Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hello,i ran combofix and got this..


  • This topic is locked This topic is locked
32 replies to this topic

#1 augusta23

augusta23

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 11 November 2013 - 09:51 PM

ComboFix 13-11-11.01 - Owner 11/11/2013  20:18:45.1.1 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.1790.456 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-12 to 2013-11-12  )))))))))))))))))))))))))))))))
.
.
2013-11-12 02:34 . 2013-11-12 02:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-12 01:05 . 2013-11-12 01:05 -------- d-----w- c:\windows\ERUNT
2013-11-11 23:18 . 2013-11-11 23:30 -------- d-----w- C:\AdwCleaner
2013-11-08 21:43 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C54C497-EBB5-407D-AE3F-EB26E363BEE4}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 03:55 . 2012-04-01 06:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 03:55 . 2012-03-25 05:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-03 19:35 . 2012-04-08 18:40 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2013-1-14 3982376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KEYCRY~1\KeyCrypt32(1).dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Office Depot PC Support Agent]
@="Office Depot PC Support Agent"
.
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [2013-01-14 66600]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-03 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\SYMEFA.SYS [2011-03-15 744568]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2013-04-14 82320]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [2013-07-16 1002072]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130809.001\IDSvix86.sys [2013-08-09 386720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\Ironx86.SYS [2010-11-16 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502000.00D\SYMNETS.SYS [2011-04-21 299640]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-03-11 132504]
S2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\Office Depot PC Support Agent\esService.exe [2013-10-08 1005144]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2011-09-29 126392]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt32.sys [2013-01-06 25936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 00:41 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:55]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-17 08:03]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-17 08:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.toshiba.com/
mStart Page = hxxp://start.toshiba.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C968B839-6835-4AFA-A78A-DF218A1336B4}: NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{C968B839-6835-4AFA-A78A-DF218A1336B4}\458656029556C6C6F67726279636B60225F61646: NameServer = 75.75.75.75,75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(36876)
c:\windows\System32\ieframe.dll
.
Completion time: 2013-11-11  20:41:28
ComboFix-quarantined-files.txt  2013-11-12 02:41
.
Pre-Run: 181,645,021,184 bytes free
Post-Run: 185,162,792,960 bytes free
.
- - End Of File - - 19607BFF2E09D2B05AD84E35511DD76F
5B5E648D12FCADC244C1EC30318E1EB9
 
 
 


BC AdBot (Login to Remove)

 


#2 augusta23

augusta23
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 11 November 2013 - 09:52 PM

ComboFix 13-11-11.01 - Owner 11/11/2013  20:18:45.1.1 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.1790.456 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-12 to 2013-11-12  )))))))))))))))))))))))))))))))
.
.
2013-11-12 02:34 . 2013-11-12 02:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-12 01:05 . 2013-11-12 01:05 -------- d-----w- c:\windows\ERUNT
2013-11-11 23:18 . 2013-11-11 23:30 -------- d-----w- C:\AdwCleaner
2013-11-08 21:43 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C54C497-EBB5-407D-AE3F-EB26E363BEE4}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 03:55 . 2012-04-01 06:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 03:55 . 2012-03-25 05:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-03 19:35 . 2012-04-08 18:40 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2013-1-14 3982376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KEYCRY~1\KeyCrypt32(1).dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Office Depot PC Support Agent]
@="Office Depot PC Support Agent"
.
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [2013-01-14 66600]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-03 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\SYMEFA.SYS [2011-03-15 744568]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2013-04-14 82320]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [2013-07-16 1002072]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130809.001\IDSvix86.sys [2013-08-09 386720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\Ironx86.SYS [2010-11-16 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502000.00D\SYMNETS.SYS [2011-04-21 299640]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-03-11 132504]
S2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\Office Depot PC Support Agent\esService.exe [2013-10-08 1005144]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2011-09-29 126392]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt32.sys [2013-01-06 25936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 00:41 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:55]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-17 08:03]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-17 08:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.toshiba.com/
mStart Page = hxxp://start.toshiba.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C968B839-6835-4AFA-A78A-DF218A1336B4}: NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{C968B839-6835-4AFA-A78A-DF218A1336B4}\458656029556C6C6F67726279636B60225F61646: NameServer = 75.75.75.75,75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(36876)
c:\windows\System32\ieframe.dll
.
Completion time: 2013-11-11  20:41:28
ComboFix-quarantined-files.txt  2013-11-12 02:41
.
Pre-Run: 181,645,021,184 bytes free
Post-Run: 185,162,792,960 bytes free
.
- - End Of File - - 19607BFF2E09D2B05AD84E35511DD76F
5B5E648D12FCADC244C1EC30318E1EB9
 
