Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • Please log in to reply
9 replies to this topic

#1 DChopeless

DChopeless

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 20 January 2013 - 08:20 PM

My computer has been infected with the Google redirect virus. I have downloaded and ran the Kaspersky TDSS rootkit program with no results. I am not sure if this is also a part of the virus, but I cannot access GMail or Hotmail anymore.

Please help....

Edited by hamluis, 20 January 2013 - 08:34 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:21 PM

Posted 20 January 2013 - 08:57 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 DChopeless

DChopeless
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 21 January 2013 - 08:37 AM

20:41:11.0560 10896 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:41:12.0006 10896 ============================================================
20:41:12.0006 10896 Current date / time: 2013/01/20 20:41:12.0006
20:41:12.0006 10896 SystemInfo:
20:41:12.0006 10896
20:41:12.0007 10896 OS Version: 6.0.6002 ServicePack: 2.0
20:41:12.0007 10896 Product type: Workstation
20:41:12.0007 10896 ComputerName: BRIAN-PC
20:41:12.0008 10896 UserName: Brian
20:41:12.0008 10896 Windows directory: C:\Windows
20:41:12.0008 10896 System windows directory: C:\Windows
20:41:12.0008 10896 Running under WOW64
20:41:12.0008 10896 Processor architecture: Intel x64
20:41:12.0008 10896 Number of processors: 2
20:41:12.0008 10896 Page size: 0x1000
20:41:12.0008 10896 Boot type: Normal boot
20:41:12.0008 10896 ============================================================
20:41:12.0999 10896 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:41:13.0016 10896 ============================================================
20:41:13.0017 10896 \Device\Harddisk0\DR0:
20:41:13.0017 10896 MBR partitions:
20:41:13.0017 10896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38C1B800
20:41:13.0017 10896 ============================================================
20:41:13.0064 10896 C: <-> \Device\Harddisk0\DR0\Partition1
20:41:13.0065 10896 ============================================================
20:41:13.0065 10896 Initialize success
20:41:13.0065 10896 ============================================================
20:42:14.0155 10396 ============================================================
20:42:14.0155 10396 Scan started
20:42:14.0155 10396 Mode: Manual; TDLFS;
20:42:14.0155 10396 ============================================================
20:42:42.0946 10396 ================ Scan system memory ========================
20:42:42.0946 10396 System memory - ok
20:42:42.0946 10396 ================ Scan services =============================
20:42:43.0367 10396 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:42:43.0383 10396 ACPI - ok
20:42:43.0429 10396 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:42:43.0445 10396 adp94xx - ok
20:42:43.0507 10396 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:42:43.0523 10396 adpahci - ok
20:42:43.0539 10396 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:42:43.0539 10396 adpu160m - ok
20:42:43.0585 10396 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:42:43.0585 10396 adpu320 - ok
20:42:43.0695 10396 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:42:43.0695 10396 AeLookupSvc - ok
20:42:43.0773 10396 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
20:42:43.0773 10396 AFD - ok
20:42:43.0835 10396 [ 8FE65709982F2CB7D291F6C9B2C60805 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
20:42:43.0835 10396 AgereModemAudio - ok
20:42:43.0929 10396 [ 55FCDB10E31C22EB67454AAEF42B6725 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
20:42:43.0960 10396 AgereSoftModem - ok
20:42:43.0991 10396 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:42:43.0991 10396 agp440 - ok
20:42:44.0069 10396 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:42:44.0085 10396 aic78xx - ok
20:42:44.0116 10396 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
20:42:44.0116 10396 ALG - ok
20:42:44.0163 10396 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
20:42:44.0163 10396 aliide - ok
20:42:44.0241 10396 [ C5EF0A376CE36979409774A5B9DC7903 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:42:44.0241 10396 AMD External Events Utility - ok
20:42:44.0303 10396 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
20:42:44.0303 10396 amdide - ok
20:42:44.0319 10396 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:42:44.0319 10396 AmdK8 - ok
20:42:44.0365 10396 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
20:42:44.0365 10396 Appinfo - ok
20:42:44.0397 10396 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
20:42:44.0412 10396 arc - ok
20:42:44.0459 10396 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:42:44.0459 10396 arcsas - ok
20:42:44.0537 10396 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:42:44.0537 10396 AsyncMac - ok
20:42:44.0599 10396 [ B388797CAAB36D523840347CC6A39B96 ] atapi C:\Windows\system32\drivers\atapi.sys
20:42:44.0615 10396 atapi - ok
20:42:44.0865 10396 [ C28928BECD9D35248C2A6CB18032CACC ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:42:45.0021 10396 atikmdag - ok
20:42:45.0130 10396 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:42:45.0130 10396 AudioEndpointBuilder - ok
20:42:45.0161 10396 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:42:45.0161 10396 AudioSrv - ok
20:42:45.0395 10396 [ 6C64FA457C200874FAA87D74152E0D84 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
20:42:45.0411 10396 BHDrvx64 - ok
20:42:45.0473 10396 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:42:45.0473 10396 blbdrive - ok
20:42:45.0567 10396 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:42:45.0567 10396 bowser - ok
20:42:45.0629 10396 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:42:45.0629 10396 BrFiltLo - ok
20:42:45.0676 10396 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:42:45.0676 10396 BrFiltUp - ok
20:42:45.0707 10396 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
20:42:45.0707 10396 Browser - ok
20:42:45.0769 10396 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
20:42:45.0769 10396 Brserid - ok
20:42:45.0785 10396 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:42:45.0785 10396 BrSerWdm - ok
20:42:45.0801 10396 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:42:45.0801 10396 BrUsbMdm - ok
20:42:45.0816 10396 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:42:45.0832 10396 BrUsbSer - ok
20:42:45.0847 10396 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:42:45.0847 10396 BTHMODEM - ok
20:42:45.0972 10396 [ F1140ED3A1E1D6824A63F27AFD9EEF32 ] camsvc C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
20:42:45.0972 10396 camsvc - ok
20:42:46.0081 10396 [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
20:42:46.0081 10396 ccHP - ok
20:42:46.0128 10396 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:42:46.0128 10396 cdfs - ok
20:42:46.0191 10396 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:42:46.0191 10396 cdrom - ok
20:42:46.0253 10396 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
20:42:46.0253 10396 CertPropSvc - ok
20:42:46.0362 10396 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
20:42:46.0362 10396 circlass - ok
20:42:46.0440 10396 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
20:42:46.0440 10396 CLFS - ok
20:42:46.0534 10396 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:42:46.0534 10396 clr_optimization_v2.0.50727_32 - ok
20:42:46.0581 10396 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:42:46.0581 10396 clr_optimization_v2.0.50727_64 - ok
20:42:46.0721 10396 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:42:46.0721 10396 CmBatt - ok
20:42:46.0737 10396 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:42:46.0737 10396 cmdide - ok
20:42:46.0799 10396 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:42:46.0799 10396 Compbatt - ok
20:42:46.0815 10396 COMSysApp - ok
20:42:46.0877 10396 [ BCF2C3177E4777E3793310BAC0244C1A ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
20:42:46.0877 10396 ConfigFree Gadget Service - ok
20:42:46.0924 10396 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
20:42:46.0939 10396 ConfigFree Service - ok
20:42:47.0080 10396 [ DCA39DB96E3489B7229720E3F8F796FD ] cpextender C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
20:42:47.0080 10396 cpextender - ok
20:42:47.0158 10396 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:42:47.0158 10396 crcdisk - ok
20:42:47.0236 10396 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:42:47.0251 10396 CryptSvc - ok
20:42:47.0329 10396 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:42:47.0361 10396 DcomLaunch - ok
20:42:47.0423 10396 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:42:47.0423 10396 DfsC - ok
20:42:47.0610 10396 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
20:42:47.0719 10396 DFSR - ok
20:42:47.0875 10396 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:42:47.0891 10396 Dhcp - ok
20:42:47.0953 10396 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
20:42:47.0953 10396 disk - ok
20:42:48.0000 10396 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:42:48.0000 10396 Dnscache - ok
20:42:48.0063 10396 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
20:42:48.0063 10396 dot3svc - ok
20:42:48.0156 10396 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
20:42:48.0156 10396 DPS - ok
20:42:48.0203 10396 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:42:48.0203 10396 drmkaud - ok
20:42:48.0281 10396 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:42:48.0297 10396 DXGKrnl - ok
20:42:48.0328 10396 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
20:42:48.0328 10396 E1G60 - ok
20:42:48.0421 10396 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
20:42:48.0421 10396 EapHost - ok
20:42:48.0531 10396 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
20:42:48.0531 10396 Ecache - ok
20:42:48.0749 10396 [ 0C3F9EFF8DDD9F9EB56D754B4620155F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:42:48.0765 10396 eeCtrl - ok
20:42:48.0889 10396 [ 33510BE001CCDB5A01FCC88F4DD8DFC7 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:42:48.0889 10396 ehRecvr - ok
20:42:48.0952 10396 [ 1ABC6436B0EDAA3D496D9C827F92820D ] ehSched C:\Windows\ehome\ehsched.exe
20:42:48.0952 10396 ehSched - ok
20:42:48.0999 10396 [ 08F48CB2CD4019AFB0456869B49CD76F ] ehstart C:\Windows\ehome\ehstart.dll
20:42:48.0999 10396 ehstart - ok
20:42:49.0061 10396 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:42:49.0061 10396 elxstor - ok
20:42:49.0155 10396 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:42:49.0170 10396 EMDMgmt - ok
20:42:49.0311 10396 [ 8C0F9B877BC0B7FFD327EF55F9EFB642 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:42:49.0311 10396 EraserUtilRebootDrv - ok
20:42:49.0357 10396 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:42:49.0357 10396 ErrDev - ok
20:42:49.0467 10396 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
20:42:49.0467 10396 EventSystem - ok
20:42:49.0623 10396 [ B43896E1DE42639BA7AD4FD7988C01E5 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:42:49.0654 10396 EvtEng - ok
20:42:49.0732 10396 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
20:42:49.0732 10396 exfat - ok
20:42:49.0810 10396 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:42:49.0825 10396 fastfat - ok
20:42:49.0872 10396 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:42:49.0872 10396 fdc - ok
20:42:49.0950 10396 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
20:42:49.0950 10396 fdPHost - ok
20:42:49.0966 10396 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
