Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Get Rid of AdServing Pop Up Ads


  • This topic is locked This topic is locked
28 replies to this topic

#1 Beth4638

Beth4638

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 19 May 2012 - 05:48 PM

I'm using a PC with Windows 7, my browser is internet explorer, my antivirus program is Norton 360. For the past couple of days an AdServing pop up window has been appearing in the bottom corner of my screen and I can't get rid of it. I've run a few different antivirus tools and they haven't worked. My computer knowledge is almost nonexistent so I've run out of ideas to fix it. I would really appreciate some help!!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Beth at 17:35:02 on 2012-05-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3724 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\windows\system32\RunDll32.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Photosmart 5510 series\bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com
uDefault_Page_URL = hxxp://start.toshiba.com
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1850848S05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
StartupFolder: C:\Users\Beth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\system32\RunDll32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: Interfaces\{FF6CC321-80A7-4A1F-BA7A-B0A9842EEE68} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FF6CC321-80A7-4A1F-BA7A-B0A9842EEE68}\2456C6B696E6E233548334 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-8 1160824]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120518.001\IDSviA64.sys [2012-5-18 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccsvchst.exe [2012-4-21 130008]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-1-31 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-1-31 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-31 2656280]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-21 138360]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-1-31 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-31 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 257696]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-31 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-19 22:14:09 -------- d-----w- C:\Users\Beth\AppData\Roaming\Malwarebytes
2012-05-19 22:14:04 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-05-19 22:14:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-19 22:14:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-19 15:49:19 -------- d-----w- C:\ProgramData\Sophos
2012-05-19 15:46:59 73728 ----a-r- C:\Users\Beth\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-19 15:46:59 73728 ----a-r- C:\Users\Beth\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-19 15:46:59 73728 ----a-r- C:\Users\Beth\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-05-19 15:46:56 -------- d-----w- C:\Program Files (x86)\Sophos
2012-05-12 01:19:44 -------- d-----w- C:\Users\Beth\AppData\Local\{12C58987-F75D-46ED-850E-99F213285077}
2012-05-12 01:19:33 -------- d-----w- C:\Users\Beth\AppData\Local\{DB6DE0BC-4DF9-4C02-AF5B-49A5C2EF0E85}
2012-05-10 23:46:44 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 23:46:43 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 23:46:43 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 23:46:43 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 23:46:43 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 23:46:17 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-10 23:46:17 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-10 23:45:58 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-10 23:45:58 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-10 23:45:57 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 23:45:57 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-10 23:42:24 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-10 23:32:58 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-10 02:02:52 -------- d-----w- C:\windows\Hewlett-Packard
2012-05-10 01:42:49 -------- d-----w- C:\Users\Beth\AppData\Local\{1125DE47-486C-48ED-B42A-DACF05E5B755}
2012-05-10 01:33:06 -------- d-----w- C:\Users\Beth\AppData\Local\{1F7AE705-6111-45B9-939D-BEDC45A0C5B9}
2012-05-09 14:08:09 -------- d-----w- C:\Users\Beth\AppData\Local\{96D49090-B8D7-45F3-B006-91D96D461A47}
2012-05-09 14:07:48 -------- d-----w- C:\Users\Beth\AppData\Local\{02F17648-8BFA-4A32-A112-582A3C978C39}
2012-05-09 14:06:36 -------- d-----w- C:\Users\Beth\AppData\Local\{0401EA8A-B44A-4F29-BEA6-D84C0DF20271}
2012-05-09 14:06:19 -------- d-----w- C:\Users\Beth\AppData\Local\{96457A1E-A7A7-42C0-B5E5-217D1EE4072F}
2012-05-09 14:06:09 -------- d-----w- C:\Users\Beth\AppData\Local\{AF184CA4-4315-41A4-8E53-97445F228502}
2012-05-03 14:59:34 -------- d-----w- C:\Users\Beth\AppData\Local\Tific
2012-04-28 13:52:28 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-28 13:01:06 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-25 16:26:09 -------- d-----w- C:\Users\Beth\AppData\Local\{1A41C58D-5656-4E86-91F5-B9BDE1303569}
2012-04-25 16:18:53 -------- d-----w- C:\Users\Beth\AppData\Local\{B34DE642-66AD-45DB-B6BA-53A1D4DF24BF}
2012-04-25 15:57:18 -------- d-----w- C:\Users\Beth\AppData\Local\{6278787F-448E-44E3-9CE3-03ECCBA4D472}
2012-04-25 15:51:18 -------- d-----w- C:\Users\Beth\AppData\Local\{6E6A15B2-00A0-494E-A27F-EA1766B22589}
2012-04-25 15:51:06 -------- d-----w- C:\Users\Beth\AppData\Local\{60F5E8CD-4636-4F80-9114-69B8A98D9611}
2012-04-25 15:50:17 -------- d-----w- C:\Users\Beth\AppData\Local\{A2D1ECEB-975A-42B7-B9DF-B31ADAE8AF8C}
2012-04-25 15:50:17 -------- d-----w- C:\Users\Beth\AppData\Local\{83BA00B9-8D8B-454B-9D62-BF4C80B8C548}
2012-04-23 01:25:48 43640 ----a-r- C:\windows\System32\drivers\SymIMV.sys
2012-04-22 02:56:05 912504 ----a-r- C:\windows\System32\drivers\N360x64\0502010.003\symefa64.sys
2012-04-22 02:56:05 450680 ----a-r- C:\windows\System32\drivers\N360x64\0502010.003\symds64.sys
2012-04-22 02:56:05 386168 ----a-w- C:\windows\System32\drivers\N360x64\0502010.003\symnets.sys
2012-04-22 02:56:04 744568 ----a-r- C:\windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
2012-04-22 02:56:04 40568 ----a-r- C:\windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
2012-04-22 02:56:04 171128 ----a-r- C:\windows\System32\drivers\N360x64\0502010.003\ironx64.sys
2012-04-22 02:55:49 -------- d-----w- C:\windows\System32\drivers\N360x64\0502010.003
2012-04-21 17:34:20 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-04-21 17:34:18 174200 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-04-21 17:34:18 -------- d-----w- C:\Program Files\Symantec
2012-04-21 17:34:18 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-04-21 17:33:35 -------- d-----w- C:\windows\System32\drivers\N360x64
2012-04-21 17:33:33 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-04-20 14:48:17 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F0BF446-5588-47AD-8E61-C98C1ACD0E8E}\mpengine.dll
.
==================== Find3M ====================
.
2012-05-05 14:51:44 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 06:46:16 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 17:35:32.74 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 19 May 2012 - 08:04 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Beth4638

Beth4638
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 20 May 2012 - 08:28 AM

From Checkup.txt document:


Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton 360
Sophos Virus Removal Tool
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 25
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

Combofix Log:



