok
10:51:39.0178 5880 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\windows\system32\DRIVERS\usbehci.sys
10:51:39.0178 5880 usbehci - ok
10:51:39.0248 5880 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\windows\system32\DRIVERS\usbhub.sys
10:51:39.0248 5880 usbhub - ok
10:51:39.0288 5880 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\windows\system32\DRIVERS\usbohci.sys
10:51:39.0288 5880 usbohci - ok
10:51:39.0318 5880 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
10:51:39.0318 5880 usbprint - ok
10:51:39.0348 5880 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:51:39.0358 5880 USBSTOR - ok
10:51:39.0398 5880 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\windows\system32\drivers\usbuhci.sys
10:51:39.0398 5880 usbuhci - ok
10:51:39.0468 5880 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
10:51:39.0478 5880 usbvideo - ok
10:51:39.0508 5880 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
10:51:39.0518 5880 UxSms - ok
10:51:39.0548 5880 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
10:51:39.0558 5880 VaultSvc - ok
10:51:39.0588 5880 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
10:51:39.0598 5880 vdrvroot - ok
10:51:39.0658 5880 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe
10:51:39.0678 5880 vds - ok
10:51:39.0728 5880 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
10:51:39.0738 5880 vga - ok
10:51:39.0748 5880 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
10:51:39.0758 5880 VgaSave - ok
10:51:39.0778 5880 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
10:51:39.0778 5880 vhdmp - ok
10:51:39.0838 5880 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
10:51:39.0838 5880 viaagp - ok
10:51:39.0848 5880 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
10:51:39.0858 5880 ViaC7 - ok
10:51:39.0868 5880 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
10:51:39.0868 5880 viaide - ok
10:51:39.0888 5880 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
10:51:39.0898 5880 volmgr - ok
10:51:39.0938 5880 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
10:51:39.0948 5880 volmgrx - ok
10:51:40.0008 5880 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
10:51:40.0018 5880 volsnap - ok
10:51:40.0178 5880 vsapint (60dfbc34228ca36221b03460789f5d4e) C:\windows\system32\DRIVERS\vsapint.sys
10:51:40.0208 5880 vsapint - ok
10:51:40.0278 5880 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
10:51:40.0288 5880 vsmraid - ok
10:51:40.0408 5880 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe
10:51:40.0438 5880 VSS - ok
10:51:40.0468 5880 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
10:51:40.0468 5880 vwifibus - ok
10:51:40.0518 5880 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
10:51:40.0528 5880 vwififlt - ok
10:51:40.0578 5880 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
10:51:40.0588 5880 W32Time - ok
10:51:40.0638 5880 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
10:51:40.0638 5880 WacomPen - ok
10:51:40.0678 5880 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
10:51:40.0678 5880 WANARP - ok
10:51:40.0689 5880 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
10:51:40.0689 5880 Wanarpv6 - ok
10:51:40.0849 5880 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe
10:51:40.0889 5880 wbengine - ok
10:51:41.0079 5880 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
10:51:41.0089 5880 WbioSrvc - ok
10:51:41.0139 5880 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll
10:51:41.0149 5880 wcncsvc - ok
10:51:41.0179 5880 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
10:51:41.0189 5880 WcsPlugInService - ok
10:51:41.0239 5880 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
10:51:41.0239 5880 Wd - ok
10:51:41.0319 5880 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
10:51:41.0329 5880 Wdf01000 - ok
10:51:41.0379 5880 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
10:51:41.0379 5880 WdiServiceHost - ok
10:51:41.0389 5880 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
10:51:41.0399 5880 WdiSystemHost - ok