20:42:49.0966 10396 FDResPub - ok
20:42:50.0059 10396 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:42:50.0059 10396 FileInfo - ok
20:42:50.0091 10396 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:42:50.0091 10396 Filetrace - ok
20:42:50.0122 10396 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:42:50.0122 10396 flpydisk - ok
20:42:50.0200 10396 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:42:50.0200 10396 FltMgr - ok
20:42:50.0340 10396 [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache C:\Windows\system32\FntCache.dll
20:42:50.0356 10396 FontCache - ok
20:42:50.0481 10396 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:42:50.0481 10396 FontCache3.0.0.0 - ok
20:42:50.0590 10396 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:42:50.0590 10396 Fs_Rec - ok
20:42:50.0683 10396 [ 6D06B5EEBBA23C16789EFC820EE1F253 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
20:42:50.0683 10396 FwLnk - ok
20:42:50.0715 10396 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:42:50.0730 10396 gagp30kx - ok
20:42:50.0839 10396 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
20:42:50.0855 10396 gpsvc - ok
20:42:51.0011 10396 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca2c1f21a22820 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:51.0011 10396 gupdate1ca2c1f21a22820 - ok
20:42:51.0120 10396 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:51.0120 10396 gupdatem - ok
20:42:51.0214 10396 [ A420EE812D88AEF8C03E11EDD4B353DD ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:42:51.0214 10396 gusvc - ok
20:42:51.0292 10396 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:42:51.0292 10396 HdAudAddService - ok
20:42:51.0401 10396 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:42:51.0417 10396 HDAudBus - ok
20:42:51.0495 10396 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:42:51.0495 10396 HidBth - ok
20:42:51.0510 10396 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:42:51.0510 10396 HidIr - ok
20:42:51.0604 10396 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
20:42:51.0604 10396 hidserv - ok
20:42:51.0682 10396 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:42:51.0682 10396 HidUsb - ok
20:42:51.0744 10396 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
20:42:51.0744 10396 hkmsvc - ok
20:42:51.0838 10396 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:42:51.0853 10396 HpCISSs - ok
20:42:51.0978 10396 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:42:51.0978 10396 HSFHWAZL - ok
20:42:52.0072 10396 [ E6CD7F641916484B0141D191A390D866 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:42:52.0103 10396 HSF_DPV - ok
20:42:52.0259 10396 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:42:52.0259 10396 HTTP - ok
20:42:52.0306 10396 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:42:52.0306 10396 i2omp - ok
20:42:52.0353 10396 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:42:52.0368 10396 i8042prt - ok
20:42:52.0446 10396 [ 1ADAA4F16073FD0C7270F451FD024E97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:42:52.0446 10396 iaStor - ok
20:42:52.0493 10396 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:42:52.0509 10396 iaStorV - ok
20:42:52.0602 10396 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:42:52.0602 10396 IDriverT - ok
20:42:52.0727 10396 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:42:52.0743 10396 idsvc - ok
20:42:53.0070 10396 [ 18C40C3F368323B203ACE403CB430DB1 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20120320.002\IDSvia64.sys
20:42:53.0070 10396 IDSVia64 - ok
20:42:53.0133 10396 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:42:53.0133 10396 iirsp - ok
20:42:53.0788 10396 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
20:42:53.0803 10396 IKEEXT - ok
20:42:54.0147 10396 [ CE57D1A91272A35989837B868C8366DF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:42:54.0178 10396 IntcAzAudAddService - ok
20:42:54.0225 10396 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
20:42:54.0256 10396 intelide - ok
20:42:54.0303 10396 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:42:54.0303 10396 intelppm - ok
20:42:54.0365 10396 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:42:54.0365 10396 IPBusEnum - ok
20:42:54.0396 10396 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:42:54.0396 10396 IpFilterDriver - ok
20:42:54.0412 10396 IpInIp - ok
20:42:54.0459 10396 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:42:54.0459 10396 IPMIDRV - ok
20:42:54.0490 10396 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:42:54.0490 10396 IPNAT - ok
20:42:54.0521 10396 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:42:54.0521 10396 IRENUM - ok
20:42:54.0568 10396 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:42:54.0568 10396 isapnp - ok
20:42:54.0646 10396 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:42:54.0646 10396 iScsiPrt - ok
20:42:54.0677 10396 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:42:54.0677 10396 iteatapi - ok
20:42:54.0724 10396 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:42:54.0724 10396 iteraid - ok
20:42:54.0755 10396 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:42:54.0755 10396 kbdclass - ok
20:42:54.0771 10396 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:42:54.0771 10396 kbdhid - ok
20:42:54.0817 10396 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
20:42:54.0817 10396 KeyIso - ok
20:42:54.0911 10396 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:42:54.0911 10396 KSecDD - ok
20:42:54.0958 10396 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:42:54.0958 10396 ksthunk - ok
20:42:55.0020 10396 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
20:42:55.0020 10396 KtmRm - ok
20:42:55.0083 10396 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:42:55.0098 10396 LanmanServer - ok
20:42:55.0161 10396 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:42:55.0161 10396 LanmanWorkstation - ok
20:42:55.0285 10396 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:42:55.0285 10396 LightScribeService - ok
20:42:55.0301 10396 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:42:55.0317 10396 lltdio - ok
20:42:55.0395 10396 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:42:55.0410 10396 lltdsvc - ok
20:42:55.0441 10396 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:42:55.0441 10396 lmhosts - ok
20:42:55.0504 10396 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:42:55.0504 10396 LSI_FC - ok
20:42:55.0535 10396 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:42:55.0535 10396 LSI_SAS - ok
20:42:55.0551 10396 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:42:55.0566 10396 LSI_SCSI - ok
20:42:55.0582 10396 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
20:42:55.0597 10396 luafv - ok
20:42:55.0691 10396 [ 6DA30C0DE0CC8525E89D612C5063CAC1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:42:55.0691 10396 Mcx2Svc - ok
20:42:55.0738 10396 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
20:42:55.0738 10396 megasas - ok
20:42:55.0769 10396 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:42:55.0769 10396 MegaSR - ok
20:42:55.0816 10396 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
20:42:55.0831 10396 MMCSS - ok
20:42:55.0878 10396 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
20:42:55.0894 10396 Modem - ok
20:42:55.0925 10396 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:42:55.0925 10396 monitor - ok
20:42:55.0972 10396 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:42:55.0972 10396 mouclass - ok
20:42:56.0034 10396 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:42:56.0034 10396 mouhid - ok
20:42:56.0128 10396 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:42:56.0128 10396 MountMgr - ok
20:42:56.0221 10396 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:42:56.0221 10396 MozillaMaintenance - ok
20:42:56.0268 10396 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
20:42:56.0268 10396 mpio - ok
20:42:56.0315 10396 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:42:56.0315 10396 mpsdrv - ok
20:42:56.0331 10396 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:42:56.0331 10396 Mraid35x - ok
20:42:56.0409 10396 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:42:56.0424 10396 MRxDAV - ok
20:42:56.0471 10396 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:42:56.0471 10396 mrxsmb - ok
20:42:56.0533 10396 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:42:56.0549 10396 mrxsmb10 - ok
20:42:56.0565 10396 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:42:56.0580 10396 mrxsmb20 - ok
20:42:56.0627 10396 [ E7E3E515D1D33A2A372D7FCE2BBEF5D9 ] msahci C:\Windows\system32\drivers\msahci.sys
20:42:56.0627 10396 msahci - ok
20:42:56.0658 10396 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:42:56.0658 10396 msdsm - ok
20:42:56.0705 10396 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
20:42:56.0721 10396 MSDTC - ok
20:42:56.0767 10396 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:42:56.0767 10396 Msfs - ok
20:42:56.0877 10396 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:42:56.0877 10396 msisadrv - ok
20:42:56.0970 10396 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:42:56.0970 10396 MSiSCSI - ok
20:42:56.0986 10396 msiserver - ok
20:42:57.0048 10396 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:42:57.0064 10396 MSKSSRV - ok
20:42:57.0095 10396 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:42:57.0095 10396 MSPCLOCK - ok
20:42:57.0111 10396 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:42:57.0111 10396 MSPQM - ok
20:42:57.0173 10396 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:42:57.0189 10396 MsRPC - ok
20:42:57.0235 10396 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:42:57.0235 10396 mssmbios - ok
20:42:57.0329 10396 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:42:57.0329 10396 MSTEE - ok
20:42:57.0360 10396 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
20:42:57.0360 10396 Mup - ok
20:42:57.0438 10396 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
20:42:57.0438 10396 napagent - ok
20:42:57.0516 10396 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:42:57.0516 10396 NativeWifiP - ok
20:42:57.0594 10396 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20120320.018\ENG64.SYS
20:42:57.0594 10396 NAVENG - ok
20:42:57.0766 10396 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20120320.018\EX64.SYS
20:42:57.0797 10396 NAVEX15 - ok
20:42:57.0906 10396 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:42:57.0922 10396 NDIS - ok
20:42:58.0031 10396 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:42:58.0047 10396 NdisTapi - ok
20:42:58.0093 10396 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:42:58.0093 10396 Ndisuio - ok
20:42:58.0156 10396 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:42:58.0156 10396 NdisWan - ok
20:42:58.0187 10396 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:42:58.0187 10396 NDProxy - ok
20:42:58.0265 10396 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:42:58.0265 10396 NetBIOS - ok
20:42:58.0312 10396 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:42:58.0312 10396 netbt - ok
20:42:58.0343 10396 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
20:42:58.0343 10396 Netlogon - ok
20:42:58.0452 10396 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
20:42:58.0468 10396 Netman - ok
20:42:58.0515 10396 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
20:42:58.0515 10396 netprofm - ok
20:42:58.0561 10396 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:42:58.0561 10396 NetTcpPortSharing - ok