ComboFix 12-05-20.04 - Beth 05/20/2012 7:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4455 [GMT -5:00]
Running from: c:\users\Beth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RRH3KCA\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Beth\AppData\Local\Temp\{F6A1C052-1BAE-4C65-8551-A8F4CE7BE109}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-20 12:43 . 2012-05-20 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-19 22:14 . 2012-05-19 22:14 -------- d-----w- c:\users\Beth\AppData\Roaming\Malwarebytes
2012-05-19 22:14 . 2012-05-20 12:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-19 22:14 . 2012-05-19 22:14 -------- d-----w- c:\programdata\Malwarebytes
2012-05-19 15:49 . 2012-05-19 15:49 -------- d-----w- c:\programdata\Sophos
2012-05-19 15:46 . 2012-05-19 15:46 73728 ----a-r- c:\users\Beth\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-19 15:46 . 2012-05-19 15:46 73728 ----a-r- c:\users\Beth\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-19 15:46 . 2012-05-19 15:46 73728 ----a-r- c:\users\Beth\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-05-19 15:46 . 2012-05-19 15:46 -------- d-----w- c:\program files (x86)\Sophos
2012-05-12 11:55 . 2012-05-12 11:55 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-12 11:55 . 2012-05-12 11:55 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-10 23:46 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 23:46 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 23:46 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 23:46 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 23:46 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 23:46 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 23:46 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 23:45 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 23:45 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 23:45 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 23:45 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 23:42 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 23:32 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 02:02 . 2012-05-10 02:02 -------- d-----w- c:\windows\Hewlett-Packard
2012-05-03 14:59 . 2012-05-05 14:36 -------- d-----w- c:\users\Beth\AppData\Local\Tific
2012-04-28 13:52 . 2012-05-05 14:51 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-28 13:01 . 2012-05-05 14:51 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-28 13:01 . 2012-04-28 13:01 -------- d-----w- c:\windows\system32\Macromed
2012-04-23 01:25 . 2011-03-31 03:04 43640 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-04-21 17:34 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-21 17:34 . 2012-04-21 17:34 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-21 17:34 . 2012-04-21 17:34 -------- d-----w- c:\program files\Symantec
2012-04-21 17:34 . 2012-04-21 17:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-21 17:33 . 2012-04-22 03:37 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-04-21 17:33 . 2012-04-21 17:33 -------- d-----w- c:\program files (x86)\Norton 360
2012-04-20 14:48 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F0BF446-5588-47AD-8E61-C98C1ACD0E8E}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 14:51 . 2011-11-03 06:12 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 06:46 . 2012-04-13 12:52 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 12:52 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 12:52 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 12:52 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 12:52 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 12:52 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 12:52 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 12:53 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 12:53 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 12:53 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 12:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-13 12:53 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-13 12:53 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 12:53 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-13 12:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-31 39408]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TSleepSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
2;2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-13 1160824]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120518.001\IDSvia64.sys [2012-04-28 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-05-05 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-21 138360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 14:51]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 16:41]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 16:41]
.
2012-05-19 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"(Default)"="" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-20 07:47:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-20 12:47
ComboFix2.txt 2012-05-20 12:07
.
Pre-Run: 247,613,231,104 bytes free
Post-Run: 247,180,808,192 bytes free
.
- - End Of File - - 09689451EA121D026054069BAF381073

#4 Beth4638

Beth4638
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 20 May 2012 - 08:30 AM

I'm still getting the AdServing pop up on almost every website I visit.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 20 May 2012 - 12:30 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Beth4638

Beth4638
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 20 May 2012 - 07:27 PM

TDSS Killer Report:


