Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WmiPrvSE.exe showing frequent spikes in CPU


  • This topic is locked This topic is locked
33 replies to this topic

#1 Irenicis

Irenicis

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 20 May 2013 - 09:20 PM

Hi people,

 

My laptop has this problem whereby it'll lag for a few moment and is especially annoying when I'm typing word documents. Initially, I do not know what caused this problem but upon further investigation, I realised from the Task Manager that the lag may have come from this WmiPrvSE.exe which shoots up to about 15% of CPU usage every few seconds. 

 

Also, my laptop seems to be running slower than last time.

 

Malwarebyte did not detect anything so I'm here hoping I could get some help. I hope that my case isn't very serious! Thanks all!

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.21.2
Run by gaoyi.lee.2012 at 10:11:30 on 2013-05-21
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.65.1033.18.3232.1423 [GMT 8:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe
C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\ThpSrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe
C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\TECO\TecoHook.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\TOSHIBA\Sync Utility\TosSyncScheduler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Heulab\HeuCampus\HeuCampus\HeuCampus.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\explorer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.smu.edu.sg/
BHO: TOSHIBA Fingerprint Utility Automatic Password Input: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - c:\program files\toshiba\fingerprint utility\browseraddin\TFPUPWDBankBHO.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Google Update] "c:\users\gaoyi.lee.2012\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Copy] "c:\users\gaoyi.lee.2012\appdata\roaming\copy\CopyAgent.exe"
mRun: [TOSDCR] c:\program files\toshiba\passwordutility\TOSDCR.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [BatteryManager] c:\program files\toshiba\power saver\TBatmgrTrayIcon.EXE
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [IFXSPMGT] "c:\program files\infineon\security platform software\ifxspmgt.exe" /NotifyLogon
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TFPUService] c:\program files\toshiba\fingerprint utility\TFPUTaskMonitor.exe /start
mRun: [TFPUPWDBankService] c:\program files\toshiba\fingerprint utility\browseraddin\TFPUPWDBank.exe /start
mRun: [USB3MON] "c:\program files\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SRS Premium Sound 3D] "c:\program files\srs labs\srs control panel\srspanel.exe"  /f="c:\program files\srs labs\srs control panel\SRS_Premium_Sound_PS3D.zip" /h
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TPSCMain] c:\program files\toshiba\peakshift\TPSCMain.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [TSleepSrv] c:\program files\toshiba\toshiba sleep utility\TSleepSrv.exe
mRun: [TSUScheduler] c:\program files\toshiba\sync utility\TosSyncScheduler.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HeuCampus] "c:\program files\heulab\heucampus\HeuCampusStarter.exe" -t 5
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\Pccntmon.exe" -HideWindow
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Copy] "c:\users\gaoyi.lee.2012\appdata\roaming\copy\CopyAgent.exe"
StartupFolder: c:\users\gaoyil~1.201\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - c:\program files\toshiba\bulletinboard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\toshiba\bulletinboard\TosBBCom.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{A99EC259-D94C-4FED-8B76-580294B73A05} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A99EC259-D94C-4FED-8B76-580294B73A05}\75C414E4D235D455 : DHCPNameServer = 202.161.42.5 202.161.42.25
TCP: Interfaces\{A99EC259-D94C-4FED-8B76-580294B73A05}\C47495723702E4564777F627B6 : DHCPNameServer = 192.168.43.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-11-7 15224]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-2-27 13592]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2011-3-23 32384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2009-7-19 39712]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-12 163328]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2012-3-1 509448]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2012-3-8 104208]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2011-6-7 186296]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2011-6-7 47032]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2012-7-31 6956504]
R2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2012-7-12 76288]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-7-19 51792]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2010-10-20 264504]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2010-10-20 36664]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2012-3-1 141312]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-1-27 935144]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-11-7 275320]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-12-6 280576]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-2-27 348440]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-2-27 792856]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2011-11-10 46080]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\Netwsn00.sys [2012-3-12 10339840]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2012-7-12 33616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2012-3-1 141312]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys [2012-7-30 21888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-7-12 15872]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-12 52224]
.
=============== Created Last 30 ================
.
2013-05-21 02:04:47 -------- d-----r- c:\users\gaoyi.lee.2012\Copy
2013-05-21 02:03:34 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-05-21 02:03:15 -------- d-----w- c:\users\gaoyi.lee.2012\appdata\roaming\Copy
2013-05-18 01:23:41 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a0aba997-8c99-455c-8913-1492432c8f48}\mpengine.dll
2013-05-17 16:55:00 -------- d-----w- c:\program files\CCleaner
2013-05-17 12:02:11 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-17 01:34:04 -------- d-----w- c:\users\gaoyi.lee.2012\appdata\roaming\Malwarebytes
2013-05-17 01:33:47 -------- d-----w- c:\programdata\Malwarebytes
2013-05-17 01:33:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-17 01:33:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-17 01:33:21 -------- d-----w- c:\users\gaoyi.lee.2012\appdata\local\Programs
2013-05-16 02:33:51 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 02:33:51 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-16 02:33:51 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-16 02:33:01 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 02:33:01 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-16 02:32:57 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-10 07:57:26 187456 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-04-23 23:51:55 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-05-15 11:21:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 11:21:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-01 18:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 05:08:12 981504 ----a-w- c:\windows\system32\wininet.dll
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-11 07:44:44 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-11 07:44:44 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-28 11:38:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 10:12:45.69 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Irenicis

Irenicis
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 25 May 2013 - 09:10 PM

Just also want to add on that it's taking quite a long while to start up, it'll load for a really long time after I key in my pw for logging in.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 25 May 2013 - 09:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/495269 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Irenicis

Irenicis
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 26 May 2013 - 10:11 AM

Hey there
 
My laptop has this problem whereby it'll lag for a few moment and is especially annoying when I'm typing word documents. Initially, I do not know what caused this problem but upon further investigation, I realised from the Task Manager that the lag may have come from this WmiPrvSE.exe which shoots up to about 17% of CPU usage every few seconds. 
 