20:42:59.0154 10396 [ 2BDCB7B7917380794C9D87AC2153CE33 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
20:42:59.0217 10396 NETw5v64 - ok
20:42:59.0669 10396 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:42:59.0669 10396 nfrd960 - ok
20:42:59.0950 10396 [ B4187346F54E362DAFFE647B25A58D50 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
20:42:59.0950 10396 NIS - ok
20:43:00.0012 10396 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
20:43:00.0012 10396 NlaSvc - ok
20:43:00.0121 10396 [ 13350DDD0976CEB5F125396C7BFB05B4 ] nmraapache C:\Program Files (x86)\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
20:43:00.0121 10396 nmraapache - ok
20:43:00.0168 10396 [ 3CB041B0C24258BDCFD0DB1B1BF95EFB ] nmservice C:\Program Files (x86)\Pure Networks\Network Magic\nmsrvc.exe
20:43:00.0184 10396 nmservice - ok
20:43:00.0231 10396 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:43:00.0231 10396 Npfs - ok
20:43:00.0340 10396 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
20:43:00.0340 10396 nsi - ok
20:43:00.0402 10396 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:43:00.0402 10396 nsiproxy - ok
20:43:00.0605 10396 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:43:00.0636 10396 Ntfs - ok
20:43:00.0683 10396 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
20:43:00.0683 10396 Null - ok
20:43:00.0730 10396 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:43:00.0730 10396 nvraid - ok
20:43:00.0761 10396 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:43:00.0761 10396 nvstor - ok
20:43:00.0792 10396 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:43:00.0792 10396 nv_agp - ok
20:43:00.0792 10396 NwlnkFlt - ok
20:43:00.0808 10396 NwlnkFwd - ok
20:43:00.0917 10396 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:43:00.0917 10396 odserv - ok
20:43:00.0979 10396 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:43:00.0979 10396 ohci1394 - ok
20:43:01.0042 10396 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:43:01.0057 10396 ose - ok
20:43:01.0135 10396 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:43:01.0151 10396 p2pimsvc - ok
20:43:01.0182 10396 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
20:43:01.0198 10396 p2psvc - ok
20:43:01.0260 10396 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
20:43:01.0260 10396 Parport - ok
20:43:01.0323 10396 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:43:01.0323 10396 partmgr - ok
20:43:01.0385 10396 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
20:43:01.0385 10396 PcaSvc - ok
20:43:01.0432 10396 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
20:43:01.0447 10396 pci - ok
20:43:01.0494 10396 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:43:01.0494 10396 pciide - ok
20:43:01.0525 10396 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:43:01.0525 10396 pcmcia - ok
20:43:01.0603 10396 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
20:43:01.0603 10396 pcouffin - ok
20:43:01.0666 10396 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:43:01.0681 10396 PEAUTH - ok
20:43:01.0791 10396 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:43:01.0791 10396 PerfHost - ok
20:43:01.0837 10396 [ 2C3BA65F8CA712730050C29104E093F9 ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
20:43:01.0837 10396 PGEffect - ok
20:43:02.0040 10396 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
20:43:02.0056 10396 pla - ok
20:43:02.0118 10396 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:43:02.0134 10396 PlugPlay - ok
20:43:02.0212 10396 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:43:02.0227 10396 PNRPAutoReg - ok
20:43:02.0290 10396 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:43:02.0290 10396 PNRPsvc - ok
20:43:02.0352 10396 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:43:02.0368 10396 PolicyAgent - ok
20:43:02.0430 10396 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:43:02.0430 10396 PptpMiniport - ok
20:43:02.0493 10396 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
20:43:02.0493 10396 Processor - ok
20:43:02.0539 10396 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
20:43:02.0555 10396 ProfSvc - ok
20:43:02.0571 10396 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
20:43:02.0571 10396 ProtectedStorage - ok
20:43:02.0649 10396 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:43:02.0649 10396 PSched - ok
20:43:02.0773 10396 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:43:02.0789 10396 ql2300 - ok
20:43:02.0805 10396 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:43:02.0805 10396 ql40xx - ok
20:43:02.0883 10396 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
20:43:02.0883 10396 QWAVE - ok
20:43:02.0898 10396 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:43:02.0898 10396 QWAVEdrv - ok
20:43:02.0945 10396 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:43:02.0945 10396 RasAcd - ok
20:43:02.0992 10396 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
20:43:02.0992 10396 RasAuto - ok
20:43:03.0101 10396 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:43:03.0101 10396 Rasl2tp - ok
20:43:03.0132 10396 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
20:43:03.0132 10396 RasMan - ok
20:43:03.0179 10396 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:43:03.0179 10396 RasPppoe - ok
20:43:03.0257 10396 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:43:03.0257 10396 RasSstp - ok
20:43:03.0351 10396 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:43:03.0351 10396 rdbss - ok
20:43:03.0413 10396 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:43:03.0413 10396 RDPCDD - ok
20:43:03.0460 10396 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:43:03.0460 10396 rdpdr - ok
20:43:03.0491 10396 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:43:03.0491 10396 RDPENCDD - ok
20:43:03.0538 10396 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:43:03.0538 10396 RDPWD - ok
20:43:03.0709 10396 [ 02B918C898D017B428536AE77BCAAB25 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:43:03.0709 10396 RegSrvc - ok
20:43:03.0756 10396 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:43:03.0756 10396 RemoteAccess - ok
20:43:03.0834 10396 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:43:03.0850 10396 RemoteRegistry - ok
20:43:03.0897 10396 [ ABF0D2EAE54A7F071A54BD2828C982CA ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys
20:43:03.0912 10396 rimspci - ok
20:43:03.0975 10396 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
20:43:03.0975 10396 RimUsb - ok
20:43:04.0021 10396 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
20:43:04.0021 10396 RimVSerPort - ok
20:43:04.0068 10396 [ E8ED37D472EB5211C0A34FD63A3971E9 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe64.sys
20:43:04.0068 10396 rixdpcie - ok
20:43:04.0146 10396 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
20:43:04.0146 10396 ROOTMODEM - ok
20:43:04.0177 10396 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
20:43:04.0193 10396 RpcLocator - ok
20:43:04.0302 10396 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
20:43:04.0318 10396 RpcSs - ok
20:43:04.0380 10396 RSELSVC - ok
20:43:04.0411 10396 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:43:04.0411 10396 rspndr - ok
20:43:04.0489 10396 [ C3CF92F7983477FF305BD1AFAE411152 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
20:43:04.0505 10396 RTHDMIAzAudService - ok
20:43:04.0567 10396 [ 3E800D0DD24C5CFE61A1D71A3F6FEAB9 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
20:43:04.0567 10396 RTL8169 - ok
20:43:04.0614 10396 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
20:43:04.0614 10396 SamSs - ok
20:43:04.0677 10396 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:43:04.0677 10396 sbp2port - ok
20:43:04.0770 10396 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:43:04.0770 10396 SCardSvr - ok
20:43:04.0895 10396 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
20:43:04.0911 10396 Schedule - ok
20:43:04.0973 10396 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:43:04.0973 10396 SCPolicySvc - ok
20:43:05.0051 10396 [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:43:05.0051 10396 sdbus - ok
20:43:05.0098 10396 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:43:05.0113 10396 SDRSVC - ok
20:43:05.0145 10396 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:43:05.0160 10396 secdrv - ok
20:43:05.0191 10396 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
20:43:05.0191 10396 seclogon - ok
20:43:05.0301 10396 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
20:43:05.0316 10396 SENS - ok
20:43:05.0332 10396 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:43:05.0332 10396 Serenum - ok
20:43:05.0379 10396 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
20:43:05.0379 10396 Serial - ok
20:43:05.0410 10396 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:43:05.0425 10396 sermouse - ok
20:43:05.0535 10396 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
20:43:05.0550 10396 SessionEnv - ok
20:43:05.0581 10396 [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:43:05.0581 10396 sffdisk - ok
20:43:05.0628 10396 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:43:05.0628 10396 sffp_mmc - ok
20:43:05.0659 10396 [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:43:05.0659 10396 sffp_sd - ok
20:43:05.0722 10396 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:43:05.0722 10396 sfloppy - ok
20:43:05.0800 10396 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:43:05.0815 10396 ShellHWDetection - ok
20:43:05.0878 10396 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:43:05.0893 10396 SiSRaid2 - ok
20:43:06.0003 10396 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:43:06.0003 10396 SiSRaid4 - ok
20:43:06.0127 10396 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:43:06.0143 10396 SkypeUpdate - ok
20:43:06.0424 10396 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
20:43:06.0455 10396 slsvc - ok
20:43:06.0564 10396 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:43:06.0564 10396 SLUINotify - ok
20:43:06.0627 10396 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:43:06.0627 10396 Smb - ok
20:43:06.0720 10396 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:43:06.0720 10396 SNMPTRAP - ok
20:43:06.0767 10396 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
20:43:06.0767 10396 spldr - ok
20:43:06.0861 10396 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
20:43:06.0861 10396 Spooler - ok
20:43:07.0063 10396 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
20:43:07.0063 10396 SRTSP - ok
20:43:07.0141 10396 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
20:43:07.0141 10396 SRTSPX - ok
20:43:07.0204 10396 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
20:43:07.0219 10396 srv - ok
20:43:07.0297 10396 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:43:07.0297 10396 srv2 - ok
20:43:07.0313 10396 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:43:07.0313 10396 srvnet - ok
20:43:07.0375 10396 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:43:07.0391 10396 SSDPSRV - ok
20:43:07.0469 10396 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:43:07.0469 10396 SstpSvc - ok
20:43:07.0531 10396 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
20:43:07.0547 10396 stisvc - ok
20:43:07.0563 10396 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:43:07.0563 10396 swenum - ok
20:43:07.0656 10396 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
20:43:07.0656 10396 swprv - ok
20:43:07.0734 10396 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:43:07.0734 10396 Symc8xx - ok
20:43:07.0828 10396 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