19:25:11.0845 5236 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
19:25:13.0124 5236 ============================================================
19:25:13.0124 5236 Current date / time: 2012/05/20 19:25:13.0124
19:25:13.0124 5236 SystemInfo:
19:25:13.0124 5236
19:25:13.0124 5236 OS Version: 6.1.7601 ServicePack: 1.0
19:25:13.0124 5236 Product type: Workstation
19:25:13.0124 5236 ComputerName: BETH-PC
19:25:13.0124 5236 UserName: Beth
19:25:13.0124 5236 Windows directory: C:\windows
19:25:13.0124 5236 System windows directory: C:\windows
19:25:13.0124 5236 Running under WOW64
19:25:13.0124 5236 Processor architecture: Intel x64
19:25:13.0124 5236 Number of processors: 4
19:25:13.0124 5236 Page size: 0x1000
19:25:13.0124 5236 Boot type: Normal boot
19:25:13.0124 5236 ============================================================
19:25:13.0826 5236 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:25:13.0842 5236 ============================================================
19:25:13.0842 5236 \Device\Harddisk0\DR0:
19:25:13.0842 5236 MBR partitions:
19:25:13.0842 5236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x233E7000
19:25:13.0842 5236 ============================================================
19:25:13.0857 5236 C: <-> \Device\Harddisk0\DR0\Partition0
19:25:13.0857 5236 ============================================================
19:25:13.0857 5236 Initialize success
19:25:13.0857 5236 ============================================================
19:25:23.0436 5228 ============================================================
19:25:23.0436 5228 Scan started
19:25:23.0436 5228 Mode: Manual;
19:25:23.0436 5228 ============================================================
19:25:25.0464 5228 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:25:25.0479 5228 1394ohci - ok
19:25:25.0557 5228 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:25:25.0573 5228 ACPI - ok
19:25:25.0604 5228 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:25:25.0604 5228 AcpiPmi - ok
19:25:26.0119 5228 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:25:26.0119 5228 AdobeFlashPlayerUpdateSvc - ok
19:25:26.0213 5228 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
19:25:26.0213 5228 adp94xx - ok
19:25:26.0369 5228 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
19:25:26.0415 5228 adpahci - ok
19:25:26.0509 5228 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
19:25:26.0509 5228 adpu320 - ok
19:25:26.0540 5228 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:25:26.0556 5228 AeLookupSvc - ok
19:25:26.0649 5228 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:25:26.0681 5228 AFD - ok
19:25:26.0759 5228 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:25:26.0759 5228 agp440 - ok
19:25:26.0805 5228 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:25:26.0837 5228 ALG - ok
19:25:26.0883 5228 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:25:26.0883 5228 aliide - ok
19:25:26.0915 5228 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:25:26.0915 5228 amdide - ok
19:25:26.0977 5228 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
19:25:26.0977 5228 AmdK8 - ok
19:25:27.0008 5228 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
19:25:27.0008 5228 AmdPPM - ok
19:25:27.0071 5228 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:25:27.0071 5228 amdsata - ok
19:25:27.0102 5228 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
19:25:27.0133 5228 amdsbs - ok
19:25:27.0149 5228 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:25:27.0164 5228 amdxata - ok
19:25:27.0227 5228 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:25:27.0227 5228 AppID - ok
19:25:27.0273 5228 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:25:27.0305 5228 AppIDSvc - ok
19:25:27.0383 5228 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:25:27.0383 5228 Appinfo - ok
19:25:27.0819 5228 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:25:27.0866 5228 Apple Mobile Device - ok
19:25:27.0913 5228 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
19:25:27.0913 5228 arc - ok
19:25:27.0944 5228 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
19:25:27.0944 5228 arcsas - ok
19:25:27.0991 5228 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:25:27.0991 5228 AsyncMac - ok
19:25:28.0038 5228 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:25:28.0038 5228 atapi - ok
19:25:28.0147 5228 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:25:28.0178 5228 AudioEndpointBuilder - ok
19:25:28.0178 5228 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:25:28.0178 5228 AudioSrv - ok
19:25:28.0241 5228 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:25:28.0272 5228 AxInstSV - ok
19:25:28.0381 5228 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
19:25:28.0412 5228 b06bdrv - ok
19:25:28.0521 5228 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:25:28.0537 5228 b57nd60a - ok
19:25:28.0615 5228 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:25:28.0646 5228 BDESVC - ok
19:25:28.0677 5228 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:25:28.0677 5228 Beep - ok
19:25:28.0818 5228 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:25:28.0833 5228 BFE - ok
19:25:29.0255 5228 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120507.001\BHDrvx64.sys
19:25:29.0301 5228 BHDrvx64 - ok
19:25:29.0613 5228 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
19:25:29.0738 5228 BITS - ok
19:25:29.0863 5228 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:25:29.0863 5228 blbdrive - ok
19:25:30.0144 5228 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:25:30.0159 5228 Bonjour Service - ok
19:25:30.0237 5228 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:25:30.0237 5228 bowser - ok
19:25:30.0315 5228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
19:25:30.0315 5228 BrFiltLo - ok
19:25:30.0331 5228 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
19:25:30.0331 5228 BrFiltUp - ok
19:25:30.0425 5228 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:25:30.0425 5228 Browser - ok
19:25:30.0487 5228 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:25:30.0487 5228 Brserid - ok
19:25:30.0534 5228 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:25:30.0534 5228 BrSerWdm - ok
19:25:30.0549 5228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:25:30.0549 5228 BrUsbMdm - ok
19:25:30.0565 5228 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:25:30.0565 5228 BrUsbSer - ok
19:25:30.0581 5228 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
19:25:30.0596 5228 BTHMODEM - ok
19:25:30.0690 5228 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:25:30.0705 5228 bthserv - ok
19:25:30.0752 5228 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:25:30.0752 5228 cdfs - ok
19:25:30.0799 5228 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
19:25:30.0799 5228 cdrom - ok
19:25:30.0861 5228 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:25:30.0861 5228 CertPropSvc - ok
19:25:30.0908 5228 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
19:25:30.0908 5228 circlass - ok
19:25:30.0939 5228 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:25:30.0955 5228 CLFS - ok
19:25:31.0064 5228 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:25:31.0080 5228 clr_optimization_v2.0.50727_32 - ok
19:25:31.0158 5228 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:25:31.0158 5228 clr_optimization_v2.0.50727_64 - ok
19:25:31.0251 5228 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:25:31.0267 5228 clr_optimization_v4.0.30319_32 - ok
19:25:31.0376 5228 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:25:31.0376 5228 clr_optimization_v4.0.30319_64 - ok
19:25:31.0439 5228 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:25:31.0454 5228 CmBatt - ok
19:25:31.0501 5228 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:25:31.0501 5228 cmdide - ok
19:25:31.0595 5228 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
19:25:31.0595 5228 CNG - ok
19:25:31.0829 5228 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys
19:25:31.0860 5228 CnxtHdAudService - ok
19:25:32.0156 5228 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
19:25:32.0156 5228 Compbatt - ok
19:25:32.0203 5228 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
19:25:32.0203 5228 CompositeBus - ok
19:25:32.0219 5228 COMSysApp - ok
19:25:32.0250 5228 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
19:25:32.0250 5228 crcdisk - ok
19:25:32.0343 5228 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
19:25:32.0343 5228 CryptSvc - ok
19:25:32.0655 5228 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:25:32.0687 5228 cvhsvc - ok
19:25:32.0765 5228 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:25:32.0780 5228 DcomLaunch - ok
19:25:32.0858 5228 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:25:32.0874 5228 defragsvc - ok
19:25:32.0967 5228 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:25:32.0967 5228 DfsC - ok
19:25:33.0030 5228 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:25:33.0045 5228 Dhcp - ok
19:25:33.0077 5228 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:25:33.0092 5228 discache - ok
19:25:33.0155 5228 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
19:25:33.0155 5228 Disk - ok
19:25:33.0201 5228 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:25:33.0201 5228 Dnscache - ok
19:25:33.0217 5228 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:25:33.0233 5228 dot3svc - ok
19:25:33.0264 5228 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:25:33.0279 5228 DPS - ok
19:25:33.0326 5228 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:25:33.0326 5228 drmkaud - ok
19:25:33.0404 5228 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:25:33.0420 5228 DXGKrnl - ok
19:25:33.0467 5228 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:25:33.0467 5228 EapHost - ok
19:25:34.0075 5228 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
19:25:34.0153 5228 ebdrv - ok
19:25:34.0356 5228 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:25:34.0387 5228 eeCtrl - ok
19:25:34.0512 5228 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:25:34.0512 5228 EFS - ok
19:25:34.0621 5228 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:25:34.0652 5228 ehRecvr - ok
19:25:34.0699 5228 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:25:34.0715 5228 ehSched - ok
19:25:34.0808 5228 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
19:25:34.0808 5228 elxstor - ok
19:25:34.0917 5228 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:25:34.0933 5228 EraserUtilRebootDrv - ok
19:25:34.0964 5228 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:25:34.0964 5228 ErrDev - ok
19:25:34.0995 5228 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:25:35.0011 5228 EventSystem - ok
19:25:35.0058 5228 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:25:35.0058 5228 exfat - ok
19:25:35.0089 5228 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:25:35.0089 5228 fastfat - ok
19:25:35.0167 5228 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:25:35.0183 5228 Fax - ok
19:25:35.0229 5228 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
19:25:35.0229 5228 fdc - ok
19:25:35.0292 5228 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:25:35.0292 5228 fdPHost - ok
19:25:35.0307 5228 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:25:35.0307 5228 FDResPub - ok
19:25:35.0323 5228 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:25:35.0323 5228 FileInfo - ok
19:25:35.0354 5228 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:25:35.0354 5228 Filetrace - ok
19:25:35.0401 5228 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
19:25:35.0417 5228 flpydisk - ok
19:25:35.0479 5228 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:25:35.0495 5228 FltMgr - ok