Also, my laptop seems to be running slower than last time and the lag is quite terrible at times. It takes slightly longer to start up now, with the waiting especially long after I key in my PW to the account.
 
Malwarebyte, TrendMicro OfficeScan and Windows Defender did not detect anything so I'm here hoping I could get some help. I hope that my case isn't very serious! Thanks all!
 
Finally, I do not have the windows CD because the laptop is bought through an institution.
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.21.2
Run by gaoyi.lee.2012 at 23:04:17 on 2013-05-26
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.65.1033.18.3232.1575 [GMT 8:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe
C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ThpSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe
C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe
C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel.exe
C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\Sync Utility\TosSyncScheduler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\gaoyi.lee.2012\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TOSHIBA\TECO\TecoHook.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Heulab\HeuCampus\HeuCampus\HeuCampus.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.smu.edu.sg/
BHO: TOSHIBA Fingerprint Utility Automatic Password Input: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - c:\program files\toshiba\fingerprint utility\browseraddin\TFPUPWDBankBHO.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Google Update] "c:\users\gaoyi.lee.2012\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\users\gaoyi.lee.2012\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [TOSDCR] c:\program files\toshiba\passwordutility\TOSDCR.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [BatteryManager] c:\program files\toshiba\power saver\TBatmgrTrayIcon.EXE
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [IFXSPMGT] "c:\program files\infineon\security platform software\ifxspmgt.exe" /NotifyLogon
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TFPUService] c:\program files\toshiba\fingerprint utility\TFPUTaskMonitor.exe /start
mRun: [TFPUPWDBankService] c:\program files\toshiba\fingerprint utility\browseraddin\TFPUPWDBank.exe /start
mRun: [USB3MON] "c:\program files\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SRS Premium Sound 3D] "c:\program files\srs labs\srs control panel\srspanel.exe"  /f="c:\program files\srs labs\srs control panel\SRS_Premium_Sound_PS3D.zip" /h
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TPSCMain] c:\program files\toshiba\peakshift\TPSCMain.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [TSleepSrv] c:\program files\toshiba\toshiba sleep utility\TSleepSrv.exe
mRun: [TSUScheduler] c:\program files\toshiba\sync utility\TosSyncScheduler.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HeuCampus] "c:\program files\heulab\heucampus\HeuCampusStarter.exe" -t 5
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\Pccntmon.exe" -HideWindow
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Copy] "c:\users\gaoyi.lee.2012\appdata\roaming\copy\CopyAgent.exe"
StartupFolder: c:\users\gaoyil~1.201\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - c:\program files\toshiba\bulletinboard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\toshiba\bulletinboard\TosBBCom.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{A99EC259-D94C-4FED-8B76-580294B73A05} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A99EC259-D94C-4FED-8B76-580294B73A05}\75C414E4D235D455 : DHCPNameServer = 202.161.42.5 202.161.42.25
TCP: Interfaces\{A99EC259-D94C-4FED-8B76-580294B73A05}\C47495723702E4564777F627B6 : DHCPNameServer = 192.168.43.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-11-7 15224]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2012-3-1 141312]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-1-27 935144]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-11-7 275320]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-12-6 280576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2012-3-1 141312]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys [2012-7-30 21888]
.
=============== Created Last 30 ================
.
2013-05-25 01:48:22 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{980dd62e-e301-4f96-9223-9fd7d3b7bef7}\mpengine.dll
2013-05-22 04:02:22 -------- d-----w- c:\users\gaoyi.lee.2012\appdata\local\Spotify
2013-05-22 04:01:45 -------- d-----w- c:\users\gaoyi.lee.2012\appdata\roaming\Spotify
2013-05-21 02:04:47 -------- d-----r- c:\users\gaoyi.lee.2012\Copy
2013-05-21 02:03:34 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-05-21 02:03:15 -------- d-----w- c:\users\gaoyi.lee.2012\appdata\roaming\Copy
2013-05-17 16:55:00 -------- d-----w- c:\program files\CCleaner
2013-05-17 12:02:11 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-17 01:34:04 -------- d-----w- c:\users\gaoyi.lee.2012\appdata\roaming\Malwarebytes
2013-05-17 01:33:47 -------- d-----w- c:\programdata\Malwarebytes
2013-05-17 01:33:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-17 01:33:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-17 01:33:21 -------- d-----w- c:\users\gaoyi.lee.2012\appdata\local\Programs
2013-05-16 02:33:51 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 02:33:51 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-16 02:33:51 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-16 02:33:01 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 02:33:01 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-16 02:32:57 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-10 07:57:26 187456 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-05-15 11:21:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 11:21:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-01 18:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 05:08:12 981504 ----a-w- c:\windows\system32\wininet.dll
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-11 07:44:44 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-11 07:44:44 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-28 11:38:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 23:05:26.47 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 30/7/2012 2:30:40 PM
System Uptime: 26/5/2013 10:42:03 PM (1 hours ago)
.
Motherboard: TOSHIBA | | PORTEGE R930
Processor: Intel® Core™ i7-3520M CPU @ 2.90GHz | Socket BGA1023 | 2901/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 292 GiB total, 228.477 GiB free.
D: is FIXED (NTFS) - 292 GiB total, 280.065 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP167: 17/4/2013 9:09:55 AM - Windows Update
RP168: 24/4/2013 7:46:47 AM - Windows Update
RP169: 24/4/2013 11:02:43 AM - Windows Update
RP170: 28/4/2013 12:15:54 AM - Windows Update
RP171: 3/5/2013 10:57:22 PM - Windows Update
RP172: 8/5/2013 12:25:35 AM - Windows Update
RP173: 16/5/2013 10:28:28 AM - Windows Update
RP174: 17/5/2013 1:07:27 AM - Windows Update
RP175: 17/5/2013 7:57:53 PM - Installed Java 7 Update 21
RP176: 22/5/2013 10:08:45 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.7) MUI
Adobe Setup
Adobe Shockwave Player 12.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.2
AuthenTec WinBio FingerPrint Software
Bass Audio Decoder (remove only)
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner
ChartNexus version 3.3.5
Cisco Systems VPN Client 5.0.00.0340
Copy
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DisplayLink Core Software
Dropbox
EndNote X4
Exam Browser
Google Chrome
HeuCampus
Infineon TPM Professional Package
Intel PROSet Wireless
Intel® Control Center
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 21
Java Auto Updater
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
PDF Settings
Photo Common
Photo Gallery
PL-2303 USB-to-Serial
PlayReady PC Runtime x86
QuickTime
RealPlayer
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
RealUpgrade 1.0
ResearchSoft Direct Export Helper
Respondus LockDown Browser
RICOH Media Driver v2.15.17.02
Security Update for Microsoft .NET Framework 4.5 (KB2729460)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.1
SMU WifiHelper v1.4.3.1
SMUVPN
Spotify
SRS Premium Sound Control Panel
swMSM
The Elder Scrolls V - Skyrim version 1.0
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Fingerprint Utility
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Peak Shift Control
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Security Assist
TOSHIBA Sleep Utility
TOSHIBA Sync Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Trend Micro OfficeScan Client
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Virtual Canvas Agent
Virtual Canvas NEC Utility
VLC media player 1.0.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (32-bit)
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
26/5/2013 10:43:56 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
26/5/2013 10:42:30 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain SMUSTU due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
26/5/2013 10:17:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DisplayLinkManager service to connect.
26/5/2013 10:17:15 AM, Error: Service Control Manager [7000] - The DisplayLinkManager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/5/2013 10:17:14 AM, Error: Service Control Manager [7031] - The DisplayLinkManager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
25/5/2013 7:58:20 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
25/5/2013 12:56:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TmProxy service.
25/5/2013 12:54:03 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
25/5/2013 12:54:03 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
25/5/2013 12:54:03 AM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
25/5/2013 12:54:03 AM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
25/5/2013 12:54:03 AM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
25/5/2013 1:02:07 AM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
23/5/2013 12:28:29 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
23/5/2013 12:28:29 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
23/5/2013 12:28:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
23/5/2013 10:11:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
22/5/2013 6:02:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DisplayLinkService service.
21/5/2013 9:25:21 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Office Software Protection Platform service to connect.
21/5/2013 9:25:21 AM, Error: Service Control Manager [7000] - The Office Software Protection Platform service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/5/2013 8:30:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 29 May 2013 - 08:47 AM.
Posted Attach.txt