10:51:41.0449 5880 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll
10:51:41.0459 5880 WebClient - ok
10:51:41.0509 5880 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
10:51:41.0519 5880 Wecsvc - ok
10:51:41.0549 5880 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
10:51:41.0549 5880 wercplsupport - ok
10:51:41.0589 5880 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
10:51:41.0599 5880 WerSvc - ok
10:51:41.0629 5880 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
10:51:41.0629 5880 WfpLwf - ok
10:51:41.0659 5880 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
10:51:41.0659 5880 WIMMount - ok
10:51:41.0819 5880 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:51:41.0839 5880 WinDefend - ok
10:51:41.0859 5880 WinHttpAutoProxySvc - ok
10:51:41.0929 5880 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
10:51:41.0939 5880 Winmgmt - ok
10:51:42.0079 5880 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll
10:51:42.0109 5880 WinRM - ok
10:51:42.0209 5880 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
10:51:42.0219 5880 WinUsb - ok
10:51:42.0319 5880 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
10:51:42.0349 5880 Wlansvc - ok
10:51:42.0599 5880 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:51:42.0639 5880 wlidsvc - ok
10:51:42.0789 5880 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
10:51:42.0789 5880 WmiAcpi - ok
10:51:42.0859 5880 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
10:51:42.0869 5880 wmiApSrv - ok
10:51:43.0079 5880 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:51:43.0099 5880 WMPNetworkSvc - ok
10:51:43.0139 5880 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
10:51:43.0149 5880 WPCSvc - ok
10:51:43.0179 5880 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll
10:51:43.0189 5880 WPDBusEnum - ok
10:51:43.0249 5880 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
10:51:43.0249 5880 ws2ifsl - ok
10:51:43.0299 5880 wscsvc (a661a76333057b383a06e65f0073222f) C:\windows\system32\wscsvc.dll
10:51:43.0309 5880 wscsvc - ok
10:51:43.0309 5880 WSearch - ok
10:51:43.0529 5880 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\windows\system32\wuaueng.dll
10:51:43.0569 5880 wuauserv - ok
10:51:43.0707 5880 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
10:51:43.0707 5880 WudfPf - ok
10:51:43.0768 5880 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
10:51:43.0768 5880 WUDFRd - ok
10:51:43.0808 5880 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll
10:51:43.0818 5880 wudfsvc - ok
10:51:43.0848 5880 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
10:51:43.0858 5880 WwanSvc - ok
10:51:43.0928 5880 ZTEusbmdm6k (f6520e06c15dea5ab7bb016309fe4bb3) C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
10:51:43.0938 5880 ZTEusbmdm6k - ok
10:51:43.0988 5880 ZTEusbnmea (f6520e06c15dea5ab7bb016309fe4bb3) C:\windows\system32\DRIVERS\ZTEusbnmea.sys
10:51:44.0008 5880 ZTEusbnmea - ok
10:51:44.0048 5880 ZTEusbser6k (f6520e06c15dea5ab7bb016309fe4bb3) C:\windows\system32\DRIVERS\ZTEusbser6k.sys
10:51:44.0058 5880 ZTEusbser6k - ok
10:51:44.0098 5880 ZTEusbvoice (f6520e06c15dea5ab7bb016309fe4bb3) C:\windows\system32\DRIVERS\ZTEusbvoice.sys
10:51:44.0098 5880 ZTEusbvoice - ok
10:51:44.0138 5880 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
10:51:44.0198 5880 \Device\Harddisk0\DR0 - ok
10:51:44.0218 5880 Boot (0x1200) (3e404ea638a611d3f02d6de81dd571b6) \Device\Harddisk0\DR0\Partition0
10:51:44.0218 5880 \Device\Harddisk0\DR0\Partition0 - ok
10:51:44.0248 5880 Boot (0x1200) (bf74f58b9e51f050e36c65d02441b251) \Device\Harddisk0\DR0\Partition1
10:51:44.0248 5880 \Device\Harddisk0\DR0\Partition1 - ok
10:51:44.0278 5880 Boot (0x1200) (039d981fafe3364bd646373e310d3aea) \Device\Harddisk0\DR0\Partition2
10:51:44.0278 5880 \Device\Harddisk0\DR0\Partition2 - ok
10:51:44.0278 5880 ============================================================
10:51:44.0278 5880 Scan finished
10:51:44.0278 5880 ============================================================
10:51:44.0308 2012 Detected object count: 0
10:51:44.0308 2012 Actual detected object count: 0