19:25:35.0619 5228 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:25:35.0635 5228 FontCache - ok
19:25:35.0760 5228 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:25:35.0775 5228 FontCache3.0.0.0 - ok
19:25:35.0885 5228 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:25:35.0900 5228 FsDepends - ok
19:25:35.0947 5228 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:25:35.0947 5228 Fs_Rec - ok
19:25:35.0978 5228 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:25:35.0978 5228 fvevol - ok
19:25:36.0041 5228 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
19:25:36.0056 5228 gagp30kx - ok
19:25:36.0337 5228 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:25:36.0353 5228 GamesAppService - ok
19:25:36.0399 5228 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:25:36.0415 5228 GEARAspiWDM - ok
19:25:36.0462 5228 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:25:36.0477 5228 gpsvc - ok
19:25:36.0649 5228 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:25:36.0649 5228 gupdate - ok
19:25:36.0649 5228 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:25:36.0649 5228 gupdatem - ok
19:25:36.0758 5228 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:25:36.0774 5228 gusvc - ok
19:25:36.0821 5228 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:25:36.0821 5228 hcw85cir - ok
19:25:36.0867 5228 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:25:36.0883 5228 HdAudAddService - ok
19:25:36.0899 5228 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:25:36.0899 5228 HDAudBus - ok
19:25:36.0914 5228 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
19:25:36.0914 5228 HidBatt - ok
19:25:36.0945 5228 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
19:25:36.0945 5228 HidBth - ok
19:25:36.0961 5228 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
19:25:36.0977 5228 HidIr - ok
19:25:37.0008 5228 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
19:25:37.0008 5228 hidserv - ok
19:25:37.0086 5228 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
19:25:37.0086 5228 HidUsb - ok
19:25:37.0101 5228 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:25:37.0117 5228 hkmsvc - ok
19:25:37.0133 5228 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:25:37.0133 5228 HomeGroupListener - ok
19:25:37.0164 5228 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:25:37.0164 5228 HomeGroupProvider - ok
19:25:37.0226 5228 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:25:37.0226 5228 HpSAMD - ok
19:25:37.0273 5228 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:25:37.0289 5228 HTTP - ok
19:25:37.0289 5228 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:25:37.0289 5228 hwpolicy - ok
19:25:37.0335 5228 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:25:37.0335 5228 i8042prt - ok
19:25:37.0429 5228 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\windows\system32\DRIVERS\iaStor.sys
19:25:37.0429 5228 iaStor - ok
19:25:37.0507 5228 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:25:37.0507 5228 iaStorV - ok
19:25:37.0632 5228 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:25:37.0647 5228 IDriverT - ok
19:25:37.0959 5228 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:25:38.0006 5228 idsvc - ok
19:25:38.0365 5228 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120518.001\IDSvia64.sys
19:25:38.0427 5228 IDSVia64 - ok
19:25:39.0707 5228 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys
19:25:39.0956 5228 igfx - ok
19:25:40.0159 5228 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
19:25:40.0175 5228 iirsp - ok
19:25:40.0299 5228 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:25:40.0299 5228 IKEEXT - ok
19:25:40.0393 5228 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
19:25:40.0393 5228 IntcDAud - ok
19:25:40.0440 5228 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:25:40.0440 5228 intelide - ok
19:25:40.0502 5228 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:25:40.0502 5228 intelppm - ok
19:25:40.0533 5228 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:25:40.0549 5228 IPBusEnum - ok
19:25:40.0580 5228 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:25:40.0580 5228 IpFilterDriver - ok
19:25:40.0627 5228 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:25:40.0627 5228 iphlpsvc - ok
19:25:40.0674 5228 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:25:40.0689 5228 IPMIDRV - ok
19:25:40.0689 5228 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:25:40.0689 5228 IPNAT - ok
19:25:40.0830 5228 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
19:25:40.0830 5228 iPod Service - ok
19:25:40.0892 5228 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:25:40.0892 5228 IRENUM - ok
19:25:40.0908 5228 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:25:40.0908 5228 isapnp - ok
19:25:40.0939 5228 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:25:40.0955 5228 iScsiPrt - ok
19:25:41.0001 5228 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:25:41.0001 5228 kbdclass - ok
19:25:41.0048 5228 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:25:41.0048 5228 kbdhid - ok
19:25:41.0079 5228 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:25:41.0079 5228 KeyIso - ok
19:25:41.0157 5228 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
19:25:41.0173 5228 KSecDD - ok
19:25:41.0204 5228 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
19:25:41.0220 5228 KSecPkg - ok
19:25:41.0298 5228 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:25:41.0313 5228 ksthunk - ok
19:25:41.0391 5228 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:25:41.0423 5228 KtmRm - ok
19:25:41.0454 5228 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys
19:25:41.0469 5228 L1C - ok
19:25:41.0501 5228 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
19:25:41.0501 5228 LanmanServer - ok
19:25:41.0579 5228 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:25:41.0579 5228 LanmanWorkstation - ok
19:25:41.0657 5228 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:25:41.0657 5228 lltdio - ok
19:25:41.0688 5228 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:25:41.0703 5228 lltdsvc - ok
19:25:41.0735 5228 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:25:41.0735 5228 lmhosts - ok
19:25:41.0859 5228 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:25:41.0859 5228 LMS - ok
19:25:41.0922 5228 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
19:25:41.0937 5228 LSI_FC - ok
19:25:41.0953 5228 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
19:25:41.0953 5228 LSI_SAS - ok
19:25:41.0969 5228 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
19:25:41.0984 5228 LSI_SAS2 - ok
19:25:42.0000 5228 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
19:25:42.0000 5228 LSI_SCSI - ok
19:25:42.0015 5228 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:25:42.0015 5228 luafv - ok
19:25:42.0093 5228 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:25:42.0125 5228 Mcx2Svc - ok
19:25:42.0156 5228 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
19:25:42.0156 5228 megasas - ok
19:25:42.0234 5228 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
19:25:42.0234 5228 MegaSR - ok
19:25:42.0296 5228 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
19:25:42.0296 5228 MEIx64 - ok
19:25:42.0327 5228 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:25:42.0327 5228 MMCSS - ok
19:25:42.0359 5228 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:25:42.0374 5228 Modem - ok
19:25:42.0452 5228 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:25:42.0452 5228 monitor - ok
19:25:42.0468 5228 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:25:42.0483 5228 mouclass - ok
19:25:42.0515 5228 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
19:25:42.0515 5228 mouhid - ok
19:25:42.0561 5228 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:25:42.0577 5228 mountmgr - ok
19:25:42.0593 5228 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:25:42.0593 5228 mpio - ok
19:25:42.0593 5228 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:25:42.0593 5228 mpsdrv - ok
19:25:42.0671 5228 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:25:42.0671 5228 MpsSvc - ok
19:25:42.0702 5228 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:25:42.0702 5228 MRxDAV - ok
19:25:42.0733 5228 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:25:42.0733 5228 mrxsmb - ok
19:25:42.0749 5228 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:25:42.0764 5228 mrxsmb10 - ok
19:25:42.0764 5228 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:25:42.0764 5228 mrxsmb20 - ok
19:25:42.0780 5228 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
19:25:42.0795 5228 msahci - ok
19:25:42.0811 5228 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:25:42.0811 5228 msdsm - ok
19:25:42.0842 5228 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:25:42.0842 5228 MSDTC - ok
19:25:42.0873 5228 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:25:42.0873 5228 Msfs - ok
19:25:42.0905 5228 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:25:42.0905 5228 mshidkmdf - ok
19:25:42.0936 5228 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:25:42.0936 5228 msisadrv - ok
19:25:42.0967 5228 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:25:42.0983 5228 MSiSCSI - ok
19:25:42.0983 5228 msiserver - ok
19:25:43.0029 5228 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:25:43.0029 5228 MSKSSRV - ok
19:25:43.0061 5228 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:25:43.0061 5228 MSPCLOCK - ok
19:25:43.0061 5228 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:25:43.0061 5228 MSPQM - ok
19:25:43.0092 5228 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:25:43.0107 5228 MsRPC - ok
19:25:43.0107 5228 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:25:43.0107 5228 mssmbios - ok
19:25:43.0123 5228 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:25:43.0139 5228 MSTEE - ok
19:25:43.0154 5228 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
19:25:43.0154 5228 MTConfig - ok
19:25:43.0170 5228 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:25:43.0185 5228 Mup - ok
19:25:43.0341 5228 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
19:25:43.0341 5228 N360 - ok
19:25:43.0388 5228 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:25:43.0404 5228 napagent - ok
19:25:43.0466 5228 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:25:43.0482 5228 NativeWifiP - ok
19:25:43.0950 5228 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120518.048\ENG64.SYS
19:25:43.0981 5228 NAVENG - ok
19:25:44.0106 5228 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120518.048\EX64.SYS
19:25:44.0121 5228 NAVEX15 - ok
19:25:44.0480 5228 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:25:44.0511 5228 NDIS - ok
19:25:44.0574 5228 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:25:44.0589 5228 NdisCap - ok
19:25:44.0621 5228 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:25:44.0621 5228 NdisTapi - ok
19:25:44.0652 5228 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:25:44.0667 5228 Ndisuio - ok
19:25:44.0667 5228 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:25:44.0667 5228 NdisWan - ok
19:25:44.0683 5228 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:25:44.0683 5228 NDProxy - ok
19:25:44.0730 5228 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:25:44.0730 5228 NetBIOS - ok
19:25:44.0761 5228 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:25:44.0777 5228 NetBT - ok
19:25:44.0823 5228 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:25:44.0823 5228 Netlogon - ok
19:25:44.0901 5228 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:25:44.0917 5228 Netman - ok
19:25:44.0948 5228 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:25:44.0948 5228 netprofm - ok
19:25:45.0120 5228 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:25:45.0135 5228 NetTcpPortSharing - ok