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 29 May 2013 - 08:44 AM

Greetings Irenicis and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible. While I am doing that please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST) in Normal or Safe Mode

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Attach.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Irenicis

Irenicis
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 29 May 2013 - 10:57 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-05-2013
Ran by gaoyi.lee.2012 (administrator) on 29-05-2013 23:52:40
Running from C:\Users\gaoyi.lee.2012\Desktop
Windows 7 Enterprise Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\system32\ThpSrv.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
() C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Sync Utility\TosSyncScheduler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\SpTna.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\gaoyi.lee.2012\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(HeuLab Pte Ltd) C:\Program Files\Heulab\HeuCampus\HeuCampus\HeuCampus.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
(Google Inc.) C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\gaoyi.lee.2012\Desktop\FRST.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [542592 2012-03-02] ()
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [854400 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] %ProgramFiles%\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [231336 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10963560 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [IMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [133400 2012-02-28] (Intel Corporation)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM\...\Run: [IFXSPMGT] "C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe" /NotifyLogon [1107232 2009-08-04] (Infineon Technologies AG)
HKLM\...\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon [x]
HKLM\...\Run: [TFPUService] C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe /start [880000 2012-03-16] (TOSHIBA)
HKLM\...\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe /start [976256 2012-03-16] (TOSHIBA)
HKLM\...\Run: [USB3MON] "C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [612256 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1378224 2012-02-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [469424 2012-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [259960 2011-07-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SRS Premium Sound 3D] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /h [212281 2012-03-22] ()
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [612256 2012-04-11] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] %ProgramFiles%\TOSHIBA\PeakShift\TPSCMain.exe [636856 2012-02-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [32168 2012-04-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] %ProgramFiles%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM\...\Run: [TSUScheduler] %ProgramFiles%\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923520 2011-08-18] (TOSHIBA Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [HeuCampus] "C:\Program Files\Heulab\HeuCampus\HeuCampusStarter.exe" -t 5 [24576 2009-12-09] (HeuLab Pte Ltd)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot [202256 2012-07-16] (RealNetworks, Inc.)
HKLM\...\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow [849192 2010-02-05] (Trend Micro Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Google Update] "C:\Users\gaoyi.lee.2012\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-03] (Google Inc.)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\gaoyi.lee.2012\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-22] (Spotify Ltd)
MountPoints2: {1c8b04fc-1207-11e2-aedc-e8e0b7874461} - F:\AUTORUN_BANDLUXE.EXE /EjectCDROM
MountPoints2: {39ee1d97-cc03-11e1-bab3-b24d84098f86} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
Startup: C:\Users\gaoyi.lee.2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smu.edu.sg/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?rd=1&ucc=SG&dcc=SG&opt=0
BHO: TOSHIBA Fingerprint Utility Automatic Password Input - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll (TOSHIBA)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR RestoreOnStartup: "https://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\gaoyi.lee.2012\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
CHR Extension: (TOSHIBA Fingerprint Utility Automatic Password Input) - C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog\2.0.0_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0
CHR Extension: (Better History) - C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\1.9.38_0
 