 
 


#3 augusta23

augusta23
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 13 November 2013 - 02:49 AM

i just wanted to know if anyone is able to interpret this data. is my computer "fixed"?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 PM

Posted 16 November 2013 - 10:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.

  • IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.

  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

  • thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post.

    Please paste the logs in your next reply DO NOT ATTACH THEM.

    Let me know what is the problem with this computer.


#5 augusta23

augusta23
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 19 November 2013 - 01:51 AM

hi nasdaq,  here are the results from adwcleaner,jrt and dds.pif respectively:

 

 

# AdwCleaner v3.012 - Report created 19/11/2013 at 00:12:40
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium  (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [19667 octets] - [11/11/2013 17:20:04]
AdwCleaner[R1].txt - [1029 octets] - [18/11/2013 23:58:45]
AdwCleaner[R2].txt - [980 octets] - [19/11/2013 00:10:06]
AdwCleaner[S0].txt - [20231 octets] - [11/11/2013 17:29:01]
AdwCleaner[S1].txt - [751 octets] - [19/11/2013 00:02:16]
AdwCleaner[S2].txt - [902 octets] - [19/11/2013 00:12:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [961 octets] ##########
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by Owner on Tue 11/19/2013 at  0:26:05.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/19/2013 at  0:35:34.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 
Run by Owner at 0:39:32 on 2013-11-19
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\atiesrxx.exe
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Office Depot PC Support Agent\esService.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Office Depot PC Support Agent\escont.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\StikyNot.exe
C:\windows\system32\dllhost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\windows\explorer.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/
mStart Page = hxxp://start.toshiba.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\5.2.0.13\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\5.2.0.13\ips\ipsbho.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\programdata\white sky, inc\id vault\iebho1.13.111.1\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.0.13\coieplg.dll
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6} : DHCPNameServer = 198.6.1.1 204.117.214.10
TCP: Interfaces\{C968B839-6835-4AFA-A78A-DF218A1336B4} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{C968B839-6835-4AFA-A78A-DF218A1336B4} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C968B839-6835-4AFA-A78A-DF218A1336B4}\458656029556C6C6F67726279636B60225F61646 : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{C968B839-6835-4AFA-A78A-DF218A1336B4}\458656029556C6C6F67726279636B60225F61646 : DHCPNameServer = 10.0.1.1
AppInit_DLLs= c:\progra~1\keycry~1\KeyCrypt32(1).dll
SSODL: WebCheck - <orphaned>
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? IDVaultSvc;CGPS Service
R? N360;Norton Security Suite
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RtsUIR;Realtek IR Driver
R? WatAdminSvc;Windows Activation Technologies Service
S? AMD External Events Utility;AMD External Events Utility
S? AntiLog32;AntiLog32
S? BHDrvx86;BHDrvx86
S? cfWiMAXService;ConfigFree WiMAX Service
S? ConfigFree Service;ConfigFree Service
S? IDSVix86;IDSVix86
S? keycrypt;keycrypt
S? Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher
S? Office Depot PC Support Agent;Office Depot PC Support Agent
S? PCCUJobMgr;Common Client Job Manager Service
S? RTL8167;Realtek 8167 NT Driver
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SymNetS;Symantec Network Security WFP Driver
S? TMachInfo;TMachInfo
S? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service
.
=============== Created Last 30 ================
.
2013-11-15 10:59:13 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dfa0eead-a028-4b53-bc65-b94181c430df}\mpengine.dll
2013-11-12 02:38:35 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-12 02:13:20 98816 ----a-w- c:\windows\sed.exe
2013-11-12 02:13:20 256000 ----a-w- c:\windows\PEV.exe
2013-11-12 02:13:20 208896 ----a-w- c:\windows\MBR.exe
2013-11-12 02:12:37 -------- d-----w- C:\ComboFix
2013-11-12 01:05:59 -------- d-----w- c:\windows\ERUNT
2013-11-11 23:18:45 -------- d-----w- C:\AdwCleaner
.
==================== Find3M  ====================
.
2013-10-09 03:55:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 03:55:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-03 19:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH:  0:43:29.09 ===============
 
 
my computer is also running slow and i have also experienced bsod (blue screen of death)
 