aswMBR scan:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 10:54:14
-----------------------------
10:54:14.942 OS Version: Windows 6.1.7600
10:54:14.942 Number of processors: 2 586 0x603
10:54:14.942 ComputerName: TOSHIBA-PC UserName: toshiba
10:54:53.837 Initialize success
11:13:51.172 AVAST engine defs: 12050701
11:14:02.030 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:14:02.030 Disk 0 Vendor: TOSHIBA_MK3265GSX GJ003M Size: 305245MB BusType: 11
11:14:02.077 Disk 0 MBR read successfully
11:14:02.077 Disk 0 MBR scan
11:14:02.124 Disk 0 Windows VISTA default MBR code
11:14:02.124 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:14:02.155 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149595 MB offset 3074048
11:14:02.170 Disk 0 Partition - 00 0F Extended LBA 148470 MB offset 309444608
11:14:02.202 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 5679 MB offset 613511168
11:14:02.248 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 72000 MB offset 309446656
11:14:02.264 Disk 0 Partition - 00 05 Extended 76469 MB offset 456902656
11:14:02.295 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 76468 MB offset 456904704
11:14:02.342 Disk 0 scanning sectors +625141760
11:14:02.436 Disk 0 scanning C:\windows\system32\drivers
11:14:14.108 Service scanning
11:14:59.863 Modules scanning
11:15:16.758 Disk 0 trace - called modules:
11:15:16.774
11:15:17.850 AVAST engine scan C:\windows
11:15:21.594 AVAST engine scan C:\windows\system32
11:18:32.817 AVAST engine scan C:\windows\system32\drivers
11:18:48.012 AVAST engine scan C:\Users\toshiba
11:47:00.564 AVAST engine scan C:\ProgramData
11:47:40.500 Scan finished successfully
11:48:06.864 Disk 0 MBR has been saved successfully to "C:\Users\toshiba\Desktop\MBR.dat"
11:48:06.879 The log file has been saved successfully to "C:\Users\toshiba\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 PM