========================== Services (Whitelisted) =================
 
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509448 2012-03-01] (Intel Corporation)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104208 2012-03-08] (Intel® Corporation)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [186296 2011-06-07] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [47032 2011-06-07] (TOSHIBA CORPORATION)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-04-02] (Intel Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [6956504 2012-07-31] (DisplayLink Corp.)
R2 IFXSpMgtSrv; C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe [1107232 2009-08-04] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe [984352 2009-07-19] (Infineon Technologies AG)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-28] ()
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [241936 2012-04-17] ()
R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [1385768 2010-02-02] (Trend Micro Inc.)
R2 PersonalSecureDriveService; C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe [214304 2009-07-19] (Infineon Technologies AG)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345352 2009-12-01] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [1337488 2010-02-02] (Trend Micro Inc.)
R2 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689416 2010-01-07] (Trend Micro Inc.)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [239552 2012-02-28] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [112552 2012-04-11] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [702336 2012-03-16] (TOSHIBA Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2326288 2012-04-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [141312 2012-03-01] (Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [141312 2012-03-01] (Windows ® Win 7 DDK provider)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [21888 2012-07-30] (http://libusb-win32.sourceforge.net)
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [275320 2012-07-31] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [15224 2012-07-31] (DisplayLink Corp.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [283304 2012-02-22] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-02-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-02-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-02-27] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10339840 2012-03-12] (Intel Corporation)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [39712 2009-07-19] (Infineon Technologies AG)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-08] (TOSHIBA Corporation)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc86.sys [76288 2011-05-25] (REDC)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204448 2010-05-24] (Realtek Semiconductor Corp.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [264504 2012-07-17] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36664 2012-07-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90256 2010-01-07] (Trend Micro Inc.)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1515232 2012-07-17] (Trend Micro Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-05-29 23:52 - 2013-05-29 23:52 - 00000000 ____D C:\FRST
2013-05-29 23:50 - 2013-05-29 23:51 - 01355491 ____A (Farbar) C:\Users\gaoyi.lee.2012\Desktop\FRST.exe
2013-05-25 01:54 - 2013-05-25 01:54 - 00001000 ____A C:\Users\Public\Desktop\ChartNexus.lnk
2013-05-22 12:02 - 2013-05-25 09:31 - 00000000 ____D C:\Users\gaoyi.lee.2012\AppData\Local\Spotify
2013-05-22 12:02 - 2013-05-22 12:02 - 00001823 ____A C:\Users\gaoyi.lee.2012\Desktop\Spotify.lnk
2013-05-22 12:01 - 2013-05-25 23:28 - 00000000 ____D C:\Users\gaoyi.lee.2012\AppData\Roaming\Spotify
2013-05-21 10:04 - 2013-05-22 10:05 - 00000000 ___RD C:\Users\gaoyi.lee.2012\Copy
2013-05-21 10:03 - 2013-05-22 10:05 - 00000000 ____D C:\Users\gaoyi.lee.2012\AppData\Roaming\Copy
2013-05-21 10:03 - 2013-05-21 10:03 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
2013-05-18 00:55 - 2013-05-18 00:55 - 00000000 ____D C:\Program Files\CCleaner
2013-05-17 20:02 - 2013-05-17 20:02 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-17 20:02 - 2013-04-04 05:35 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-17 20:02 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-17 20:02 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-17 19:59 - 2013-05-17 20:02 - 00003903 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-05-17 09:34 - 2013-05-17 09:34 - 00000000 ____D C:\Users\gaoyi.lee.2012\AppData\Roaming\Malwarebytes
2013-05-17 09:33 - 2013-05-17 09:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-17 09:33 - 2013-05-17 09:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-17 09:33 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-16 10:33 - 2013-03-19 12:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 10:33 - 2013-03-19 11:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 10:33 - 2013-02-27 13:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 10:33 - 2013-02-27 12:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 10:33 - 2013-02-27 12:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 10:33 - 2013-02-27 12:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 10:33 - 2013-02-27 12:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 10:32 - 2013-04-10 11:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 10:30 - 2013-05-06 21:04 - 06033408 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 10:30 - 2013-04-10 13:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 10:30 - 2013-04-10 13:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 10:30 - 2013-04-10 13:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 10:30 - 2013-04-10 13:07 - 01231872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 10:30 - 2013-04-10 13:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 10:30 - 2013-04-10 13:03 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 10:30 - 2013-04-10 13:03 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 10:30 - 2013-04-10 13:03 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 10:30 - 2013-04-10 13:02 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 10:30 - 2013-04-10 13:02 - 02078208 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 10:30 - 2013-04-10 13:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-14 12:30 - 2013-05-14 12:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
 