20:43:07.0828 10396 SymDS - ok
20:43:07.0921 10396 [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
20:43:07.0921 10396 SymEFA - ok
20:43:08.0015 10396 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:43:08.0015 10396 SymEvent - ok
20:43:08.0140 10396 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
20:43:08.0140 10396 SymIRON - ok
20:43:08.0249 10396 [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
20:43:08.0249 10396 SYMTDIv - ok
20:43:08.0311 10396 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:43:08.0311 10396 Sym_hi - ok
20:43:08.0358 10396 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:43:08.0358 10396 Sym_u3 - ok
20:43:08.0452 10396 [ 6DE6D25CC1D1CB694A1CC3E4604DB644 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:43:08.0452 10396 SynTP - ok
20:43:08.0592 10396 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
20:43:08.0608 10396 SysMain - ok
20:43:08.0686 10396 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:43:08.0686 10396 TabletInputService - ok
20:43:08.0748 10396 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:43:08.0764 10396 TapiSrv - ok
20:43:08.0826 10396 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
20:43:08.0842 10396 TBS - ok
20:43:09.0201 10396 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:43:09.0216 10396 Tcpip - ok
20:43:09.0247 10396 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:43:09.0279 10396 Tcpip6 - ok
20:43:09.0341 10396 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:43:09.0341 10396 tcpipreg - ok
20:43:09.0403 10396 [ D45586A9FACB2C9708B10E491EF748A6 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:43:09.0403 10396 tdcmdpst - ok
20:43:09.0466 10396 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:43:09.0466 10396 TDPIPE - ok
20:43:09.0497 10396 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:43:09.0497 10396 TDTCP - ok
20:43:09.0575 10396 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:43:09.0575 10396 tdx - ok
20:43:09.0606 10396 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:43:09.0606 10396 TermDD - ok
20:43:09.0700 10396 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
20:43:09.0700 10396 TermService - ok
20:43:09.0747 10396 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
20:43:09.0762 10396 Themes - ok
20:43:09.0825 10396 [ E29A0C5C97615BFFAB138ABE308733B4 ] Thpdrv C:\Windows\system32\DRIVERS\thpdrv.sys
20:43:09.0825 10396 Thpdrv - ok
20:43:09.0840 10396 [ D6704940A79831B4FA271D7A73D291D8 ] Thpevm C:\Windows\system32\DRIVERS\Thpevm.SYS
20:43:09.0840 10396 Thpevm - ok
20:43:09.0918 10396 [ 8F0D1A0C9C25CC61E193C0C22422A9EA ] Thpsrv C:\Windows\system32\ThpSrv.exe
20:43:09.0934 10396 Thpsrv - ok
20:43:09.0965 10396 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
20:43:09.0965 10396 THREADORDER - ok
20:43:10.0105 10396 [ 22BC804EFE155F54252F389B0781D7F2 ] TNaviSrv C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
20:43:10.0105 10396 TNaviSrv - ok
20:43:10.0152 10396 [ 19AF3434564E973BC232BBD629EC2BF6 ] TODDSrv C:\Windows\system32\TODDSrv.exe
20:43:10.0152 10396 TODDSrv - ok
20:43:10.0246 10396 [ 7810E3A97E004CD2641FD3FC5D2A62CD ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:43:10.0246 10396 TosCoSrv - ok
20:43:10.0386 10396 [ 947B552AF9371BB52AB1E8C184D1A3D0 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
20:43:10.0386 10396 TOSHIBA eco Utility Service - ok
20:43:10.0495 10396 [ B67C69E2982769355D9FF76DD3B2A0FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:43:10.0495 10396 TOSHIBA HDD SSD Alert Service - ok
20:43:10.0605 10396 [ DD50A5DF5F7B29FDB6B5FEA728C43DC3 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys
20:43:10.0605 10396 tos_sps64 - ok
20:43:10.0667 10396 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
20:43:10.0683 10396 TrkWks - ok
20:43:10.0745 10396 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:43:10.0745 10396 TrustedInstaller - ok
20:43:10.0839 10396 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:43:10.0839 10396 tssecsrv - ok
20:43:10.0917 10396 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:43:10.0917 10396 tunmp - ok
20:43:10.0963 10396 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:43:10.0963 10396 tunnel - ok
20:43:11.0041 10396 [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:43:11.0041 10396 TVALZ - ok
20:43:11.0119 10396 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:43:11.0119 10396 uagp35 - ok
20:43:11.0197 10396 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:43:11.0197 10396 udfs - ok
20:43:11.0260 10396 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:43:11.0275 10396 UI0Detect - ok
20:43:11.0307 10396 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:43:11.0307 10396 uliagpkx - ok
20:43:11.0369 10396 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:43:11.0369 10396 uliahci - ok
20:43:11.0416 10396 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:43:11.0431 10396 UlSata - ok
20:43:11.0478 10396 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:43:11.0478 10396 ulsata2 - ok
20:43:11.0541 10396 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:43:11.0556 10396 umbus - ok
20:43:11.0697 10396 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
20:43:11.0697 10396 upnphost - ok
20:43:11.0806 10396 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:43:11.0806 10396 usbaudio - ok
20:43:11.0868 10396 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:43:11.0868 10396 usbccgp - ok
20:43:11.0962 10396 [ F8E1CB9B8DA037219953190CD2ACA358 ] USBCCID C:\Windows\system32\DRIVERS\usbccid.sys
20:43:11.0962 10396 USBCCID - ok
20:43:12.0009 10396 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:43:12.0009 10396 usbcir - ok
20:43:12.0071 10396 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:43:12.0071 10396 usbehci - ok
20:43:12.0133 10396 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:43:12.0133 10396 usbhub - ok
20:43:12.0180 10396 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:43:12.0180 10396 usbohci - ok
20:43:12.0274 10396 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:43:12.0274 10396 usbprint - ok
20:43:12.0321 10396 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:43:12.0321 10396 usbscan - ok
20:43:12.0367 10396 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:43:12.0367 10396 USBSTOR - ok
20:43:12.0445 10396 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:43:12.0461 10396 usbuhci - ok
20:43:12.0523 10396 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:43:12.0523 10396 usbvideo - ok
20:43:12.0555 10396 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
20:43:12.0570 10396 UxSms - ok
20:43:12.0711 10396 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
20:43:12.0726 10396 vds - ok
20:43:12.0773 10396 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:43:12.0773 10396 vga - ok
20:43:12.0804 10396 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:43:12.0804 10396 VgaSave - ok
20:43:12.0835 10396 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
20:43:12.0835 10396 viaide - ok
20:43:12.0945 10396 [ A96AFA32F73C065B9AE9D1554CDD00FC ] VNA C:\Windows\system32\DRIVERS\vna.sys
20:43:12.0945 10396 VNA - ok
20:43:13.0007 10396 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:43:13.0023 10396 volmgr - ok
20:43:13.0147 10396 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:43:13.0163 10396 volmgrx - ok
20:43:13.0257 10396 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:43:13.0257 10396 volsnap - ok
20:43:13.0303 10396 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:43:13.0303 10396 vsmraid - ok
20:43:13.0522 10396 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
20:43:13.0537 10396 VSS - ok
20:43:13.0615 10396 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
20:43:13.0631 10396 W32Time - ok
20:43:13.0693 10396 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:43:13.0693 10396 WacomPen - ok
20:43:13.0756 10396 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:43:13.0756 10396 Wanarp - ok
20:43:13.0771 10396 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:43:13.0771 10396 Wanarpv6 - ok
20:43:13.0834 10396 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:43:13.0834 10396 wcncsvc - ok
20:43:13.0881 10396 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:43:13.0896 10396 WcsPlugInService - ok
20:43:13.0927 10396 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
20:43:13.0927 10396 Wd - ok
20:43:14.0068 10396 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:43:14.0083 10396 Wdf01000 - ok
20:43:14.0161 10396 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:43:14.0161 10396 WdiServiceHost - ok
20:43:14.0161 10396 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:43:14.0177 10396 WdiSystemHost - ok
20:43:14.0239 10396 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
20:43:14.0255 10396 WebClient - ok
20:43:14.0302 10396 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:43:14.0302 10396 Wecsvc - ok
20:43:14.0364 10396 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:43:14.0380 10396 wercplsupport - ok
20:43:14.0411 10396 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
20:43:14.0411 10396 WerSvc - ok
20:43:14.0489 10396 [ B5C348B265178FB9EE55ADDB3929485D ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:43:14.0489 10396 winachsf - ok
20:43:14.0505 10396 WinHttpAutoProxySvc - ok
20:43:14.0614 10396 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:43:14.0614 10396 Winmgmt - ok
20:43:14.0692 10396 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll
20:43:14.0723 10396 WinRM - ok
20:43:14.0817 10396 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:43:14.0817 10396 Wlansvc - ok
20:43:14.0895 10396 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:43:14.0895 10396 WmiAcpi - ok
20:43:14.0988 10396 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:43:15.0004 10396 wmiApSrv - ok
20:43:15.0066 10396 WMPNetworkSvc - ok
20:43:15.0129 10396 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:43:15.0144 10396 WPCSvc - ok
20:43:15.0222 10396 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:43:15.0222 10396 WPDBusEnum - ok
20:43:15.0300 10396 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:43:15.0300 10396 WpdUsb - ok
20:43:15.0472 10396 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:43:15.0487 10396 ws2ifsl - ok
20:43:15.0487 10396 WSearch - ok
20:43:15.0581 10396 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:43:15.0581 10396 WUDFRd - ok
20:43:15.0643 10396 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:43:15.0643 10396 wudfsvc - ok
20:43:15.0675 10396 ================ Scan global ===============================
20:43:15.0799 10396 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
20:43:15.0877 10396 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:43:15.0893 10396 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:43:15.0971 10396 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
20:43:15.0987 10396 [Global] - ok
20:43:15.0987 10396 ================ Scan MBR ==================================
20:43:16.0002 10396 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
20:43:17.0094 10396 \Device\Harddisk0\DR0 - ok
20:43:17.0094 10396 ================ Scan VBR ==================================
20:43:17.0141 10396 [ 2EB2E07F6BD0F81AC27E7E0F5C694158 ] \Device\Harddisk0\DR0\Partition1
20:43:17.0157 10396 \Device\Harddisk0\DR0\Partition1 - ok
20:43:17.0157 10396 ============================================================
20:43:17.0157 10396 Scan finished
20:43:17.0157 10396 ============================================================
20:43:17.0172 9488 Detected object count: 0
20:43:17.0172 9488 Actual detected object count: 0