Posted 08 May 2012 - 08:09 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\toshiba\AppData\Local\Conduit
c:\programdata\hsswpr
c:\program files\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 problemcomputer2012

problemcomputer2012
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 08 May 2012 - 09:06 AM

Problem: I forgot to turn off the virus scan, so I needed to stop it the first time, turn off the virus scan and then run it again.

And my computer is still the same. Every time I open a folder, the computer will restart.

ComboFix report after running CFScript:

ComboFix 12-05-08.01 - toshiba 2/05/08 周二 21:51:56.2.2 - x86
Microsoft Windows 7 家庭普通版 6.1.7600.0.936.86.2052.18.1787.1273 [GMT 8:00]
执行位置: c:\users\toshiba\Desktop\ComboFix.exe
Command switches used :: c:\users\toshiba\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: 趋势科技网络安全专家 *Disabled/Outdated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: 趋势科技个人防火墙 *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: 趋势科技网络安全专家 *Disabled/Outdated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_18be.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\TaskScheduler.exe
c:\program files\Ask.com\UpdateTask.exe
c:\programdata\hsswpr
c:\programdata\hsswpr\hssuninst.dat
c:\users\toshiba\AppData\Local\Conduit
c:\users\toshiba\AppData\Local\Conduit\CT3072253\uTorrentControl2AutoUpdateHelper.exe
.
.
((((((((((((((((((((((((( 2012-04-08 至 2012-05-08 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-05-08 14:00 . 2012-05-08 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 12:15 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C008FED-354B-4163-8A04-ECA80A92BEDA}\mpengine.dll
2012-05-07 05:09 . 2012-05-07 05:10 -------- d-----w- c:\programdata\SweetIM
2012-05-07 05:09 . 2012-05-07 05:10 -------- d-----w- c:\program files\SweetIM
2012-05-07 05:09 . 2012-05-07 05:09 -------- d-----w- c:\programdata\Premium
2012-05-07 05:06 . 2012-05-07 05:09 -------- d-----w- c:\programdata\ADDICT-THING
2012-05-07 05:05 . 2012-05-07 05:09 -------- d-----w- c:\programdata\InstallMate
2012-05-07 05:00 . 2012-05-07 05:00 -------- d-----w- c:\program files\Conduit
2012-05-07 05:00 . 2012-05-07 05:00 -------- d-----w- c:\users\toshiba\AppData\Local\CRE
2012-05-07 04:58 . 2012-05-07 04:58 -------- d-----w- c:\program files\uTorrent
2012-05-07 04:57 . 2012-05-07 06:52 -------- d-----w- c:\users\toshiba\AppData\Roaming\uTorrent
2012-05-06 16:00 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-13 15:41 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 15:41 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 15:41 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 15:41 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 15:41 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-13 15:41 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 07:54 . 2012-04-13 07:54 -------- d-----w- C:\UserData
2012-04-13 07:11 . 2011-03-26 02:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys
2012-04-13 07:11 . 2011-03-26 02:37 126976 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2012-04-13 07:11 . 2011-03-26 02:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-04-13 07:11 . 2011-03-26 02:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext2.sys
2012-04-13 07:11 . 2011-03-26 02:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext.sys
2012-04-13 07:11 . 2011-03-26 02:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-04-13 07:11 . 2011-03-26 02:37 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2012-04-13 07:11 . 2011-03-26 02:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-04-13 07:11 . 2012-04-13 07:11 -------- d-----w- c:\windows\system32\SupportAppCB
2012-04-13 07:11 . 2012-04-13 07:15 -------- d-----w- c:\program files\Metfone 3G
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 12:44 . 2012-03-20 12:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 12:44 . 2012-03-20 12:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-11 01:49 . 2012-03-11 01:49 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-11 01:49 . 2012-03-11 01:49 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-11 01:49 . 2012-03-11 01:49 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-11 01:49 . 2012-03-11 01:49 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-11 01:49 . 2012-03-11 01:49 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-11 01:49 . 2012-03-11 01:49 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-11 01:49 . 2012-03-11 01:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-11 01:49 . 2012-03-11 01:49 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-11 01:49 . 2012-03-11 01:49 367104 ----a-w- c:\windows\system32\html.iec
2012-03-11 01:49 . 2012-03-11 01:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-11 01:49 . 2012-03-11 01:49 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-11 01:49 . 2012-03-11 01:49 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-11 01:49 . 2012-03-11 01:49 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-11 01:49 . 2012-03-11 01:49 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-11 01:49 . 2012-03-11 01:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-11 01:49 . 2012-03-11 01:49 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-11 01:49 . 2012-03-11 01:49 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-15 05:44 . 2012-03-14 11:17 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 11:17 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 11:17 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 19:53 . 2012-02-10 19:54 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEAC0909-2175-446C-B64C-5EBB4DECF432}\gapaengine.dll
2012-02-10 05:41 . 2012-03-14 11:24 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-14 11:24 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 11:24 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 11:24 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 11:24 739840 ----a-w- c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2007-07-17 07:59 1379352 ----a-w- c:\program files\Wisdom-soft\tbWisd.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{967DE405-450A-B340-5027-4D27C7B9B9C7}]
2011-01-25 08:53 1184176 ----a-w- c:\program files\Baidu\{967DE405-450A-B340-5027-4D27C7B9B9C7}\AddressBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0B687E7-08D9-457C-8B9E-B1C1B9685215}]
2012-05-03 11:07 140800 ----a-w- c:\programdata\ADDICT-THING\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-02-19 06:46 1337648 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-24 39408]
"QQMusic"="c:\program files\Tencent\QQMusic\QQMusic.exe" [2011-08-27 411000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-10 1697064]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-19 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-31 32112]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-08 1028488]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"UIExec"="c:\program files\Metfone 3G\UIExec.exe" [2011-04-27 139088]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
.
c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google 更新服务 (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-24 135664]
R3 gupdatem;Google 更新服务 (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-24 135664]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 9216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft 网络检查;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 182304]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-10-08 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-10-08 689416]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2011-03-26 107776]
S1 NdisLwf;PandaVPN Driver;c:\windows\system32\DRIVERS\ndislwf.sys [2011-07-24 34304]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-10-08 146448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 172032]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-10-08 283152]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Metfone 3G\AssistantServices.exe [2011-04-27 261456]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 5340160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 152064]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
‘计划任务’ 文件夹 里的内容
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-24 16:29]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-24 16:29]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957738070-1683547623-2571408956-1000Core.job
- c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 03:09]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957738070-1683547623-2571408956-1000UA.job
- c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 03:09]
.
.
------- 而外的扫描 -------
.
uInternet Settings,ProxyOverride = *.local
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: 导出到 Microsoft Excel(&X) - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2012-05-08 22:02:20
ComboFix-quarantined-files.txt 2012-05-08 14:02
ComboFix2.txt 2012-05-07 18:23
.
Pre-Run: 14 个目录 68,759,035,904 可用字节
Post-Run: 15 个目录 68,816,257,024 可用字节
.
- - End Of File - - 40E52D8BA005D54A06A335E8DEC5FB1B