==================== One Month Modified Files and Folders ========
 
2013-05-29 23:52 - 2013-05-29 23:52 - 00000000 ____D C:\FRST
2013-05-29 23:51 - 2013-05-29 23:50 - 01355491 ____A (Farbar) C:\Users\gaoyi.lee.2012\Desktop\FRST.exe
2013-05-29 23:44 - 2012-08-03 08:41 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-818368676-931757178-618671499-68437UA.job
2013-05-29 23:44 - 2012-07-12 18:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-29 22:00 - 2012-07-13 07:17 - 01758468 ____A C:\Windows\WindowsUpdate.log
2013-05-29 20:51 - 2009-07-14 12:34 - 00015264 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-29 20:51 - 2009-07-14 12:34 - 00015264 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-29 20:39 - 2012-07-12 17:26 - 00000816 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-05-29 20:37 - 2012-07-12 18:50 - 00056452 ____A C:\Windows\setupact.log
2013-05-29 20:37 - 2009-07-14 12:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-29 18:38 - 2012-12-23 02:30 - 00001712 ____A C:\Windows\TMFilter.log
2013-05-29 14:24 - 2012-07-12 17:26 - 00000818 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-05-28 00:06 - 2012-08-03 08:41 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-818368676-931757178-618671499-68437Core.job
2013-05-25 23:28 - 2013-05-22 12:01 - 00000000 ____D C:\Users\gaoyi.lee.2012\AppData\Roaming\Spotify
2013-05-25 09:31 - 2013-05-22 12:02 - 00000000 ____D C:\Users\gaoyi.lee.2012\AppData\Local\Spotify
2013-05-25 01:54 - 2013-05-25 01:54 - 00001000 ____A C:\Users\Public\Desktop\ChartNexus.lnk
2013-05-25 01:54 - 2012-12-11 15:06 - 00000000 ____D C:\Program Files\ChartNexus
2013-05-25 01:42 - 2012-08-28 20:23 - 00000000 ___RD C:\Users\gaoyi.lee.2012\Dropbox
2013-05-25 01:42 - 2012-08-28 20:21 - 00000000 ____D C:\Users\gaoyi.lee.2012\AppData\Roaming\Dropbox
2013-05-25 01:33 - 2012-12-08 21:44 - 00000000 ____D C:\Users\gaoyi.lee.2012\ChartNexus
2013-05-24 23:53 - 2012-07-16 12:00 - 00000000 ____D C:\Windows\System32\Adobe
2013-05-22 12:04 - 2012-08-03 08:32 - 00000000 ___RD C:\Users\gaoyi.lee.2012\Desktop\Shortcuts
2013-05-22 12:02 - 2013-05-22 12:02 - 00001823 ____A C:\Users\gaoyi.lee.2012\Desktop\Spotify.lnk
2013-05-22 10:05 - 2013-05-21 10:04 - 00000000 ___RD C:\Users\gaoyi.lee.2012\Copy
2013-05-22 10:05 - 2013-05-21 10:03 - 00000000 ____D C:\Users\gaoyi.lee.2012\AppData\Roaming\Copy
2013-05-21 10:04 - 2012-07-30 13:42 - 00000000 ____D C:\users\gaoyi.lee.2012
2013-05-21 10:03 - 2013-05-21 10:03 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
2013-05-20 23:41 - 2012-12-25 10:51 - 00443952 ____A C:\Windows\System32\perfh012.dat
2013-05-20 23:41 - 2012-12-25 10:51 - 00128236 ____A C:\Windows\System32\perfc012.dat
2013-05-20 23:41 - 2012-12-06 02:15 - 00431764 ____A C:\Windows\System32\perfh011.dat
2013-05-20 23:41 - 2012-12-06 02:15 - 00129466 ____A C:\Windows\System32\perfc011.dat
2013-05-20 23:41 - 2012-07-30 22:24 - 00671202 ____A C:\Windows\System32\perfh01F.dat
2013-05-20 23:41 - 2012-07-30 22:24 - 00147250 ____A C:\Windows\System32\perfc01F.dat
2013-05-20 23:41 - 2012-07-12 16:38 - 03545474 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 00:55 - 2013-05-18 00:55 - 00000000 ____D C:\Program Files\CCleaner
2013-05-17 20:07 - 2012-07-12 18:49 - 00002000 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-05-17 20:02 - 2013-05-17 20:02 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-17 20:02 - 2013-05-17 19:59 - 00003903 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-05-17 20:02 - 2012-12-11 11:01 - 00000000 ____D C:\Program Files\Java
2013-05-17 12:08 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-17 09:35 - 2012-12-05 23:48 - 00000000 ____D C:\Users\gaoyi.lee.2012\SMU Academic Files
2013-05-17 09:34 - 2013-05-17 09:34 - 00000000 ____D C:\Users\gaoyi.lee.2012\AppData\Roaming\Malwarebytes
2013-05-17 09:33 - 2013-05-17 09:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-17 09:33 - 2013-05-17 09:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-17 08:15 - 2009-07-14 12:33 - 01753600 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 08:12 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-17 08:12 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\System32\th-TH
2013-05-17 08:12 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\System32\ro-RO
2013-05-17 08:12 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-05-17 08:12 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-05-17 08:12 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-05-17 08:12 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\System32\bg-BG
2013-05-17 01:14 - 2012-07-16 10:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-17 01:10 - 2012-07-16 11:00 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 19:21 - 2012-07-12 18:48 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 19:21 - 2012-07-12 18:48 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-15 15:51 - 2013-02-25 22:27 - 00000000 ____D C:\Users\gaoyi.lee.2012\Trading & Investment
2013-05-15 15:49 - 2012-07-30 14:36 - 00000448 ____A C:\Windows\System32\config\netlogon.ftl
2013-05-15 14:02 - 2012-07-16 12:05 - 00017822 ____A C:\Windows\cfgall.ini
2013-05-14 12:30 - 2013-05-14 12:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2013-05-14 12:30 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-05-13 23:25 - 2013-01-03 23:24 - 00000000 ____D C:\Users\gaoyi.lee.2012\AppData\Roaming\Audacity
2013-05-06 21:04 - 2013-05-16 10:30 - 06033408 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-06 00:43 - 2013-03-20 11:22 - 00010354 ____A C:\Users\gaoyi.lee.2012\Desktop\Sales of tickets.xlsx
2013-05-02 02:06 - 2012-07-16 10:40 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
Last Boot: 2012-07-13 07:14
 