______________________________________________________________________________________________________________________


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-20 21:05:30
-----------------------------
21:05:30.016 OS Version: Windows x64 6.0.6002 Service Pack 2
21:05:30.016 Number of processors: 2 586 0x1706
21:05:30.016 ComputerName: BRIAN-PC UserName: Brian
21:05:31.561 Initialze error C0000061 - driver not loaded
21:05:46.661 AVAST engine defs: 13012001
21:05:53.416 Service scanning
21:06:35.817 Modules scanning
21:06:35.817 Disk 0 trace - called modules:
21:06:35.817
21:06:36.987 AVAST engine scan C:\Windows
21:06:41.215 AVAST engine scan C:\Windows\system32
21:08:33.628 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:08:40.383 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:10:05.122 AVAST engine scan C:\Windows\system32\drivers
21:10:18.226 AVAST engine scan C:\Users\Brian
21:12:51.293 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR_notes.txt"




________________________________________________________________________________________________________________________



C:\Users\All Users\Microsoft\Windows\DRM\4FCF.tmp Win64/Olmarik.AH trojan
C:\Users\All Users\Microsoft\Windows\DRM\4FCF.tmp.dat Win32/Olmarik.AYD trojan
C:\Users\All Users\Microsoft\Windows\DRM\502D.tmp Win64/Olmarik.AH trojan
C:\Users\All Users\Microsoft\Windows\DRM\7DFC.tmp Win64/Olmarik.AH trojan
C:\Users\All Users\Microsoft\Windows\DRM\7DFC.tmp.dat a variant of Win32/Kryptik.ACVP trojan
C:\Users\All Users\Microsoft\Windows\DRM\7E1C.tmp Win64/Olmarik.AH trojan
C:\ProgramData\Microsoft\Windows\DRM\4FCF.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\4FCF.tmp.dat Win32/Olmarik.AYD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\502D.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\7DFC.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\7DFC.tmp.dat a variant of Win32/Kryptik.ACVP trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\7E1C.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Default\aadfdddfgddgdcdggbgbdbgddedhgedb\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Default\aadfdddfgddgdcdggbgbdbgddedhgedb\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\Local\Temp\0.6307827680376493 a variant of Win32/Kryptik.AGVE trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\Local\Temp\124kkk290347.exe probably a variant of Win32/Kryptik.AICW trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\Local\Temp\50BB.tmp Win32/Olmarik.AYD trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\Local\Temp\7EB9.tmp a variant of Win32/Kryptik.ACVP trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\Local\Temp\YontooSetup-S.exe multiple threats cleaned by deleting - quarantined
C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-14e11503 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-28f2774c a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-2c565972 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-3581d5ce a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-37748bf9 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-5d909c5b a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\Roaming\dvebcf.dll a variant of Win32/Medfos.IO trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Brian\AppData\Roaming\ntocdn.dll a variant of Win32/Medfos.IP trojan cleaned by deleting - quarantined
C:\Users\Brian\AppData\Roaming\wmriav.dll a variant of Win32/Medfos.IP trojan cleaned by deleting - quarantined
Operating memory multiple threats

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:21 PM

Posted 21 January 2013 - 11:05 AM

Please run aswmbr again and post the new log

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 DChopeless

DChopeless
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 21 January 2013 - 06:25 PM

aswmbr - I have tried running several times in both regular and safe modes. An error appears and shuts my computer down and I cannot get anything other than the incomplete report. Is there a better program to run or something different I can do? Thanks.

__________________________________________________________________________
Malware Bites

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.21.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Brian :: BRIAN-PC [administrator]

Protection: Enabled

1/21/2013 11:43:44 AM
mbam-log-2013-01-21 (11-43-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 461267
Time elapsed: 3 hour(s), 54 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 9
C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Brian\Local Settings\Application Data\PlayVolcanoSA (Adware.HotBar.PV) -> Quarantined and deleted successfully.
C:\Users\Brian\Local Settings\Application Data\PlayVolcanoSA\bin (Adware.HotBar.PV) -> Quarantined and deleted successfully.
C:\Users\Brian\Local Settings\Application Data\PlayVolcanoSA\bin\1.0.10.0 (Adware.HotBar.PV) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\PlayVolcanoSA (Adware.HotBar.PV) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\PlayVolcanoSA\bin (Adware.HotBar.PV) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\PlayVolcanoSA\bin\1.0.10.0 (Adware.HotBar.PV) -> Quarantined and deleted successfully.

Files Detected: 16
C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\n (Trojan.0Access) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\U\80000064.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3406868651-1759848540-379657387-1000\$c75d2e208295c66ce7dbdd1ad177b5eb\n (Trojan.0Access) -> Delete on reboot.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TOSHIBA\Amazon\MP3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TOSHIBA\Amazon\Shopping.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TOSHIBA\Amazon\ShoppingD.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TOSHIBA\Amazon\VOD.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\PlayVolcanoSA\bin\1.0.10.0\PlayVolcanoSAHook.dll (Adware.HotBar.GF) -> Quarantined and deleted successfully.
C:\Users\Brian\Local Settings\Application Data\PlayVolcanoSA\bin\1.0.10.0\PlayVolcanoSAHook.dll (Adware.HotBar.PV) -> Quarantined and deleted successfully.

(end)
________________________________________________________________________________________________

mini toolbox

MiniToolBox by Farbar Version:10-01-2013
Ran by Brian (administrator) on 21-01-2013 at 12:41:48
Running from "C:\Users\Brian\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Realtek RTL8168D/8111D Family PCI-E GBE NIC = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : Brian-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.va.comcast.net.

Ethernet adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Check Point Virtual Network Adapter For SSL Network Extender #2
Physical Address. . . . . . . . . : 54-A8-B4-C8-7C-10
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Check Point Virtual Network Adapter For SSL Network Extender
Physical Address. . . . . . . . . : 54-A9-BF-AF-D8-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.va.comcast.net.
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-1E-65-39-67-F4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6135:fda6:7df0:615f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 21, 2013 11:06:58 AM
Lease Expires . . . . . . . . . . : Monday, January 28, 2013 11:06:57 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 285220453
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-F2-7F-C1-00-1E-33-CE-B9-92
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E GBE NIC
Physical Address. . . . . . . . . : 00-1E-33-CE-B9-92
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.va.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A4A44328-599E-4D3F-A9DD-FBA8BAA2259C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{EF480F3B-AB6A-4BD4-B0F1-795E8E3A1A03}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{55E0ED12-F1BF-45B8-A7C6-08BA7BE6F58C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Pinging google.com [173.194.43.40] with 32 bytes of data:Reply from 173.194.43.40: bytes=32 time=22ms TTL=54Reply from 173.194.43.40: bytes=32 time=54ms TTL=54Ping statistics for 173.194.43.40: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 22ms, Maximum = 54ms, Average = 38msPinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=209ms TTL=49Reply from 98.139.183.24: bytes=32 time=240ms TTL=51Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 209ms, Maximum = 240ms, Average = 224msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
14 ...54 a8 b4 c8 7c 10 ...... Check Point Virtual Network Adapter For SSL Network Extender #2
13 ...54 a9 bf af d8 0c ...... Check Point Virtual Network Adapter For SSL Network Extender
11 ...00 1e 65 39 67 f4 ...... Intel® WiFi Link 5100 AGN
10 ...00 1e 33 ce b9 92 ...... Realtek RTL8168D/8111D Family PCI-E GBE NIC
1 ........................... Software Loopback Interface 1
18 ...00 00 00 00 00 00 00 e0 isatap.hsd1.va.comcast.net.
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
17 ...00 00 00 00 00 00 00 e0 isatap.{A4A44328-599E-4D3F-A9DD-FBA8BAA2259C}
15 ...00 00 00 00 00 00 00 e0 isatap.{EF480F3B-AB6A-4BD4-B0F1-795E8E3A1A03}
16 ...00 00 00 00 00 00 00 e0 isatap.{55E0ED12-F1BF-45B8-A7C6-08BA7BE6F58C}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.5 25
10.0.0.0 255.255.255.0 On-link 10.0.0.5 281
10.0.0.5 255.255.255.255 On-link 10.0.0.5 281
10.0.0.255 255.255.255.255 On-link 10.0.0.5 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.5 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::6135:fda6:7df0:615f/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File not found] ()
Catalog9 02 mswsock.dll [File not found] ()
Catalog9 03 mswsock.dll [File not found] ()
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 mswsock.dll [File not found] ()
Catalog9 07 mswsock.dll [File not found] ()
Catalog9 08 mswsock.dll [File not found] ()
Catalog9 09 mswsock.dll [File not found] ()
Catalog9 10 mswsock.dll [File not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/21/2013 00:48:34 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x15f0, application start time 0xnslookup.exe0.