19:25:45.0198 5228 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
19:25:45.0198 5228 nfrd960 - ok
19:25:45.0276 5228 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:25:45.0276 5228 NlaSvc - ok
19:25:45.0338 5228 Norton PC Checkup Application Launcher - ok
19:25:45.0385 5228 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:25:45.0385 5228 Npfs - ok
19:25:45.0416 5228 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:25:45.0416 5228 nsi - ok
19:25:45.0432 5228 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:25:45.0447 5228 nsiproxy - ok
19:25:45.0525 5228 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:25:45.0557 5228 Ntfs - ok
19:25:45.0869 5228 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:25:45.0869 5228 Null - ok
19:25:45.0947 5228 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:25:45.0947 5228 nvraid - ok
19:25:45.0962 5228 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:25:45.0962 5228 nvstor - ok
19:25:46.0009 5228 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:25:46.0025 5228 nv_agp - ok
19:25:46.0040 5228 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:25:46.0056 5228 ohci1394 - ok
19:25:46.0149 5228 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:25:46.0165 5228 ose - ok
19:25:47.0709 5228 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:25:47.0865 5228 osppsvc - ok
19:25:48.0131 5228 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:25:48.0131 5228 p2pimsvc - ok
19:25:48.0255 5228 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:25:48.0271 5228 p2psvc - ok
19:25:48.0396 5228 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
19:25:48.0396 5228 Parport - ok
19:25:48.0443 5228 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:25:48.0443 5228 partmgr - ok
19:25:48.0458 5228 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:25:48.0474 5228 PcaSvc - ok
19:25:48.0583 5228 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
19:25:48.0583 5228 PCCUJobMgr - ok
19:25:48.0630 5228 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:25:48.0630 5228 pci - ok
19:25:48.0645 5228 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
19:25:48.0645 5228 pciide - ok
19:25:48.0677 5228 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
19:25:48.0677 5228 pcmcia - ok
19:25:48.0677 5228 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:25:48.0677 5228 pcw - ok
19:25:48.0723 5228 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:25:48.0739 5228 PEAUTH - ok
19:25:48.0817 5228 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:25:48.0817 5228 PerfHost - ok
19:25:48.0848 5228 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
19:25:48.0848 5228 PGEffect - ok
19:25:48.0989 5228 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:25:49.0051 5228 pla - ok
19:25:49.0129 5228 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:25:49.0145 5228 PlugPlay - ok
19:25:49.0160 5228 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:25:49.0160 5228 PNRPAutoReg - ok
19:25:49.0191 5228 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:25:49.0191 5228 PNRPsvc - ok
19:25:49.0301 5228 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:25:49.0316 5228 PolicyAgent - ok
19:25:49.0363 5228 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:25:49.0363 5228 Power - ok
19:25:49.0457 5228 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:25:49.0457 5228 PptpMiniport - ok
19:25:49.0472 5228 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
19:25:49.0472 5228 Processor - ok
19:25:49.0519 5228 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
19:25:49.0519 5228 ProfSvc - ok
19:25:49.0550 5228 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:25:49.0550 5228 ProtectedStorage - ok
19:25:49.0613 5228 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:25:49.0628 5228 Psched - ok
19:25:49.0691 5228 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
19:25:49.0691 5228 QIOMem - ok
19:25:49.0815 5228 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
19:25:49.0831 5228 ql2300 - ok
19:25:50.0143 5228 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
19:25:50.0143 5228 ql40xx - ok
19:25:50.0190 5228 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:25:50.0190 5228 QWAVE - ok
19:25:50.0221 5228 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:25:50.0221 5228 QWAVEdrv - ok
19:25:50.0237 5228 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:25:50.0252 5228 RasAcd - ok
19:25:50.0299 5228 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:25:50.0299 5228 RasAgileVpn - ok
19:25:50.0361 5228 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:25:50.0361 5228 RasAuto - ok
19:25:50.0377 5228 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:25:50.0377 5228 Rasl2tp - ok
19:25:50.0408 5228 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:25:50.0408 5228 RasMan - ok
19:25:50.0455 5228 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:25:50.0455 5228 RasPppoe - ok
19:25:50.0471 5228 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:25:50.0471 5228 RasSstp - ok
19:25:50.0502 5228 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:25:50.0502 5228 rdbss - ok
19:25:50.0517 5228 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
19:25:50.0533 5228 rdpbus - ok
19:25:50.0549 5228 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:25:50.0549 5228 RDPCDD - ok
19:25:50.0580 5228 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:25:50.0580 5228 RDPENCDD - ok
19:25:50.0611 5228 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:25:50.0611 5228 RDPREFMP - ok
19:25:50.0658 5228 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
19:25:50.0658 5228 RDPWD - ok
19:25:50.0736 5228 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:25:50.0736 5228 rdyboost - ok
19:25:50.0767 5228 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:25:50.0783 5228 RemoteAccess - ok
19:25:50.0814 5228 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:25:50.0814 5228 RemoteRegistry - ok
19:25:50.0861 5228 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:25:50.0861 5228 RpcEptMapper - ok
19:25:50.0892 5228 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:25:50.0892 5228 RpcLocator - ok
19:25:50.0923 5228 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:25:50.0923 5228 RpcSs - ok
19:25:50.0939 5228 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:25:50.0954 5228 rspndr - ok
19:25:50.0985 5228 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
19:25:50.0985 5228 RSUSBSTOR - ok
19:25:51.0048 5228 RSUSBVSTOR (e5dc911d0feb72caff2bbdd6e7c3672f) C:\windows\system32\Drivers\RTSUVSTOR.sys
19:25:51.0063 5228 RSUSBVSTOR - ok
19:25:51.0266 5228 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
19:25:51.0282 5228 RTL8192Ce - ok
19:25:51.0297 5228 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:25:51.0297 5228 SamSs - ok
19:25:51.0360 5228 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:25:51.0360 5228 sbp2port - ok
19:25:51.0391 5228 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:25:51.0391 5228 SCardSvr - ok
19:25:51.0407 5228 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:25:51.0407 5228 scfilter - ok
19:25:51.0469 5228 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:25:51.0469 5228 Schedule - ok
19:25:51.0500 5228 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:25:51.0500 5228 SCPolicySvc - ok
19:25:51.0547 5228 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:25:51.0547 5228 SDRSVC - ok
19:25:51.0656 5228 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:25:51.0656 5228 secdrv - ok
19:25:51.0687 5228 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:25:51.0703 5228 seclogon - ok
19:25:51.0734 5228 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
19:25:51.0750 5228 SENS - ok
19:25:51.0781 5228 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:25:51.0781 5228 SensrSvc - ok
19:25:51.0812 5228 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
19:25:51.0812 5228 Serenum - ok
19:25:51.0859 5228 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
19:25:51.0859 5228 Serial - ok
19:25:51.0906 5228 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
19:25:51.0906 5228 sermouse - ok
19:25:51.0953 5228 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:25:51.0953 5228 SessionEnv - ok
19:25:51.0984 5228 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:25:51.0999 5228 sffdisk - ok
19:25:52.0015 5228 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:25:52.0015 5228 sffp_mmc - ok
19:25:52.0031 5228 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:25:52.0031 5228 sffp_sd - ok
19:25:52.0046 5228 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
19:25:52.0046 5228 sfloppy - ok
19:25:52.0140 5228 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
19:25:52.0155 5228 Sftfs - ok
19:25:52.0311 5228 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:25:52.0343 5228 sftlist - ok
19:25:52.0389 5228 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:25:52.0389 5228 Sftplay - ok
19:25:52.0436 5228 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:25:52.0436 5228 Sftredir - ok
19:25:52.0452 5228 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
19:25:52.0452 5228 Sftvol - ok
19:25:52.0483 5228 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:25:52.0499 5228 sftvsa - ok
19:25:52.0577 5228 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:25:52.0592 5228 SharedAccess - ok
19:25:52.0670 5228 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:25:52.0670 5228 ShellHWDetection - ok
19:25:52.0733 5228 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
19:25:52.0733 5228 SiSRaid2 - ok
19:25:52.0811 5228 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
19:25:52.0842 5228 SiSRaid4 - ok
19:25:52.0873 5228 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:25:52.0873 5228 Smb - ok
19:25:52.0967 5228 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:25:52.0967 5228 SNMPTRAP - ok
19:25:52.0998 5228 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:25:52.0998 5228 spldr - ok
19:25:53.0045 5228 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:25:53.0045 5228 Spooler - ok
19:25:53.0294 5228 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:25:53.0388 5228 sppsvc - ok
19:25:53.0544 5228 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:25:53.0544 5228 sppuinotify - ok
19:25:53.0778 5228 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
19:25:53.0809 5228 SRTSP - ok
19:25:53.0840 5228 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
19:25:53.0840 5228 SRTSPX - ok
19:25:53.0903 5228 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:25:53.0903 5228 srv - ok
19:25:53.0918 5228 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:25:53.0934 5228 srv2 - ok
19:25:53.0981 5228 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
19:25:53.0996 5228 SrvHsfHDA - ok
19:25:54.0074 5228 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
19:25:54.0090 5228 SrvHsfV92 - ok
19:25:54.0324 5228 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
19:25:54.0324 5228 SrvHsfWinac - ok
19:25:54.0355 5228 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:25:54.0355 5228 srvnet - ok
19:25:54.0417 5228 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:25:54.0417 5228 SSDPSRV - ok
19:25:54.0433 5228 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:25:54.0433 5228 SstpSvc - ok
19:25:54.0464 5228 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
19:25:54.0464 5228 stexstor - ok
19:25:54.0511 5228 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
19:25:54.0511 5228 StillCam - ok
19:25:54.0589 5228 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:25:54.0605 5228 stisvc - ok
19:25:54.0620 5228 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:25:54.0620 5228 swenum - ok