==================== End Of Log ============================
 
and the next one...
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-05-2013
Ran by gaoyi.lee.2012 at 2013-05-29 23:54:12 Run:
Running from C:\Users\gaoyi.lee.2012\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
32 Bit HP CIO Components Installer (Version: 3.1.1)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader X (10.1.7) MUI (Version: 10.1.7)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
ALPS Touch Pad Driver (Version: 7.6.303.214)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0.2 (Version: 2.0.2)
AuthenTec WinBio FingerPrint Software (Version: 3.2.3.1157)
Bass Audio Decoder (remove only)
Bluetooth Stack for Windows by Toshiba (Version: v9.00.03(T))
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.01)
ChartNexus version 3.3.5 (Version: 3.3.5)
Cisco Systems VPN Client 5.0.00.0340 (Version: 5.0.0)
Copy (Version: 1.28.657.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DisplayLink Core Software (Version: 6.3.40660.0)
Dropbox (Version: 1.6.18)
EndNote X4 (Version: 14.0.0.4845)
Exam Browser (Version: 3.2.4.0)
Google Chrome (Version: 27.0.1453.94)
HeuCampus (Version: 3.8.1)
Infineon TPM Professional Package (Version: 3.6.000)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Manageability Engine Firmware Recovery Agent (Version: 1.0.0.35342)
Intel® Management Engine Components (Version: 8.0.3.1427)
Intel® Network Connections Drivers (Version: 16.8)
Intel® OpenCL CPU Runtime
Intel® Processor Graphics (Version: 8.15.10.2712)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.1.1.0170)
Intel® Rapid Storage Technology (Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.4.220)
Intel® PROSet/Wireless WiFi Software (Version: 15.01.1500.1034)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
iTunes (Version: 10.7.0.21)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 9.0.21022)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3505.0912)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
PDF Settings (Version: 1.0)
Photo Gallery (Version: 16.4.3505.0912)
PL-2303 USB-to-Serial (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
QuickTime (Version: 7.73.80.64)
RealPlayer
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.6121)
Realtek High Definition Audio Driver (Version: 6.0.1.6591)
RealUpgrade 1.0 (Version: 1.0.0)
ResearchSoft Direct Export Helper
Respondus LockDown Browser (Version: 1.02.0001)
RICOH Media Driver v2.15.17.02 (Version: 2.15.17.02)
Skype™ 6.1 (Version: 6.1.129)
SMU WifiHelper v1.4.3.1
SMUVPN (Version: 1.0.0.0)
Spotify (Version: 0.9.0.133.gd18ed589)
SRS Premium Sound Control Panel (Version: 1.12.1800)
swMSM (Version: 12.0.0.1)
The Elder Scrolls V - Skyrim version 1.0 (Version: 1.0)
TOSHIBA Assist (Version: 4.2.3.1)
TOSHIBA Bulletin Board (Version: 2.1.19.32)
TOSHIBA ConfigFree (Version: 8.0.43)
TOSHIBA eco Utility (Version: 1.3.21.0)
TOSHIBA Face Recognition (Version: 3.1.18.32)
TOSHIBA Fingerprint Utility (Version: 2.0.0.3209)
TOSHIBA HDD Protection (Version: 2.2.2.15)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.14)
TOSHIBA Media Controller (Version: 1.0.87.5)
TOSHIBA Media Controller Plug-in (Version: 1.0.7.7)
TOSHIBA PC Health Monitor (Version: 1.7.17.0)
TOSHIBA Peak Shift Control (Version: 3.01.00.0)
TOSHIBA Recovery Media Creator (Version: 2.1.7.52020010)
TOSHIBA ReelTime (Version: 1.7.22.32)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.4.01)
TOSHIBA Security Assist (Version: 2.0.10)
TOSHIBA Sleep Utility (Version: 1.4.0024.000101)
TOSHIBA Sync Utility (Version: 2.0.3090)
TOSHIBA Value Added Package (Version: 1.6.0027.320202)
TOSHIBA Web Camera Application (Version: 2.0.3.33)
Trend Micro OfficeScan Client
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Virtual Canvas Agent (Version: 2.8.0.0)
Virtual Canvas NEC Utility (Version: 1.3.0)
VLC media player 1.0.5 (Version: 1.0.5)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Zoom Player (remove only)
 
==================== Restore Points  =========================
 
24-04-2013 03:02:43 Windows Update
27-04-2013 16:15:54 Windows Update
03-05-2013 14:57:22 Windows Update
07-05-2013 16:25:35 Windows Update
16-05-2013 02:28:28 Windows Update
16-05-2013 17:07:27 Windows Update
17-05-2013 11:57:53 Installed Java 7 Update 21
22-05-2013 02:08:45 Windows Update
29-05-2013 02:19:28 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/29/2013 10:00:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
 
Error: (05/29/2013 10:00:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
 
Error: (05/29/2013 10:00:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2013 00:11:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5007
 
Error: (05/29/2013 00:11:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5007
 
Error: (05/29/2013 00:06:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2013 00:06:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009
 
Error: (05/29/2013 00:06:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4009
 
Error: (05/29/2013 00:06:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2013 00:06:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2995
 
 
System errors:
=============
Error: (05/29/2013 08:47:44 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
Error: (05/29/2013 08:39:08 PM) (Source: Microsoft-Windows-GroupPolicy) (User: SMUSTU)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (05/29/2013 08:39:07 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (05/29/2013 08:37:50 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain SMUSTU due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (05/29/2013 02:11:20 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain SMUSTU due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (05/29/2013 00:10:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DisplayLinkService service.
 
Error: (05/29/2013 00:10:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VaultSvc service.
 
Error: (05/29/2013 10:26:39 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (05/29/2013 10:09:44 AM) (Source: Microsoft-Windows-GroupPolicy) (User: SMUSTU)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (05/29/2013 10:09:43 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
 
Microsoft Office Sessions:
=========================
Error: (05/29/2013 10:00:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
 
Error: (05/29/2013 10:00:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
 
Error: (05/29/2013 10:00:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2013 00:11:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5007
 
Error: (05/29/2013 00:11:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5007
 
Error: (05/29/2013 00:06:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2013 00:06:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009
 
Error: (05/29/2013 00:06:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4009
 
Error: (05/29/2013 00:06:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2013 00:06:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2995
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 54%
Total physical RAM: 3232.17 MB
Available physical RAM: 1477.38 MB
Total Pagefile: 6460.57 MB
Available Pagefile: 4516.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.31 MB
 
==================== Drives ================================
 
Drive c: (TI30846500A) (Fixed) (Total:292.34 GB) (Free:229.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:292.34 GB) (Free:280.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 64B6FDF2)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=292 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=292 GB) - (Type=05)
Partition 4: (Not Active) - (Size=10 GB) - (Type=17)
 
==================== End Of Log ============================

 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 29 May 2013 - 11:40 AM

Greetings,

Thank you for posting the information. I would like us to check the validity of 2 files and also produce a report. Please do this for me.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Windows\system32\wbem\wmiprvse.exe

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================


Running a CMD script

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type cmd and press Enter
  • Right click on cmd above and select Run as Administrator
  • Type the following and press Enter

tasklist /M /fi "imagename eq wmiprvse.exe" >%userprofile%\desktop\report.txt

  • Copy and paste the contents of report.txt which will be located on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Virustotal links (2)
  • Report.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Irenicis

Irenicis
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 29 May 2013 - 08:59 PM

Hi again Gary, thanks for replying!