Error: (01/21/2013 00:47:44 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7567a57d,
process id 0x1ed8, application start time 0xsvchost.exe0.

Error: (01/21/2013 00:45:38 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7567a57d,
process id 0x14f8, application start time 0xsvchost.exe0.

Error: (01/21/2013 00:44:14 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x18e8, application start time 0xnslookup.exe0.

Error: (01/21/2013 00:43:52 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7567a57d,
process id 0x1d54, application start time 0xsvchost.exe0.

Error: (01/21/2013 00:40:25 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7567a57d,
process id 0x189c, application start time 0xsvchost.exe0.

Error: (01/21/2013 00:35:54 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7567a57d,
process id 0x15f0, application start time 0xsvchost.exe0.

Error: (01/21/2013 00:32:12 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7567a57d,
process id 0xa60, application start time 0xsvchost.exe0.

Error: (01/21/2013 00:29:59 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7567a57d,
process id 0x1fb0, application start time 0xsvchost.exe0.

Error: (01/21/2013 00:26:34 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7567a57d,
process id 0x1ff4, application start time 0xsvchost.exe0.


System errors:
=============
Error: (01/21/2013 11:14:04 AM) (Source: Service Control Manager) (User: )
Description: KtmRm for Distributed Transaction Coordinator

Error: (01/21/2013 11:10:07 AM) (Source: DCOM) (User: )
Description: {7F6316B4-4D69-4765-B0A3-B2598F2FA80A}

Error: (01/21/2013 11:08:47 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (01/21/2013 11:08:47 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (01/21/2013 11:08:47 AM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (01/21/2013 09:53:03 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/21/2013 09:53:03 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/21/2013 09:53:03 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/21/2013 09:53:03 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/21/2013 09:53:03 AM) (Source: Service Control Manager) (User: )
Description: AFD
BHDrvx64
ccHP
DfsC
eeCtrl
IDSVia64
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
SRTSPX
SymIRON
SYMTDIv
tdx
Wanarpv6


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-01-21 12:24:15.845
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20120317.002\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-21 12:24:15.365
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20120317.002\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-21 12:24:14.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20120317.002\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-21 12:24:14.155
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20120317.002\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-21 12:24:13.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20120317.002\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-21 12:24:12.728
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20120317.002\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-10-15 07:37:54.200
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-10-15 07:37:54.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-10-15 07:37:53.935
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-10-15 07:37:53.810
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
ATI Catalyst Install Manager (Version: 3.0.723.0)
ccc-utility64 (Version: 2009.0421.2132.36832)
Dolby Control Center (Version: 2.2.1)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software (Version: 12.04.0000)
Intel® Matrix Storage Manager
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Octoshape add-in for Adobe Flash Player
PaperPort Image Printer (Version: 1.00.0000)
PlayReady PC runtime (Version: 1)
Synaptics Pointing Device Driver (Version: 12.2.10.0)
TOSHIBA Disc Creator (Version: 2.0.1.3 for x64)
TOSHIBA eco Utility (Version: 1.0.2.64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 3.0.4.64)
TOSHIBA HDD Protection (Version: 2.1.2.9)
TOSHIBA HDD/SSD Alert (Version: 3.0.64.0)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.00)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.2 for x64)
TOSHIBA SD Memory Utilities (Version: 1.9.1.12)
TOSHIBA Software Modem
TOSHIBA Value Added Package (Version: 1.2.8.64)
Windows Driver Package - Dekart (DEKART38) SmartCardReader (11/21/2007 1.0.5.9) (Version: 11/21/2007 1.0.5.9)
Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) (Version: 11/19/2006 1.0.0.3)

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 4093.05 MB
Available physical RAM: 1650.51 MB
Total Pagefile: 8377.38 MB
Available Pagefile: 5667.62 MB
Total Virtual: 4095.88 MB
Available Virtual: 3997.93 MB

========================= Partitions: =====================================

1 Drive c: (TI100343V0F) (Fixed) (Total:454.05 GB) (Free:371.47 GB) NTFS
2 Drive d: (Nov 06 2012) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\BRIAN-PC

Administrator Brian Guest

========================= Restore Points ==================================

10-12-2012 08:54:52 Scheduled Checkpoint
13-12-2012 08:01:11 Windows Update
27-12-2012 22:39:18 Windows Update
09-01-2013 08:01:45 Windows Update

**** End of log ****

____________________________________________________________________________________________

Farber Service

Farbar Service Scanner Version: 16-01-2013
Ran by Brian (administrator) on 21-01-2013 at 12:59:52
Running from "C:\Users\Brian\Desktop\Computer Medicine"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-10-20 09:16] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 00:48] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 15:38] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-15 17:39] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-10-20 09:17] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-10-20 09:16] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-10-20 09:17] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-10-20 09:15] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-10-20 09:16] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-10-20 09:17] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-10-20 09:17] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-10-10 07:27] - [2012-06-01 19:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-10-20 09:17] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

_________________________________________________________________________________________________

adware cleaner

# AdwCleaner v2.107 - Logfile created 01/21/2013 at 16:51:14
# Updated 21/01/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Brian - BRIAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Brian\Desktop\Computer Medicine\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\gtsg4ku8.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2249 octets] - [21/01/2013 16:51:14]

########## EOF - C:\AdwCleaner[S1].txt - [2309 octets] ##########

____________________________________________________________________________________

Junkware Removal

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.7 (01.21.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by Brian on Mon 01/21/2013 at 17:06:27.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Val Name Type Value Data
======== ==== ==========
dvebcf REG_SZ rundll32.exe "C:\Users\Brian\AppData\Roaming\dvebcf.dll",PszEscapeMenuStringA




~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/21/2013 at 17:41:40.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

______________________________________________________________________________

RKILL

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/21/2013 05:48:35 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\TODDSrv.exe (PID: 2572) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Brian\Desktop\rkill\rkill-01-21-2013-05-48-42.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\L\00000004.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\L\76603ac3 [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3406868651-1759848540-379657387-1000\$c75d2e208295c66ce7dbdd1ad177b5eb\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3406868651-1759848540-379657387-1000\$c75d2e208295c66ce7dbdd1ad177b5eb\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-3406868651-1759848540-379657387-1000\$c75d2e208295c66ce7dbdd1ad177b5eb\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3406868651-1759848540-379657387-1000\$c75d2e208295c66ce7dbdd1ad177b5eb\U\ [ZA Dir]
* C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]
* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 01/21/2013 05:50:15 PM
Execution time: 0 hours(s), 1 minute(s), and 39 seconds(s)

_______________________________________________________________________________

Autoruns

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/21/2013 05:48:35 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\TODDSrv.exe (PID: 2572) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Brian\Desktop\rkill\rkill-01-21-2013-05-48-42.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\L\00000004.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\L\76603ac3 [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$c75d2e208295c66ce7dbdd1ad177b5eb\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3406868651-1759848540-379657387-1000\$c75d2e208295c66ce7dbdd1ad177b5eb\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3406868651-1759848540-379657387-1000\$c75d2e208295c66ce7dbdd1ad177b5eb\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-3406868651-1759848540-379657387-1000\$c75d2e208295c66ce7dbdd1ad177b5eb\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3406868651-1759848540-379657387-1000\$c75d2e208295c66ce7dbdd1ad177b5eb\U\ [ZA Dir]
* C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]
* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 01/21/2013 05:50:15 PM
Execution time: 0 hours(s), 1 minute(s), and 39 seconds(s)

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:21 PM

Posted 21 January 2013 - 09:18 PM

Now run RKILL given in previous instructions and post the new log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

Edited by narenxp, 21 January 2013 - 11:31 PM.