19:25:54.0667 5228 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:25:54.0667 5228 swprv - ok
19:25:54.0761 5228 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
19:25:54.0761 5228 SymDS - ok
19:25:54.0839 5228 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
19:25:54.0854 5228 SymEFA - ok
19:25:54.0901 5228 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
19:25:54.0917 5228 SymEvent - ok
19:25:54.0963 5228 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\windows\system32\DRIVERS\SymIMv.sys
19:25:54.0963 5228 SymIM - ok
19:25:55.0026 5228 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS
19:25:55.0041 5228 SymIRON - ok
19:25:55.0088 5228 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS
19:25:55.0088 5228 SymNetS - ok
19:25:55.0166 5228 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
19:25:55.0182 5228 SynTP - ok
19:25:55.0353 5228 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:25:55.0385 5228 SysMain - ok
19:25:55.0494 5228 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:25:55.0494 5228 TabletInputService - ok
19:25:55.0525 5228 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:25:55.0525 5228 TapiSrv - ok
19:25:55.0541 5228 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:25:55.0556 5228 TBS - ok
19:25:55.0681 5228 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:25:55.0712 5228 Tcpip - ok
19:25:55.0915 5228 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:25:55.0931 5228 TCPIP6 - ok
19:25:56.0055 5228 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:25:56.0055 5228 tcpipreg - ok
19:25:56.0118 5228 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:25:56.0118 5228 tdcmdpst - ok
19:25:56.0133 5228 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:25:56.0133 5228 TDPIPE - ok
19:25:56.0180 5228 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:25:56.0180 5228 TDTCP - ok
19:25:56.0227 5228 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:25:56.0227 5228 tdx - ok
19:25:56.0258 5228 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
19:25:56.0274 5228 TermDD - ok
19:25:56.0336 5228 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:25:56.0336 5228 TermService - ok
19:25:56.0367 5228 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:25:56.0367 5228 Themes - ok
19:25:56.0399 5228 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:25:56.0399 5228 THREADORDER - ok
19:25:56.0477 5228 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:25:56.0477 5228 TMachInfo - ok
19:25:56.0539 5228 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
19:25:56.0539 5228 TODDSrv - ok
19:25:56.0664 5228 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:25:56.0664 5228 TosCoSrv - ok
19:25:56.0726 5228 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:25:56.0726 5228 TOSHIBA eco Utility Service - ok
19:25:56.0804 5228 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:25:56.0804 5228 TOSHIBA HDD SSD Alert Service - ok
19:25:56.0960 5228 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
19:25:56.0976 5228 tos_sps64 - ok
19:25:57.0069 5228 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:25:57.0069 5228 TPCHSrv - ok
19:25:57.0257 5228 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:25:57.0257 5228 TrkWks - ok
19:25:57.0319 5228 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:25:57.0319 5228 TrustedInstaller - ok
19:25:57.0381 5228 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:25:57.0381 5228 tssecsrv - ok
19:25:57.0413 5228 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:25:57.0413 5228 TsUsbFlt - ok
19:25:57.0444 5228 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
19:25:57.0444 5228 TsUsbGD - ok
19:25:57.0553 5228 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:25:57.0553 5228 tunnel - ok
19:25:57.0631 5228 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:25:57.0631 5228 TVALZ - ok
19:25:57.0678 5228 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
19:25:57.0678 5228 TVALZFL - ok
19:25:57.0709 5228 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
19:25:57.0709 5228 uagp35 - ok
19:25:57.0740 5228 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:25:57.0740 5228 udfs - ok
19:25:57.0787 5228 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:25:57.0787 5228 UI0Detect - ok
19:25:57.0834 5228 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:25:57.0849 5228 uliagpkx - ok
19:25:57.0865 5228 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
19:25:57.0865 5228 umbus - ok
19:25:57.0896 5228 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
19:25:57.0896 5228 UmPass - ok
19:25:58.0208 5228 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:25:58.0271 5228 UNS - ok
19:25:58.0489 5228 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:25:58.0505 5228 upnphost - ok
19:25:58.0598 5228 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
19:25:58.0598 5228 USBAAPL64 - ok
19:25:58.0676 5228 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:25:58.0676 5228 usbccgp - ok
19:25:58.0707 5228 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:25:58.0707 5228 usbcir - ok
19:25:58.0707 5228 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:25:58.0723 5228 usbehci - ok
19:25:58.0739 5228 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:25:58.0754 5228 usbhub - ok
19:25:58.0770 5228 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
19:25:58.0770 5228 usbohci - ok
19:25:58.0785 5228 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
19:25:58.0785 5228 usbprint - ok
19:25:58.0832 5228 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:25:58.0832 5228 USBSTOR - ok
19:25:58.0863 5228 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:25:58.0863 5228 usbuhci - ok
19:25:58.0926 5228 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
19:25:58.0941 5228 usbvideo - ok
19:25:58.0973 5228 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:25:58.0973 5228 UxSms - ok
19:25:58.0988 5228 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:25:58.0988 5228 VaultSvc - ok
19:25:59.0019 5228 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:25:59.0019 5228 vdrvroot - ok
19:25:59.0082 5228 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:25:59.0082 5228 vds - ok
19:25:59.0144 5228 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:25:59.0144 5228 vga - ok
19:25:59.0160 5228 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:25:59.0160 5228 VgaSave - ok
19:25:59.0191 5228 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:25:59.0207 5228 vhdmp - ok
19:25:59.0238 5228 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:25:59.0238 5228 viaide - ok
19:25:59.0253 5228 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:25:59.0253 5228 volmgr - ok
19:25:59.0269 5228 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:25:59.0269 5228 volmgrx - ok
19:25:59.0285 5228 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
19:25:59.0300 5228 volsnap - ok
19:25:59.0331 5228 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
19:25:59.0331 5228 vsmraid - ok
19:25:59.0441 5228 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:25:59.0472 5228 VSS - ok
19:25:59.0597 5228 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:25:59.0612 5228 vwifibus - ok
19:25:59.0659 5228 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:25:59.0659 5228 vwififlt - ok
19:25:59.0721 5228 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
19:25:59.0721 5228 vwifimp - ok
19:25:59.0799 5228 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:25:59.0815 5228 W32Time - ok
19:25:59.0846 5228 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
19:25:59.0846 5228 WacomPen - ok
19:25:59.0893 5228 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:25:59.0893 5228 WANARP - ok
19:25:59.0909 5228 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:25:59.0909 5228 Wanarpv6 - ok
19:26:00.0018 5228 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:26:00.0049 5228 WatAdminSvc - ok
19:26:00.0127 5228 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:26:00.0143 5228 wbengine - ok
19:26:00.0548 5228 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:26:00.0548 5228 WbioSrvc - ok
19:26:00.0595 5228 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:26:00.0611 5228 wcncsvc - ok
19:26:00.0626 5228 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:26:00.0626 5228 WcsPlugInService - ok
19:26:00.0673 5228 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
19:26:00.0673 5228 Wd - ok
19:26:00.0720 5228 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:26:00.0735 5228 Wdf01000 - ok
19:26:00.0767 5228 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:26:00.0767 5228 WdiServiceHost - ok
19:26:00.0767 5228 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:26:00.0767 5228 WdiSystemHost - ok
19:26:00.0798 5228 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:26:00.0798 5228 WebClient - ok
19:26:00.0813 5228 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:26:00.0829 5228 Wecsvc - ok
19:26:00.0829 5228 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:26:00.0845 5228 wercplsupport - ok
19:26:00.0891 5228 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:26:00.0891 5228 WerSvc - ok
19:26:00.0954 5228 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:26:00.0954 5228 WfpLwf - ok
19:26:00.0985 5228 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:26:00.0985 5228 WIMMount - ok
19:26:01.0032 5228 WinDefend - ok
19:26:01.0032 5228 WinHttpAutoProxySvc - ok
19:26:01.0079 5228 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:26:01.0094 5228 Winmgmt - ok
19:26:01.0219 5228 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:26:01.0266 5228 WinRM - ok
19:26:01.0578 5228 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:26:01.0578 5228 WinUsb - ok
19:26:01.0640 5228 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:26:01.0656 5228 Wlansvc - ok
19:26:01.0734 5228 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:26:01.0749 5228 wlcrasvc - ok
19:26:02.0015 5228 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:26:02.0061 5228 wlidsvc - ok
19:26:02.0264 5228 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
19:26:02.0280 5228 WmiAcpi - ok
19:26:02.0373 5228 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:26:02.0373 5228 wmiApSrv - ok
19:26:02.0467 5228 WMPNetworkSvc - ok
19:26:02.0514 5228 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:26:02.0529 5228 WPCSvc - ok
19:26:02.0592 5228 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:26:02.0592 5228 WPDBusEnum - ok
19:26:02.0623 5228 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:26:02.0623 5228 ws2ifsl - ok
19:26:02.0654 5228 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
19:26:02.0654 5228 wscsvc - ok
19:26:02.0654 5228 WSearch - ok
19:26:02.0810 5228 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
19:26:02.0841 5228 wuauserv - ok
19:26:03.0075 5228 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:26:03.0075 5228 WudfPf - ok
19:26:03.0122 5228 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:26:03.0122 5228 WUDFRd - ok
19:26:03.0153 5228 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:26:03.0153 5228 wudfsvc - ok
19:26:03.0185 5228 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:26:03.0200 5228 WwanSvc - ok
19:26:03.0247 5228 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:26:03.0668 5228 \Device\Harddisk0\DR0 - ok
19:26:03.0699 5228 Boot (0x1200) (97ddf88762f75c83d15fad4595f451d9) \Device\Harddisk0\DR0\Partition0
19:26:03.0699 5228 \Device\Harddisk0\DR0\Partition0 - ok
19:26:03.0699 5228 ============================================================
19:26:03.0699 5228 Scan finished
19:26:03.0699 5228 ============================================================
19:26:03.0699 5624 Detected object count: 0
19:26:03.0699 5624 Actual detected object count: 0