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 PM

Posted 08 May 2012 - 09:49 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 problemcomputer2012

problemcomputer2012
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 08 May 2012 - 10:29 AM

OLT Results:


OTL logfile created on: 2012/5/8 23:06:21 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\toshiba\Desktop
Home Basic Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy/M/d

1.75 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 46.04% Memory free
3.49 Gb Paging File | 2.51 Gb Available in Paging File | 71.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.09 Gb Total Space | 64.11 Gb Free Space | 43.88% Space Free | Partition Type: NTFS
Drive E: | 70.31 Gb Total Space | 70.22 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive F: | 74.68 Gb Total Space | 14.77 Gb Free Space | 19.78% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-PC | User Name: toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\toshiba\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Tencent\QQMusic\QQMusic.exe (Tencent)
PRC - C:\Program Files\Metfone 3G\AssistantServices.exe ()
PRC - C:\Program Files\Metfone 3G\UIExec.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Metfone 3G\UIExec.exe ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3726.17684__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3726.17545__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3726.17570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3726.17563__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3726.17557__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3726.17680__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3726.17598__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3726.17571__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3726.17650__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3726.17621__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3726.17613__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3726.17570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3726.17649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3726.17613__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3726.17598__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3726.17604__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3726.17628__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3726.17556__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3726.17607__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3726.17651__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3726.17612__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3726.17596__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3726.17649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3726.17604__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3726.17684__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3726.17597__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3726.17606__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3726.17575__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3726.17596__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3726.17597__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3726.17575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3726.17605__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3726.17539__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3726.17535__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3726.17540__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3726.17649__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3726.17657__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3726.17545__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3726.17540__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3726.17537__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3726.17534__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3726.17628__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3726.17587__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3726.17612__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3726.17556__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3726.17650__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3726.17533__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3726.17556__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3726.17644__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3726.17623__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3726.17557__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3726.17536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3726.17603__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3726.17536__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3726.17544__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3726.17563__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3726.17555__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3726.17535__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3726.17651__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3726.17536__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3726.17544__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3726.17538__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3726.17539__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3726.17562__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3726.17644__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3726.17642__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3726.17567__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3726.17596__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3726.17657__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3726.17539__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3726.17607__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3726.17537__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3726.17567__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3726.17538__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3726.17535__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3726.17562__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3726.17543__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3726.17540__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3726.17541__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3726.17551__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3726.17543__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3726.17542__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3726.17544__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3726.17539__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3726.17541__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3726.17550__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3726.17644__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3726.17550__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3726.17569__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Tencent\QQMusic\msdmo.dll ()
MOD - C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHS_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()