#7 DChopeless

DChopeless
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 21 January 2013 - 10:06 PM

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/21/2013 09:37:47 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\TODDSrv.exe (PID: 3260) [WD-HEUR]
* C:\Users\Brian\Desktop\Computer Medicine\RogueKiller.exe (PID: 1420) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 01/21/2013 09:38:13 PM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)

___________________________________________________________________________________


Farbar Service Scanner Version: 16-01-2013
Ran by Brian (administrator) on 21-01-2013 at 21:53:39
Running from "C:\Users\Brian\Desktop\Computer Medicine\Fix 2"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-10-20 09:16] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 00:48] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 15:38] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-15 17:39] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-10-20 09:17] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-10-20 09:16] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-10-20 09:17] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-10-20 09:15] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-10-20 09:16] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-10-20 09:17] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-10-20 09:17] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-10-10 07:27] - [2012-06-01 19:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-10-20 09:17] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****


_____________________________________________________________________________________________________________________

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "00TCrdMain" "TOSHIBA Flash Cards" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe"
+ "HSON" "HotStartOn" "TOSHIBA Corporation" "c:\program files\toshiba\tbs\hson.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "Skytel" "Realtek Voice Manager" "Realtek Semiconductor Corp." "c:\program files\realtek\audio\hda\skytel.exe"
+ "SmartFaceVWatcher" "SmartFaceVWatcher" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevwatcher.exe"
+ "SmoothView" "SmoothView" "TOSHIBA Corporation" "c:\program files\toshiba\smoothview\smoothview.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "Teco" "TOSHIBA eco Utility" "TOSHIBA Corporation" "c:\program files\toshiba\teco\teco.exe"
+ "ThpSrv" "TOSHIBA HDD Protection Service" "TOSHIBA Corporation" "c:\windows\system32\thpsrv.exe"
+ "TosSENotify" "TosSENotify.exe.mui" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossenotify.exe"
+ "TPwrMain" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\program files\toshiba\power saver\tpwrmain.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "BlackBerryAutoUpdate" "RIM Auto Update" "Research In Motion Limited" "c:\program files (x86)\common files\research in motion\auto update\rimautoupdate.exe"
+ "BrMfcWnd" "Brother Status Monitor MFC Application" "Brother Industries, Ltd." "c:\program files (x86)\brother\brmfcmon\brmfcwnd.exe"
+ "cfFncEnabler.exe" "cfFncEnabler" "Toshiba Corporation" "c:\program files (x86)\toshiba\configfree\cffncenabler.exe"
+ "CLMLServer" "CyberLink MediaLibray Service" "CyberLink" "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\clmlsvc.exe"
+ "ControlCenter3" "ControlCenter Program" "Brother Industries, Ltd." "c:\program files (x86)\brother\controlcenter3\brctrcen.exe"
+ "IndexSearch" "PaperPort IndexSearch" "Nuance Communications, Inc." "c:\program files (x86)\scansoft\paperport\indexsearch.exe"
+ "masqform.exe" "PureEdge™ Viewer" "PureEdge™ Solutions Inc." "c:\program files (x86)\pureedge\viewer 6.5\masqform.exe"
+ "NDSTray.exe" "ConfigFree Task Tray Menu" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\configfree\ndstray.exe"
+ "nmapp" "Network Magic Application" "Pure Networks, Inc." "c:\program files (x86)\pure networks\network magic\nmapp.exe"
+ "PaperPort PTD" "PaperPort Print to Desktop for NT" "Nuance Communications, Inc." "c:\program files (x86)\scansoft\paperport\pptd40nt.exe"
+ "PCMAgent" "CyberLink PowerCinema Resident Program" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\pcmagent.exe"
+ "PPort11reminder" "SSEreg MFC Application" "Nuance Communications, Inc." "c:\program files (x86)\scansoft\paperport\ereg\ereg.exe"
+ "SSBkgdUpdate" "SSBkgdUpdate" "Nuance Communications, Inc." "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\update\realsched.exe"
+ "TUSBSleepChargeSrv" "TOSHIBA USB Sleep and Charge Service" "TOSHIBA" "c:\program files (x86)\toshiba\toshiba usb sleep and charge utility\tusbsleepchargesrv.exe"
+ "TWebCamera" "" "TOSHIBA" "c:\program files (x86)\toshiba\toshiba web camera application\twebcamera.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\brian\appdata\local\google\update\googleupdate.exe"
+ "WMPNSCFG" "" "" "File not found: C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\17.9.0.12\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\17.9.0.12\navshext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Network Magic Folders" "nmspce Dynamic Link Library" "Pure Networks, Inc." "c:\program files (x86)\pure networks\network magic\nmspce2.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Network Magic Folders" "nmspce Dynamic Link Library" "Pure Networks, Inc." "c:\program files (x86)\pure networks\network magic\nmspce2.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\17.9.0.12\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Network Magic Folders" "nmspce Dynamic Link Library" "Pure Networks, Inc." "c:\program files (x86)\pure networks\network magic\nmspce2.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\17.9.0.12\navshext.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "Symantec Intrusion Prevention" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\17.9.0.12\ipsbho.dll"
+ "Symantec NCO BHO" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\17.9.0.12\coieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\17.9.0.12\coieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\GoogleUpdateTaskUserS-1-5-21-3406868651-1759848540-379657387-1000Core" "Google Installer" "Google Inc." "c:\users\brian\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3406868651-1759848540-379657387-1000UA" "Google Installer" "Google Inc." "c:\users\brian\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows\WindowsCalendar\Reminders - Brian" "Windows Calendar" "Microsoft Corporation" "c:\program files\windows calendar\wincal.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\RealUpgradeLogonTaskS-1-5-21-3406868651-1759848540-379657387-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-3406868651-1759848540-379657387-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\Symantec\Symantec Error Analyzer 17.9.0.12" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\17.9.0.12\symerr.exe"
+ "\{196BA001-A5F6-4F4B-95DE-589B27A4A3E4}" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AgereModemAudio" "Agere Soft Modem Call Progress Service" "Agere Systems" "c:\windows\system32\agr64svc.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "camsvc" "" "TOSHIBA" "c:\program files (x86)\toshiba\toshiba web camera application\twebcamerasrv.exe"
+ "ConfigFree Gadget Service" "It's called by ConfigFree Gadget (x64)" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\configfree\cfprocsrvc.exe"
+ "ConfigFree Service" "You can't stop this service, if you want to keep ConfigFree functionality fine." "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\configfree\cfsvcs.exe"
+ "cpextender" "" "Check Point Software Technologies" "c:\program files (x86)\checkpoint\ssl network extender\slimsvc.exe"
+ "EvtEng" "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\evteng.exe"
+ "gupdate1ca2c1f21a22820" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\1150\intel 32\idrivert.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lssrvc.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "NIS" "Norton Internet Security" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\17.9.0.12\ccsvchst.exe"
+ "nmraapache" "Provides support for the Net2Go web service" "Pure Networks, Inc." "c:\program files (x86)\pure networks\network magic\webserver\bin\nmraapache.exe"
+ "nmservice" "Enables Network Magic services such as file sharing, printer sharing, and network monitoring. This service must be running for Network Magic to function properly." "Pure Networks, Inc." "c:\program files (x86)\pure networks\network magic\nmsrvc.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "RSELSVC" "This service is the purpose of changing modem region" "TOSHIBA Corporation" "c:\program files\toshiba\rselect\rselsvc.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "Thpsrv" "TOSHIBA HDD Protection Service" "TOSHIBA Corporation" "c:\windows\system32\thpsrv.exe"
+ "TNaviSrv" "TOSHIBA Navi Support Service" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tnavisrv.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA eco Utility Service" "TOSHIBA eco Utility Service" "TOSHIBA Corporation" "c:\program files\toshiba\teco\tecoservice.exe"
+ "TOSHIBA HDD SSD Alert Service" "TosSmartSrv.exe" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm64.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20120317.002\bhdrvx64.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "ccHP" "Common Client Hash Provider Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1109000.00c\cchpx64.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g6032e.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "FwLnk" "TOSHIBA Firmware Linkage 64-bit Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\fwlnk.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20120320.002\idsvia64.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20120320.018\eng64.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20120320.018\ex64.sys"
+ "NETw5v64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v64.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "pcouffin" "low level access layer for CD/DVD/BD devices" "VSO Software" "c:\windows\system32\drivers\pcouffin.sys"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys"
+ "rimspci" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimspe64.sys"
+ "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb_amd64.sys"
+ "RimVSerPort" "RIM Virtual Serial Driver" "Research in Motion Ltd" "c:\windows\system32\drivers\rimserial_amd64.sys"
+ "rixdpcie" "RICOH PCIe XD Driver" "REDC" "c:\windows\system32\drivers\rixdpe64.sys"
+ "RTHDMIAzAudService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rthdmivx.sys"
+ "RTL8169" "Realtek 8136/8168/8169 NDIS6 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rtlh64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1109000.00c\srtsp64.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1109000.00c\srtspx64.sys"
+ "SymDS" "Symantec Data Store" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1109000.00c\symds64.sys"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1109000.00c\symefa64.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys"
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1109000.00c\ironx64.sys"
+ "SYMTDIv" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1109000.00c\symtdiv.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "Thpdrv" "TOSHIBA HDD Protection Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\thpdrv.sys"
+ "Thpevm" "TOSHIBA HDD Protection - Shock Sensor Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\thpevm.sys"
+ "tos_sps64" "tos_sps2" "TOSHIBA Corporation" "c:\windows\system32\drivers\tos_sps64.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "VNA" "" "Check Point Software Technologies" "c:\windows\system32\drivers\vna.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.dvacm" "Ulead DV Audio ACM Driver" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\vio\dvacm.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.mpegacm" "Ulead MPEG1 Layer2 Audio ACM Driver" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\mpegacm.acm"