 

1st file:

https://www.virustotal.com/en/file/ce6538c905204b99b681b2a806be6d45ccce1012cd058cea2e36e1e59a991f7e/analysis/1369878601/

 

2nd file:

https://www.virustotal.com/en/file/cbe2392792d209e15e44ac29e906ffdd5fbf6eed8bab0d97d66e109ab2c5c56e/analysis/1369878898/

 

Report.txt:
 
Image Name                     PID Modules                                     
========================= ======== ============================================
WmiPrvSE.exe                  1696 N/A                                         
WmiPrvSE.exe                  5288 N/A                                         
 

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 29 May 2013 - 09:06 PM

Greetings,

You are most welcome. :)

That looks fine. Please run these for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Combofix log
  • Any change?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Irenicis

Irenicis
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 30 May 2013 - 12:00 AM

Hi!
 
# AdwCleaner v2.301 - Logfile created 05/30/2013 at 11:16:20
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)
# User : gaoyi.lee.2012 - GAOYILEE2012
# Boot Mode : Normal
# Running from : C:\Users\gaoyi.lee.2012\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.94
 
File : C:\Users\gaoyi.lee.2012\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [905 octets] - [30/05/2013 11:16:20]
 
########## EOF - C:\AdwCleaner[S1].txt - [964 octets] ##########
 
Next,
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Enterprise x86
Ran by gaoyi.lee.2012 on Thu 30/05/2013 at 11:37:04.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 30/05/2013 at 11:39:09.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
and finally,
 
ComboFix 13-05-30.01 - gaoyi.lee.2012 30/05/2013  12:36:16.1.4 - x86
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.65.1033.18.3232.2014 [GMT 8:00]
Running from: c:\users\gaoyi.lee.2012\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro OfficeScan Anti-spyware *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\system32\pt
c:\windows\system32\pt\ThpProp.exe.mui
c:\windows\system32\pt\ThpSrv.exe.mui
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-28 to 2013-05-30  )))))))))))))))))))))))))))))))
.
.
2013-05-30 04:48 . 2013-05-30 04:49 -------- d-----w- c:\users\gaoyi.lee.2012\AppData\Local\temp
2013-05-30 04:48 . 2013-05-30 04:48 -------- d-----w- c:\users\R930\AppData\Local\temp
2013-05-30 04:48 . 2013-05-30 04:48 -------- d-----w- c:\users\gaoyilee2012\AppData\Local\temp
2013-05-30 04:48 . 2013-05-30 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-30 03:36 . 2013-05-30 03:36 -------- d-----w- c:\windows\ERUNT
2013-05-30 03:36 . 2013-05-30 03:36 -------- d-----w- C:\JRT
2013-05-29 15:52 . 2013-05-29 15:52 -------- d-----w- C:\FRST
2013-05-29 02:21 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABA7A0FF-E70E-414D-84C7-30F8295B7467}\mpengine.dll
2013-05-22 04:02 . 2013-05-25 01:31 -------- d-----w- c:\users\gaoyi.lee.2012\AppData\Local\Spotify
2013-05-22 04:01 . 2013-05-25 15:28 -------- d-----w- c:\users\gaoyi.lee.2012\AppData\Roaming\Spotify
2013-05-21 02:04 . 2013-05-22 02:05 -------- d-----r- c:\users\gaoyi.lee.2012\Copy
2013-05-21 02:03 . 2013-05-22 02:05 -------- d-----w- c:\users\gaoyi.lee.2012\AppData\Roaming\Copy
2013-05-17 16:55 . 2013-05-17 16:55 -------- d-----w- c:\program files\CCleaner
2013-05-17 12:02 . 2013-05-17 12:02 -------- d-----w- c:\program files\Common Files\Java
2013-05-17 12:02 . 2013-04-03 21:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-17 01:34 . 2013-05-17 01:34 -------- d-----w- c:\users\gaoyi.lee.2012\AppData\Roaming\Malwarebytes
2013-05-17 01:33 . 2013-05-17 01:33 -------- d-----w- c:\programdata\Malwarebytes
2013-05-17 01:33 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-17 01:33 . 2013-05-17 01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-17 01:33 . 2013-05-17 01:33 -------- d-----w- c:\users\gaoyi.lee.2012\AppData\Local\Programs
2013-05-16 02:33 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-16 02:33 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-16 02:33 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 02:33 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-16 02:33 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 02:32 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 11:21 . 2012-07-12 10:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 11:21 . 2012-07-12 10:48 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-13 14:47 . 2012-07-17 06:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 18:06 . 2012-07-16 02:40 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-16 03:31 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 03:31 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-23 23:51 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 05:04 . 2013-04-10 02:51 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 02:51 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 02:51 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 02:51 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-11 07:44 . 2012-07-16 03:54 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-11 07:44 . 2012-07-12 09:15 782240 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2013-05-21 02:03 1204224 ----a-w- c:\users\gaoyi.lee.2012\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2013-05-21 02:03 1204224 ----a-w- c:\users\gaoyi.lee.2012\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2013-05-21 02:03 1204224 ----a-w- c:\users\gaoyi.lee.2012\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2013-05-21 02:03 1204224 ----a-w- c:\users\gaoyi.lee.2012\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2013-05-21 02:03 1204224 ----a-w- c:\users\gaoyi.lee.2012\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2013-05-21 02:03 1204224 ----a-w- c:\users\gaoyi.lee.2012\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2013-05-21 02:03 1204224 ----a-w- c:\users\gaoyi.lee.2012\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2013-05-21 02:03 1204224 ----a-w- c:\users\gaoyi.lee.2012\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]
@="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"
[HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]
2012-03-16 02:28 152960 ----a-w- c:\program files\TOSHIBA\Fingerprint Utility\TFPUOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\gaoyi.lee.2012\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\gaoyi.lee.2012\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\gaoyi.lee.2012\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\gaoyi.lee.2012\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-22 1105408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2012-03-02 542592]
"TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2012-03-16 854400]
"BatteryManager"="c:\program files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE" [2011-11-24 231336]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-03-13 10963560]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-02-28 133400]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
"IFXSPMGT"="c:\program files\Infineon\Security Platform Software\ifxspmgt.exe" [2009-08-04 1107232]
"TFPUService"="c:\program files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe" [2012-03-16 880000]
"TFPUPWDBankService"="c:\program files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe" [2012-03-16 976256]
"USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2011-12-14 612256]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2012-02-28 1378224]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2012-04-03 469424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-07-11 259960]
"SRS Premium Sound 3D"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel.exe" [2012-03-22 1558392]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2012-04-11 612256]
"TPSCMain"="c:\program files\TOSHIBA\PeakShift\TPSCMain.exe" [2012-02-10 636856]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2012-04-04 32168]
"TSleepSrv"="c:\program files\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [2011-11-21 253312]
"TSUScheduler"="c:\program files\TOSHIBA\Sync Utility\TosSyncScheduler.exe" [2011-08-18 923520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 144664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 187672]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HeuCampus"="c:\program files\Heulab\HeuCampus\HeuCampusStarter.exe" [2009-12-09 24576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2012-07-16 202256]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\Pccntmon.exe" [2010-02-05 849192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="c:\users\gaoyi.lee.2012\AppData\Roaming\Copy\CopyAgent.exe" [2013-03-06 6788608]
.
c:\users\gaoyi.lee.2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2012-7-16 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-818368676-931757178-618671499-68437\Scripts\Logoff\0\0]
"Script"=\\student.smu.edu.sg\SysVol\student.smu.edu.sg\scripts\localintranet.vbs
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [x]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreFlt.sys [x]
S2 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [x]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 11:21]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-818368676-931757178-618671499-68437Core.job
- c:\users\gaoyi.lee.2012\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 00:41]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-818368676-931757178-618671499-68437UA.job
- c:\users\gaoyi.lee.2012\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 00:41]
.
2013-05-30 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 05:41]
.
2013-05-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 05:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.smu.edu.sg/
uInternet Settings,ProxyOverride = *.local
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-30  12:52:17
ComboFix-quarantined-files.txt  2013-05-30 04:52
.
Pre-Run: 249,075,605,504 bytes free
Post-Run: 248,942,153,728 bytes free
.
- - End Of File - - D8AFEED631D94D865B3FD854280CFE22
 