========== Win32 Services (SafeList) ==========

SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (UI Assistant Service) -- C:\Program Files\Metfone 3G\AssistantServices.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe ()
SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\toshiba\AppData\Local\Temp\catchme.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (NdisLwf) -- C:\Windows\System32\drivers\ndislwf.sys (Windows ® Win 7 DDK provider)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\ZTEusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (MBB Incorporated)
DRV - (tmactmon) -- C:\windows\System32\DRIVERS\tmactmon.sys ()
DRV - (tmevtmgr) -- C:\windows\System32\DRIVERS\tmevtmgr.sys ()
DRV - (tmcomm) -- C:\windows\System32\DRIVERS\tmcomm.sys ()
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://cn.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN
IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 54 37 68 25 2C CD 01 [binary data]
IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\URLSearchHook: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=UJ&apn_dtid=YYYYYYYYCN&apn_uid=F52ABECF-3F94-40C3-8773-21BC9C15CD4F&apn_sauid=6484E157-FECB-44F1-9CB2-1F0266CFE699
IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&bar=13&tn=82068094_3_cb
IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://cn.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\toshiba\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\toshiba\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2012/05/07 13:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\extensions
[2012/05/07 13:00:22 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\toshiba\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\toshiba\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\toshiba\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QQMusic (Enabled) = C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: ADDICT-THING = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hodadndnipkogjdaedlljeifginfffbi\1.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: uTorrentControl2 = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\
CHR - Extension: Gmail = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: ADDICT-THING = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hodadndnipkogjdaedlljeifginfffbi\1.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: uTorrentControl2 = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\
CHR - Extension: Gmail = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/08 22:00:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Wisdom-soft toolbar) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
O2 - BHO: (967DE405-450A-B340-5027-4D27C7B9B9C7 Class) - {967DE405-450A-B340-5027-4D27C7B9B9C7} - C:\Program Files\Baidu\{967DE405-450A-B340-5027-4D27C7B9B9C7}\AddressBar.dll ()
O2 - BHO: (ADDICT-THING Class) - {D0B687E7-08D9-457C-8B9E-B1C1B9685215} - C:\ProgramData\ADDICT-THING\bhoclass.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation。)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Wisdom-soft toolbar) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation。)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\Toolbar\WebBrowser: (Wisdom-soft toolbar) - {6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files\Metfone 3G\UIExec.exe ()
O4 - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000..\Run: [QQMusic] C:\Program Files\Tencent\QQMusic\QQMusic.exe (Tencent)
O4 - Startup: C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: qq.com ([cache.tv] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivecaption] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivehabit] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivesearch] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([video_1] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{701A7266-0C6B-4491-96D9-E9BAEAD80F23}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 23:04:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
[2012/05/08 22:02:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/08 22:02:22 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/05/08 10:46:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\toshiba\Desktop\aswMBR.exe
[2012/05/08 10:46:07 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\toshiba\Desktop\tdsskiller.exe
[2012/05/08 02:08:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/05/08 02:08:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/05/08 02:08:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/05/08 02:08:49 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/05/08 02:08:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/08 02:07:14 | 004,487,855 | R--- | C] (Swearware) -- C:\Users\toshiba\Desktop\ComboFix.exe
[2012/05/07 13:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012/05/07 13:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012/05/07 13:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/05/07 13:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ADDICT-THING
[2012/05/07 13:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/05/07 13:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/05/07 13:00:24 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Local\CRE
[2012/05/07 13:00:20 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Roaming\Mozilla
[2012/05/07 12:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl2
[2012/05/07 12:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/05/07 12:57:32 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Roaming\uTorrent
[2012/04/13 23:49:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/04/13 23:49:31 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/04/13 23:49:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/04/13 23:49:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/04/13 23:49:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/04/13 23:49:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/04/13 23:41:15 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/04/13 23:41:13 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/04/13 15:54:25 | 000,000,000 | ---D | C] -- C:\UserData
[2012/04/13 15:11:58 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbvoice.sys
[2012/04/13 15:11:57 | 000,126,976 | ---- | C] (ZTE Corporation) -- C:\windows\System32\drivers\ZTEusbnet.sys
[2012/04/13 15:11:57 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbser6k.sys
[2012/04/13 15:11:57 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbnmeaext2.sys
[2012/04/13 15:11:57 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbnmeaext.sys
[2012/04/13 15:11:57 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbnmea.sys
[2012/04/13 15:11:56 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbmdm6k.sys
[2012/04/13 15:11:56 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\windows\System32\drivers\massfilter.sys
[2012/04/13 15:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metfone 3G
[2012/04/13 15:11:21 | 000,000,000 | ---D | C] -- C:\windows\System32\SupportAppCB
[2012/04/13 15:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\Metfone 3G