+ "msacm.ulmp3acm" "Ulead MP3 codec engine" "Ulead systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulmp3acm.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "32KHz to 16KHz Audio Decimator" "QCP DirectShow Filters" "Qualcomm, Inc." "c:\program files (x86)\verizon\verizon media manager\3ivx\zqcp.ax"
+ "3ivx AAC Audio Encoder" "3ivx 6.0.0 DirectShow Audio Encoder" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdsaudioencoder.ax"
+ "3ivx AC3 Audio Encoder" "3ivx 6.0.0 DirectShow Audio Encoder" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdsaudioencoder.ax"
+ "3ivx ADTS Parser" "3ivx 6.0.0 DirectShow ADTS Parser" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdsadtsparser.ax"
+ "3ivx Audio Decoder" "3ivx 6.0.0 DirectShow Audio Decoder" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdsaudiodecoder.ax"
+ "3ivx Decoder Filter" "3ivx 6.0.0 DirectShow Video Decoder" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdsvideodecoder.ax"
+ "3ivx Media Muxer" "3ivx 6.0.0 DirectShow Media Muxer" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdsmediamux.ax"
+ "3ivx Media Splitter" "3ivx 6.0.0 DirectShow Media Splitter" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdsmediasplitter.ax"
+ "3ivx MPEG-4 Video Encoder" "3ivx 6.0.0 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdsvideoencoder.ax"
+ "3ivx Soda Audio Sink" "3ivx 6.0.0 DirectShow Soda Audio Sink" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdssodaaudiosink.ax"
+ "3ivx Soda Audio Source2" "3ivx 6.0.0 DirectShow Soda Audio Source2" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdssodaaudiosource2.ax"
+ "3ivx Soda Generic Sink" "3ivx 6.0.0 DirectShow Soda Generic Sink" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdssodagenericsink.ax"
+ "3ivx Soda Generic Source" "3ivx 6.0.0 GeneircSource" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdsgenericsource.ax"
+ "3ivx Soda Video Sink2" "3ivx 6.0.0 DirectShow Soda Video Sink2" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdssodavideosink2.ax"
+ "3ivx Soda Video Source2" "3ivx 6.0.0 DirectShow Soda Video Source2" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdssodavideosource2.ax"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
+ "CyberLink Audio Commercial Cut Analyzer" "CLAudCM" "Cyberlink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\claudcm.ax"
+ "CyberLink Audio Commercial Cut Analyzer" "CLAudCM" "Cyberlink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\claudcm.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\claud.ax"
+ "CyberLink Audio Decoder (PCM45)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\claud.ax"
+ "CyberLink Audio Effect (PCM45)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\claudfx.ax"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\claunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\claursmpl.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\claudspa.ax"
+ "CyberLink Audio Wizard (PCM45)" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\claudwizard.ax"
+ "CyberLink AudioCD Filter (PCM45)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\claudiocd.ax"
+ "CyberLink Demultiplexer (PCM45)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\cldemuxer.ax"
+ "CyberLink DVD Navigator (PCM45)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\clnavx.ax"
+ "CyberLink H.264/AVC Decoder" "CyberLink 264 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\cl264dec.ax"
+ "CyberLink Line21 Decoder Filter (PCM45)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\clline21.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\clsplter.ax"
+ "CyberLink Scene Detect Filter 2" "CLScnDt2" "訊連科技" "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\clscndt2.dll"
+ "CyberLink SnapShotTIP Filter" "CLSShot" "CyberLink" "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\clsshot.ax"
+ "Cyberlink SubTitle Importor (PCM45)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\clauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\cltlmsplter.ax"
+ "CyberLink UltraSpeed/SVRT Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\cledtdemuxer.ax"
+ "CyberLink Video Effect (PCM45)" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\clvidfx.ax"
+ "CyberLink Video Regulator" "Video Regulator" "Cyberlink" "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\clrgl.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\clvsd.ax"
+ "CyberLink Video/SP Decoder (PCM45)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\clvsd.ax"
+ "CyberLink Video/SP Decoder (ShEX)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\climagevsd.ax"
+ "Dib Output" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\diboutput.ax"
+ "Dib Receive" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\dibreceive.ax"
+ "DivX Video Encoder (3ivx)" "3ivx 6.0.0 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdsvideoencoder.ax"
+ "Dump" "WavDump Dynamic Link Library" "" "c:\program files (x86)\verizon\verizon media manager\release\wavbuffer.ax"
+ "DV ACM V/A Source Filter" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\dvsf.ax"
+ "DV V/A Source Filter" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\dvsf.ax"
+ "DV Video Source Filter" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\dvsf.ax"
+ "IDM Filter" "idmf" "Cyberlink" "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\idmf.ax"
+ "IDM Filter" "idmf" "Cyberlink" "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\video\idmf.ax"
+ "Image Effects" "TimeStam Dynamic Link Library" "" "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll"
+ "MP3 Dest" "Mp3Dest Dynamic Link Library" "" "c:\program files (x86)\verizon\verizon media manager\release\mp3dest.ax"
+ "PCM Time Stretching Filter" "QCP DirectShow Filters" "Qualcomm, Inc." "c:\program files (x86)\verizon\verizon media manager\3ivx\zqcp.ax"
+ "QCP Codec Filter" "QCP DirectShow Filters" "Qualcomm, Inc." "c:\program files (x86)\verizon\verizon media manager\3ivx\zqcp.ax"
+ "QCP File Generator" "QCP DirectShow Filters" "Qualcomm, Inc." "c:\program files (x86)\verizon\verizon media manager\3ivx\zqcp.ax"
+ "QCP File Parser" "QCP DirectShow Filters" "Qualcomm, Inc." "c:\program files (x86)\verizon\verizon media manager\3ivx\zqcp.ax"
+ "QCP Mixer Filter" "QCP DirectShow Filters" "Qualcomm, Inc." "c:\program files (x86)\verizon\verizon media manager\3ivx\zqcp.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "Samsung Video Encoder (3ivx)" "3ivx 6.0.0 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files (x86)\verizon\verizon media manager\3ivx\3ivxdsvideoencoder.ax"
+ "TOSHIBA Audio Back Switcher" "" "" "c:\program files (x86)\toshiba\toshiba dvd player\tosaudiobackswitcher.ax"
+ "TOSHIBA Audio Decoder DVD" "TOSHIBA Audio Decoder DVD" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tosauddecl.ax"
+ "TOSHIBA Audio Front Switcher" "" "" "c:\program files (x86)\toshiba\toshiba dvd player\tosaudiofrontswitcher.ax"
+ "TOSHIBA Audio Rate Converter" "TOSHIBA Audio Rate Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tosarc.ax"
+ "TOSHIBA DualMono" "TOSHIBA DualMono" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tosdualmono.ax"
+ "TOSHIBA DVD Navigator" "TOSHIBA DVD Navigator" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tdvdnavi.ax"
+ "TOSHIBA DVD VR Navigator" "TOSHIBA DVD Player" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tvrnavi.ax"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba disc creator\twavconv.ax"
+ "Ulead AMR Audio Decoder" "MP4 AMR Audio Decoder Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uladamr.ax"
+ "Ulead Audio Dual Channel Filter" "Ulead Audio Dual Channel Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uaudiodcfilter.ax"
+ "Ulead DV Scene Detect" "ulDvScDt" "Ulead system Inc." "c:\program files (x86)\common files\ulead systems\capture\uldvscdt.ax"
+ "Ulead DV SubTitle Filter" "DV SubTitle Filter" "Microsoft Corporation" "c:\program files (x86)\common files\ulead systems\mpeg\dvtranssubtitle.ax"
+ "Ulead DV Writer" "ulDVWriter" "Corel" "c:\program files (x86)\common files\ulead systems\capture\uldvrite.ax"
+ "Ulead DVB Parser" "Ulead DVB Parser Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvbparser.ax"
+ "Ulead DVD Audio Decoder 2" "Audio Decoder" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead DVD Navigator" "DVD Navigator filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\dvd\uleaddvdnavigator.ax"
+ "Ulead DVD Parser" "ulDVDParser" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvdparser.ax"
+ "Ulead DVD Video decoder 2" "DVD Video Decoder with DxVA Support" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvdvideo.ax"
+ "ULead File Source (Async.)" "Ulead Async Filter" "Ulead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulasync.ax"
+ "ULead File Writer" "File Dump Filter" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\uldump.ax"
+ "Ulead H264 Decoder" "uldsh264" "uleadivi" "c:\program files (x86)\common files\ulead systems\mpeg\uldsh264.ax"
+ "ULead Infinite Pin Tee" "Ulead Infinite Tee Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uinftee.ax"
+ "Ulead MPEG Audio Decoder" "Audio Decoder" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead MPEG Encoder" "MPEG Encoder and Muxer" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulesmpeg.ax"
+ "Ulead MPEG Muxer" "MPEG Muxer" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulmxmpeg.ax"
+ "Ulead MPEG Splitter" "ULead Mpeg I/II Splitter" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulspmpeg.ax"
+ "Ulead MPEG Transcoder" "ulMPGTrans" "Ulead com" "c:\program files (x86)\common files\ulead systems\mpeg\ulmpgtrans.ax"
+ "Ulead MPEG Video Decoder" "MPEG Video and Audio Decoder" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\uldsmpeg.ax"
+ "Ulead MPEG-4 ASP Video Decoder" "MP4 ASP Video Decoder Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\ulaspvdmp4.ax"
+ "Ulead MPEG-4 Encoder" "MP4 Encoder Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\ulmp4enc.ax"
+ "Ulead MPEG-4 Splitter" "MP4 Splitter Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\ulspmp4.ax"
+ "Ulead MPEG-4 Video Decoder" "MP4 Video Decoder Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\ulvdmp4.ax"
+ "Ulead Ogg Parser" "ulOggParserFilter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uloggparserfilter.ax"
+ "Ulead OggVorbis Decoder" "ulOggVorbisDecoderFilter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uloggvorbisdecoderfilter.ax"
+ "Ulead OggVorbis Encoder" "ulOggVorbisEncoderFilter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uloggvorbisencoderfilter.ax"
+ "Ulead Push Source Filter" "Ulead Push Source Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\ulpushsource.ax"
+ "Ulead Sub-Picture Push Source Filter" "Ulead Sub-Picture Push Source Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\ulsubpicpushsource.ax"
+ "Ulead Video Deinterlace Filter" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\deinterlace.ax"
+ "WAV Dest" "WavDest Dynamic Link Library" "" "c:\program files (x86)\verizon\verizon media manager\release\wavdest.ax"
+ "WAV Dest" "" "" "c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\clml\wavdest.ax"
+ "{E6F55EFE-D283-4264-B12D-561DA9935685}" "WavParse Dynamic Link Library" "" "c:\program files (x86)\verizon\verizon media manager\release\wavparser.ax"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:21 PM

Posted 21 January 2013 - 11:31 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 DChopeless

DChopeless
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 21 January 2013 - 11:47 PM

Thank you so much for your advice and help with this virus removal.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:21 PM

Posted 21 January 2013 - 11:59 PM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users