#7 Beth4638

Beth4638
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 20 May 2012 - 07:31 PM

aswMBR Report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-20 19:28:18
-----------------------------
19:28:18.434 OS Version: Windows x64 6.1.7601 Service Pack 1
19:28:18.434 Number of processors: 4 586 0x2A07
19:28:18.434 ComputerName: BETH-PC UserName: Beth
19:28:19.557 Initialize success
19:28:30.175 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:28:30.175 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 3
19:28:30.190 Disk 0 MBR read successfully
19:28:30.190 Disk 0 MBR scan
19:28:30.206 Disk 0 Windows VISTA default MBR code
19:28:30.206 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:28:30.221 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288718 MB offset 3074048
19:28:30.253 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15026 MB offset 594368512
19:28:30.299 Disk 0 scanning C:\windows\system32\drivers
19:28:36.961 Service scanning
19:29:06.725 Modules scanning
19:29:06.741 Disk 0 trace - called modules:
19:29:06.757 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:29:06.772 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ad7790]
19:29:06.788 3 CLASSPNP.SYS[fffff88001a2c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062fc050]
19:29:06.788 Scan finished successfully
19:29:16.196 Disk 0 MBR has been saved successfully to "C:\Users\Beth\Desktop\MBR.dat"
19:29:16.196 The log file has been saved successfully to "C:\Users\Beth\Desktop\aswMBR.txt"

The AdServing pop up is still coming up on every website I go to.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 20 May 2012 - 09:30 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Beth4638

Beth4638
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 20 May 2012 - 10:26 PM

Contents of OTL.txt


OTL logfile created on: 5/20/2012 10:18:38 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Beth\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.17 Gb Available Physical Memory | 70.10% Memory free
11.90 Gb Paging File | 9.95 Gb Available in Paging File | 83.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.95 Gb Total Space | 230.98 Gb Free Space | 81.92% Space Free | Partition Type: NTFS