========== Files - Modified Within 30 Days ==========

[2012/05/08 23:09:05 | 000,014,320 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 23:09:05 | 000,014,320 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 23:04:31 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
[2012/05/08 23:04:01 | 000,000,570 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1957738070-1683547623-2571408956-1000UA.job
[2012/05/08 23:01:30 | 000,000,538 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 23:01:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/08 23:01:05 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/08 22:00:36 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/05/08 21:50:05 | 004,487,855 | R--- | M] (Swearware) -- C:\Users\toshiba\Desktop\ComboFix.exe
[2012/05/08 21:46:06 | 000,000,542 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 11:48:06 | 000,000,512 | ---- | M] () -- C:\Users\toshiba\Desktop\MBR.dat
[2012/05/08 10:47:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\toshiba\Desktop\aswMBR.exe
[2012/05/08 10:47:01 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\toshiba\Desktop\tdsskiller.exe
[2012/05/07 20:32:58 | 000,000,893 | ---- | M] () -- C:\Users\toshiba\Desktop\Resume Spyware Doctor with AntiVirus.lnk
[2012/05/07 18:04:06 | 000,000,518 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1957738070-1683547623-2571408956-1000Core.job
[2012/05/07 15:37:54 | 000,000,000 | ---- | M] () -- C:\Users\toshiba\defogger_reenable
[2012/05/07 13:09:20 | 000,000,251 | ---- | M] () -- C:\Users\toshiba\Desktop\SweetPcFix.url
[2012/05/07 12:58:57 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/05/07 12:54:00 | 000,000,019 | ---- | M] () -- C:\windows\System32\mylk.dat
[2012/05/07 12:53:17 | 000,003,682 | ---- | M] () -- C:\Users\toshiba\funshion.ini
[2012/05/07 12:16:56 | 000,000,911 | ---- | M] () -- C:\Users\toshiba\AppData\Roaming\coreavc.ini
[2012/05/07 00:01:03 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/05/07 00:00:32 | 000,618,108 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/07 00:00:32 | 000,363,868 | ---- | M] () -- C:\windows\System32\prfh0804.dat
[2012/05/07 00:00:32 | 000,107,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/07 00:00:32 | 000,105,248 | ---- | M] () -- C:\windows\System32\prfc0804.dat
[2012/04/13 18:56:47 | 000,462,264 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/04/13 15:47:39 | 000,294,450 | ---- | M] () -- C:\Users\toshiba\Documents\indian visa round 3.pdf
[2012/04/13 15:11:45 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Metfone 3G.lnk
[2012/04/11 13:10:57 | 000,246,566 | ---- | M] () -- C:\Users\toshiba\Documents\indian visa application round 2.pdf
[2012/04/09 17:13:25 | 000,246,453 | ---- | M] () -- C:\Users\toshiba\Documents\indianvisaonline.gov.in_visa_pdf_KHMP00094012MI871203.pdf
[2012/04/09 17:00:17 | 000,294,329 | ---- | M] () -- C:\Users\toshiba\Documents\indian visa application.pdf