 
 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 PM

Posted 19 November 2013 - 09:50 AM

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
====

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#7 augusta23

augusta23
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 21 November 2013 - 04:03 AM

here are the roguekiller,securitycheck and miniboxtools respectively reports:

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 11/21/2013 01:42:10
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x82D14069 -> HOOKED (Unknown @ 0x869F8B68)
[Address] SSDT[14] : NtAlertThread @ 0x82CC1DC6 -> HOOKED (Unknown @ 0x869F8C48)
[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82C8343B -> HOOKED (Unknown @ 0x869FC0B0)
[Address] SSDT[22] : NtAlpcConnectPort @ 0x82C8AE4D -> HOOKED (Unknown @ 0x861B86E8)
[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82C2E816 -> HOOKED (Unknown @ 0x869F8310)
[Address] SSDT[66] : NtCreateFile @ 0x82C824AE -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F05F12)
[Address] SSDT[74] : NtCreateMutant @ 0x82CB62C3 -> HOOKED (Unknown @ 0x869F88B8)
[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82C464BD -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F064D8)
[Address] SSDT[87] : NtCreateThread @ 0x82D1229A -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F04B24)
[Address] SSDT[88] : NtCreateThreadEx @ 0x82C70371 -> HOOKED (Unknown @ 0x869F8120)
[Address] SSDT[96] : NtDebugActiveProcess @ 0x82CE785A -> HOOKED (Unknown @ 0x869F83F0)
[Address] SSDT[103] : NtDeleteKey @ 0x82C3466E -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F05AA6)
[Address] SSDT[106] : NtDeleteValueKey @ 0x82C1A296 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F05978)
[Address] SSDT[107] : NtDeviceIoControlFile @ 0x82C94AFA -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F067D0)
[Address] SSDT[111] : NtDuplicateObject @ 0x82CB3770 -> HOOKED (Unknown @ 0x869FC280)
[Address] SSDT[131] : NtFreeVirtualMemory @ 0x82AEA96D -> HOOKED (Unknown @ 0x869F9E28)
[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82C2A048 -> HOOKED (Unknown @ 0x869F89A8)
[Address] SSDT[147] : NtImpersonateThread @ 0x82C8FCB3 -> HOOKED (Unknown @ 0x869F8A88)
[Address] SSDT[155] : NtLoadDriver @ 0x82BD8313 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F04720)
[Address] SSDT[168] : NtMapViewOfSection @ 0x82CB6585 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F0427C)
[Address] SSDT[177] : NtOpenEvent @ 0x82CB8C15 -> HOOKED (Unknown @ 0x869F87D8)
[Address] SSDT[179] : NtOpenFile @ 0x82CB1C72 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F0628E)
[Address] SSDT[182] : NtOpenKey @ 0x82C79D24 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F05ECC)
[Address] SSDT[190] : NtOpenProcess @ 0x82CB8BDF -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F05104)
[Address] SSDT[191] : NtOpenProcessToken @ 0x82C73F11 -> HOOKED (Unknown @ 0x869FC1A0)
[Address] SSDT[194] : NtOpenSection @ 0x82CB6868 -> HOOKED (Unknown @ 0x869F8618)
[Address] SSDT[198] : NtOpenThread @ 0x82CB7536 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F05430)
[Address] SSDT[215] : NtProtectVirtualMemory @ 0x82CB72EF -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F06498)
[Address] SSDT[269] : NtQueueApcThread @ 0x82C23C2F -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F04E4A)
[Address] SSDT[304] : NtResumeThread @ 0x82CA967D -> HOOKED (Unknown @ 0x869F97D8)
[Address] SSDT[312] : NtSecureConnectPort @ 0x82C97079 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F06430)
[Address] SSDT[316] : NtSetContextThread @ 0x82D13B17 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F03FA8)
[Address] SSDT[333] : NtSetInformationProcess @ 0x82C84A35 -> HOOKED (Unknown @ 0x869F9B58)
[Address] SSDT[350] : NtSetSystemInformation @ 0x82CC24A3 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F04AB6)
[Address] SSDT[358] : NtSetValueKey @ 0x82C37A06 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F05B72)
[Address] SSDT[366] : NtSuspendProcess @ 0x82D13FA3 -> HOOKED (Unknown @ 0x869F86F8)
[Address] SSDT[367] : NtSuspendThread @ 0x82CD0D04 -> HOOKED (Unknown @ 0x869F98B8)
[Address] SSDT[370] : NtTerminateProcess @ 0x82C991B5 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F0584E)
[Address] SSDT[371] : NtTerminateThread @ 0x82CABF92 -> HOOKED (Unknown @ 0x869F9998)
[Address] SSDT[385] : NtUnmapViewOfSection @ 0x82CB338A -> HOOKED (Unknown @ 0x869F9C48)
[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82CBEC63 -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F03BFA)
[Address] Shadow SSDT[7] : NtGdiAlphaBlend -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F028DE)
[Address] Shadow SSDT[14] : NtGdiBitBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F01A6C)
[Address] Shadow SSDT[125] : NtGdiDeleteObjectApp -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F018FA)
[Address] Shadow SSDT[200] : NtGdiGetPixel -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F02BBE)
[Address] Shadow SSDT[237] : NtGdiMaskBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F02028)
[Address] Shadow SSDT[243] : NtGdiOpenDCW -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F01960)
[Address] Shadow SSDT[247] : NtGdiPlgBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F02306)
[Address] Shadow SSDT[302] : NtGdiStretchBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F01D4C)
[Address] Shadow SSDT[308] : NtGdiTransparentBlt -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F025FC)
[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F0347A)
[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F00D46)
[Address] Shadow SSDT[406] : NtUserGetClassInfoEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F037FE)
[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x86E459D0)
[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F01024)
[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x85E6C420)
[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F03124)
[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F03404)
[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F033F2)
[Address] Shadow SSDT[524] : NtUserRegisterRawInputDevices -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F012D4)
[Address] Shadow SSDT[536] : NtUserSendInput -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F01632)
[Address] Shadow SSDT[544] : NtUserSetClipboardViewer -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F02E92)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F008C8)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F00A80)
[Address] Shadow SSDT[607] : NtUserUnhookWindowsHookEx -> HOOKED (C:\Windows\System32\drivers\AntiLog32.sys @ 0x95F00A5E)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ ) TOSHIBA MK2555GSX ATA Device +++++
--- User ---
[MBR] 5b1e8eac8e211b6d014440b7d97742cc
[BSP] d6933d3d670d2fd84f3cdc363de6afa2 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 171191364754332f311e37a3cc006e09
[BSP] d6933d3d670d2fd84f3cdc363de6afa2 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
 