Computer Name: BETH-PC | User Name: Beth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Beth\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe (Symantec Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0502010.003\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0502010.003\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0502010.003\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0502010.003\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0502010.003\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0502010.003\ironx64.sys (Symantec Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120519.009\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120519.009\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120518.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120507.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FEC25E2E-24AC-4DDF-BBA8-8C94E5CC3172}
IE:64bit: - HKLM\..\SearchScopes\{FEC25E2E-24AC-4DDF-BBA8-8C94E5CC3172}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {FEC25E2E-24AC-4DDF-BBA8-8C94E5CC3172}
IE - HKLM\..\SearchScopes\{FEC25E2E-24AC-4DDF-BBA8-8C94E5CC3172}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3179967474-55583137-2155952488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKU\S-1-5-21-3179967474-55583137-2155952488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3179967474-55583137-2155952488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com
IE - HKU\S-1-5-21-3179967474-55583137-2155952488-1000\..\SearchScopes,DefaultScope = {D5895B7E-D9C9-46B5-9B51-621D4DB20719}
IE - HKU\S-1-5-21-3179967474-55583137-2155952488-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
IE - HKU\S-1-5-21-3179967474-55583137-2155952488-1000\..\SearchScopes\{D5895B7E-D9C9-46B5-9B51-621D4DB20719}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS469
IE - HKU\S-1-5-21-3179967474-55583137-2155952488-1000\..\SearchScopes\{FEC25E2E-24AC-4DDF-BBA8-8C94E5CC3172}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-3179967474-55583137-2155952488-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3179967474-55583137-2155952488-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/04/21 22:37:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_7_5 [2012/05/20 22:15:02 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Google Search = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/21 21:59:52 | 000,001,283 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3179967474-55583137-2155952488-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3179967474-55583137-2155952488-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3179967474-55583137-2155952488-1000..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF6CC321-80A7-4A1F-BA7A-B0A9842EEE68}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/20 22:17:43 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Beth\Desktop\OTL.exe
[2012/05/20 19:27:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Beth\Desktop\aswMBR.exe
[2012/05/20 19:24:56 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Beth\Desktop\tdsskiller.exe
[2012/05/20 07:47:18 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/05/20 07:34:26 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/05/19 22:30:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/19 17:14:09 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Roaming\Malwarebytes
[2012/05/19 17:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/19 17:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/19 16:57:48 | 000,000,000 | ---D | C] -- C:\Users\Beth\Documents\tdsskiller
[2012/05/19 10:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/05/19 10:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/05/12 06:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/12 06:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/12 06:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/11 20:19:44 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{12C58987-F75D-46ED-850E-99F213285077}
[2012/05/11 20:19:33 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{DB6DE0BC-4DF9-4C02-AF5B-49A5C2EF0E85}
[2012/05/10 18:46:17 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/05/10 18:45:58 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/05/10 18:45:57 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/05/10 18:45:57 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/05/09 21:06:25 | 000,000,000 | ---D | C] -- C:\Users\Beth\Desktop\Photos
[2012/05/09 21:02:52 | 000,000,000 | ---D | C] -- C:\windows\Hewlett-Packard
[2012/05/09 20:52:22 | 000,000,000 | ---D | C] -- C:\Users\Beth\Desktop\HP v125w
[2012/05/09 20:42:49 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{1125DE47-486C-48ED-B42A-DACF05E5B755}
[2012/05/09 20:33:06 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{1F7AE705-6111-45B9-939D-BEDC45A0C5B9}
[2012/05/09 09:08:09 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{96D49090-B8D7-45F3-B006-91D96D461A47}
[2012/05/09 09:07:48 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{02F17648-8BFA-4A32-A112-582A3C978C39}
[2012/05/09 09:06:36 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{0401EA8A-B44A-4F29-BEA6-D84C0DF20271}
[2012/05/09 09:06:19 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{96457A1E-A7A7-42C0-B5E5-217D1EE4072F}
[2012/05/09 09:06:09 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{AF184CA4-4315-41A4-8E53-97445F228502}
[2012/05/03 09:59:34 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\Tific
[2012/04/28 08:52:28 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/28 08:01:06 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/04/28 08:01:03 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012/04/25 11:26:09 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{1A41C58D-5656-4E86-91F5-B9BDE1303569}
[2012/04/25 11:18:53 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{B34DE642-66AD-45DB-B6BA-53A1D4DF24BF}
[2012/04/25 10:57:18 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{6278787F-448E-44E3-9CE3-03ECCBA4D472}
[2012/04/25 10:51:18 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{6E6A15B2-00A0-494E-A27F-EA1766B22589}
[2012/04/25 10:51:06 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{60F5E8CD-4636-4F80-9114-69B8A98D9611}
[2012/04/25 10:50:17 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{A2D1ECEB-975A-42B7-B9DF-B31ADAE8AF8C}
[2012/04/25 10:50:17 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\{83BA00B9-8D8B-454B-9D62-BF4C80B8C548}
[2012/04/22 20:25:48 | 000,043,640 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SymIMV.sys
[2012/04/21 21:56:05 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0502010.003\symefa64.sys
[2012/04/21 21:56:05 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0502010.003\symds64.sys
[2012/04/21 21:56:05 | 000,386,168 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0502010.003\symnets.sys
[2012/04/21 21:56:04 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0502010.003\srtsp64.sys
[2012/04/21 21:56:04 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0502010.003\ironx64.sys
[2012/04/21 21:56:04 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0502010.003\srtspx64.sys
[2012/04/21 21:55:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\0502010.003
[2012/04/21 12:34:59 | 000,000,000 | ---D | C] -- C:\Users\Beth\Documents\Symantec
[2012/04/21 12:34:20 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2012/04/21 12:34:18 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/04/21 12:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/04/21 12:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/04/21 12:33:35 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2012/04/21 12:33:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/04/21 12:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/20 22:22:12 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 22:22:12 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 22:21:37 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/05/20 22:21:36 | 000,727,246 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/05/20 22:21:36 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/05/20 22:17:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Beth\Desktop\OTL.exe
[2012/05/20 22:15:24 | 000,001,942 | ---- | M] () -- C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk
[2012/05/20 22:15:08 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/20 22:14:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/20 22:14:43 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/20 22:01:00 | 000,000,254 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Messager.job
[2012/05/20 21:51:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/20 21:44:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/20 19:29:16 | 000,000,512 | ---- | M] () -- C:\Users\Beth\Desktop\MBR.dat
[2012/05/20 19:28:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Beth\Desktop\aswMBR.exe
[2012/05/20 19:25:06 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Beth\Desktop\tdsskiller.exe
[2012/05/19 17:33:30 | 000,000,000 | ---- | M] () -- C:\Users\Beth\defogger_reenable
[2012/05/11 20:18:04 | 000,274,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/11 07:37:04 | 001,483,996 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\Cat.DB
[2012/05/05 09:51:44 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/05/05 09:51:44 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/05 09:51:40 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/29 16:39:27 | 000,002,355 | ---- | M] () -- C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk
[2012/04/21 22:37:25 | 000,002,388 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/04/21 21:59:52 | 000,001,283 | RHS- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/04/21 12:34:18 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/04/21 12:34:18 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/04/21 12:34:18 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/20 19:29:16 | 000,000,512 | ---- | C] () -- C:\Users\Beth\Desktop\MBR.dat
[2012/05/19 17:33:30 | 000,000,000 | ---- | C] () -- C:\Users\Beth\defogger_reenable
[2012/04/29 16:39:27 | 000,002,355 | ---- | C] () -- C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk
[2012/04/28 08:01:07 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/21 22:36:54 | 001,483,996 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\Cat.DB
[2012/04/21 21:56:05 | 000,007,460 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\symefa64.cat
[2012/04/21 21:56:05 | 000,007,458 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\symnet64.cat
[2012/04/21 21:56:05 | 000,003,373 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\symefa.inf
[2012/04/21 21:56:05 | 000,001,445 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\symnet.inf
[2012/04/21 21:56:04 | 000,007,492 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\iron.cat
[2012/04/21 21:56:04 | 000,007,462 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\srtspx64.cat
[2012/04/21 21:56:04 | 000,007,458 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\srtsp64.cat
[2012/04/21 21:56:04 | 000,002,792 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\symds.inf
[2012/04/21 21:56:04 | 000,001,438 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\srtsp64.inf
[2012/04/21 21:56:04 | 000,001,422 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\srtspx64.inf
[2012/04/21 21:56:04 | 000,000,772 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\iron.inf
[2012/04/21 21:55:50 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\symds64.cat
[2012/04/21 21:55:49 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0502010.003\isolate.ini
[2012/04/21 12:34:18 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/04/21 12:34:18 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/04/21 12:34:17 | 000,002,388 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/03/13 12:45:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/14 19:46:08 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/31 11:25:37 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/08/31 15:51:14 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/08/31 15:51:14 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/08/31 15:51:14 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/08/31 15:45:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/08/31 15:26:18 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/02/03 22:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

< End of report >

#10 Beth4638

Beth4638
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 20 May 2012 - 10:34 PM

I'm still getting the AdServing pop up. Also, several times this evening when I clicked on a link to go to a website from either google or from another site my browser was redirected to some other random website, rather than going to the site I wanted. I didn't remember to write down the name of the "hijack" site but it had a big green arrow on it...although that info probably isn't too helpful :/

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 20 May 2012 - 10:35 PM

Please download RogueKiller

Save to the Desktop
Close all windows and browsers
Windows Seven: Right-click the downloaded file and select 'Run as Administrator'
Press: SCAN
A report opens on the Desktop: RKreport.txt

Please copy/paste the RKreport.txt , and provide it in your reply.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right-click on the downloaded icon and select: Rename
Then, rename it to winlogon.exe and try again.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Beth4638

Beth4638
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 21 May 2012 - 09:07 AM

RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Beth [Admin rights]
Mode: Scan -- Date: 05/21/2012 09:06:06

Bad processes: 0

Registry Entries: 4
[SUSP PATH] {545C9D45-D13D-47E5-813C-F1B93763F379}.job @ : C:\Users\Beth\Desktop\fsbl.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HIDDEN VAL] HKLM\[...]\Run : @ () -> FOUND

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost
::1 localhost
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


MBR Check:

+++++ PhysicalDrive0: TOSHIBA MK3275GSX +++++
--- User ---
[MBR] 4f11bfdf350c7968af17094ddb2b1777
[BSP] 7baa029788e9cf5e28b7bc72b87ad807 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 288718 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 594368512 | Size: 15026 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 21 May 2012 - 01:27 PM

On theRogueKiller console, click the Hosts tab.
Make sure the entries there are checked, if there is an option to do so.
Then, press the [HostFix] button.

Please provide the RKreport (Mode: Delete) created on the Desktop.
(The RKreport also opens using the Report button on the console.)
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Beth4638

Beth4638
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 21 May 2012 - 01:56 PM

RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Beth [Admin rights]
Mode: HOSTSFix -- Date: 05/21/2012 13:49:34

Bad processes: 0

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 21 May 2012 - 09:20 PM

How are things doing now?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users