========== Files Created - No Company Name ==========

[2012/05/08 11:48:06 | 000,000,512 | ---- | C] () -- C:\Users\toshiba\Desktop\MBR.dat
[2012/05/08 02:08:59 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/05/08 02:08:59 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/05/08 02:08:59 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/05/08 02:08:59 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/05/08 02:08:59 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/05/07 20:32:58 | 000,000,893 | ---- | C] () -- C:\Users\toshiba\Desktop\Resume Spyware Doctor with AntiVirus.lnk
[2012/05/07 15:37:54 | 000,000,000 | ---- | C] () -- C:\Users\toshiba\defogger_reenable
[2012/05/07 13:09:20 | 000,000,251 | ---- | C] () -- C:\Users\toshiba\Desktop\SweetPcFix.url
[2012/05/07 12:58:57 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/05/07 12:54:00 | 000,000,019 | ---- | C] () -- C:\windows\System32\mylk.dat
[2012/05/07 00:00:50 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/13 15:54:25 | 000,000,614 | ---- | C] () -- C:\NetworkCfg.xml
[2012/04/13 15:47:51 | 000,294,450 | ---- | C] () -- C:\Users\toshiba\Documents\indian visa round 3.pdf
[2012/04/13 15:11:45 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Metfone 3G.lnk
[2012/04/11 13:10:56 | 000,246,566 | ---- | C] () -- C:\Users\toshiba\Documents\indian visa application round 2.pdf
[2012/04/09 17:13:25 | 000,246,453 | ---- | C] () -- C:\Users\toshiba\Documents\indianvisaonline.gov.in_visa_pdf_KHMP00094012MI871203.pdf
[2012/04/09 17:00:56 | 000,294,329 | ---- | C] () -- C:\Users\toshiba\Documents\indian visa application.pdf
[2012/02/07 18:28:31 | 000,007,680 | ---- | C] () -- C:\Users\toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/14 21:52:46 | 000,000,911 | ---- | C] () -- C:\Users\toshiba\AppData\Roaming\coreavc.ini
[2011/11/14 09:35:28 | 000,001,108 | ---- | C] () -- C:\windows\System32\funshion.ini
[2011/10/18 20:51:52 | 000,000,000 | ---- | C] () -- C:\windows\System32\cd.dat
[2011/01/09 19:45:31 | 000,018,760 | ---- | C] () -- C:\windows\System32\QQVistaHelper.dll
[2010/09/22 22:00:19 | 000,163,408 | ---- | C] () -- C:\windows\System32\drivers\tmcomm.sys
[2010/09/22 22:00:19 | 000,059,472 | ---- | C] () -- C:\windows\System32\drivers\tmactmon.sys
[2010/09/22 22:00:19 | 000,051,792 | ---- | C] () -- C:\windows\System32\drivers\tmevtmgr.sys
[2010/05/24 21:58:07 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/05/24 21:48:03 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/05/24 21:45:32 | 000,201,875 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2010/05/24 21:45:32 | 000,001,105 | ---- | C] () -- C:\windows\System32\atipblag.dat

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 PM

Posted 08 May 2012 - 12:13 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\URLSearchHook: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=UJ&apn_dtid=YYYYYYYYCN&apn_uid=F52ABECF-3F94-40C3-8773-21BC9C15CD4F&apn_sauid=6484E157-FECB-44F1-9CB2-1F0266CFE699
    [2012/05/07 13:00:22 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Wisdom-soft toolbar) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Wisdom-soft toolbar) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1957738070-1683547623-2571408956-1000\..\Toolbar\WebBrowser: (Wisdom-soft toolbar) - {6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
    [2012/05/07 13:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 problemcomputer2012

problemcomputer2012
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 08 May 2012 - 09:48 PM

After running the script, there are still no changes. If I open a folder, it still restarts the computer.

OTL results after running script:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
C:\Program Files\uTorrentControl2\prxtbuTor.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1957738070-1683547623-2571408956-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-1957738070-1683547623-2571408956-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6dfc55bb-bfff-485a-9709-90c3fdf6db58} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}\ deleted successfully.
C:\Program Files\Wisdom-soft\tbWisd.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-1957738070-1683547623-2571408956-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}\ not found.
File C:\Program Files\Wisdom-soft\tbWisd.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6dfc55bb-bfff-485a-9709-90c3fdf6db58} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}\ not found.
File soft\tbWisd.dll not found.
Registry value HKEY_USERS\S-1-5-21-1957738070-1683547623-2571408956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-1957738070-1683547623-2571408956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}\ not found.
File soft\tbWisd.dll not found.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP 配置
已成功刷新 DNS 解析缓存。
C:\Users\toshiba\Desktop\cmd.bat deleted successfully.
C:\Users\toshiba\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: toshiba
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: toshiba
->Flash cache emptied: 147660 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.42.3 log created on 05092012_104452

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 PM

Posted 08 May 2012 - 09:59 PM

Greetings


have you tried to do a system restore to before this happened?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 problemcomputer2012

problemcomputer2012
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 08 May 2012 - 10:22 PM

No. Sorry, I'm not really that good with computers. How do I do a system restore?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 PM

Posted 08 May 2012 - 10:34 PM

Hello


here you go - http://windows.microsoft.com/en-us/windows7/products/features/system-restore?SignedIn=1


pick a date before this happened


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 problemcomputer2012

problemcomputer2012
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 09 May 2012 - 07:15 AM

I can't do a system restore. If I try to start, the computer restarts, just like it does if I try to open a folder. Is there anything else I can do?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users