 
 
the process WmiPrvSE.exe stills seems to jump to about 15+%, pushing my total CPU usage to around 22+%. This would still cause the small short lags when I'm typing.

P.S. I didn't realised that Windows Defender is on cos I don't normally see it...should I disable that and run the tools again? Thanks!

Edited by Irenicis, 30 May 2013 - 12:18 AM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 30 May 2013 - 08:28 AM

Greetings,

Don't worry about Windows Defender.

Please rerun the CMD script in Post #7. The results we received the first time are not what we would hope to see. In addition, please do the following.

===================================================

Restarting a Service

--------------------

Please perform the following:
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type services.msc and hit Enter.
  • In the right panel under Name tab find Windows Management Instrumentation
  • Right click on the entry, select Stop, then OK
  • Right click on the entry and select Start
  • Close the window
  • Reboot your computer and check the WmiPrvSE.exe CPU usage
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Result log
  • Any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Irenicis

Irenicis
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 30 May 2013 - 10:12 AM

Hi Gary, thanks for being so patient!
 
Here's the results for the CMD script. I'm not sure what's it supposed to be but I didn't have to go through this step "Right click on cmd above and select Run as Administrator" when doing it.
 
 
Image Name                     PID Modules                                     
========================= ======== ============================================
WmiPrvSE.exe                  3908 N/A                                         
WmiPrvSE.exe                  3152 N/A     
 
 
Restarted the services as well. However, the issue persists >.<, with the process at 2% at times and can go up to 18% at times...it is normal in the first place?

Edited by Irenicis, 30 May 2013 - 10:18 AM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 30 May 2013 - 06:13 PM

I am not that concerned about the rise in CPU unless there is a correlation with that and your computer hesitating.

Let's clean out some temporary files. Please do this.

===================================================

Temporary File Cleaner (TFC)

--------------------
  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
NOTE: It's normal for the computer to boot more slowly the first time after running TFC

TFC will clear out all temporary folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. TFC only cleans temporary folders and will not clean URL history, prefetch, or cookies


===================================================
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Irenicis

Irenicis
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 31 May 2013 - 02:50 AM

Hi Gary,

 

I think my laptop is running more smoothly now. Doesn't really lag much as compared to before.What could be the problem before?



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 31 May 2013 - 07:53 AM

Greetings,

The buildup of temporary files, sometimes enormous in number, can bog down a computer and adversely affect the performance. It is not that it is infected, it is that there is too much junk to sort through. It is common to have a computer perform better after clearing out temporary files.

Let's do 2 scans if you don't mind.

===================================================

Rerun Malwarebytes (MBAM)

--------------------

Temporarily disable your antivirus program.
  • Please locate your Malwarebytes icon 1208__malwarebytes.png and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes results
  • ESET results (no log if nothing found)
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users