Finished : << RKreport[0]_D_11212013_014210.txt >>
RKreport[0]_S_11212013_014033.txt
 
 
 
 
 

 Results of screen317's Security Check version 0.99.77  
 Windows 7  x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 14  
 Java version out of Date! 
 Adobe Reader 10.1.3 Adobe Reader out of Date!  
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
 Google Chrome CommonDotNET.dll.del.  
 Google Chrome IdVaultCore.dll.del.  
 Google Chrome Microsoft.mshtml.dll.  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 
 
 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Owner (administrator) on 21-11-2013 at 03:02:01
Running from "C:\Users\Owner\Downloads"
Microsoft Windows 7 Home Premium   (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/21/2013 01:19:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (11/21/2013 01:19:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (11/21/2013 01:19:02 AM) (Source: Application Error) (User: )
Description: Faulting application name: IDVaultSvc.exe, version: 1.13.111.1, time stamp: 0x50f0476f
Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206, time stamp: 0x50e65f4f
Exception code: 0xe0434f4d
Fault offset: 0x0000969b
Faulting process id: 0x%9
Faulting application start time: 0xIDVaultSvc.exe0
Faulting application path: IDVaultSvc.exe1
Faulting module path: IDVaultSvc.exe2
Report Id: IDVaultSvc.exe3
 
Error: (11/20/2013 08:12:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (11/20/2013 08:12:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (11/20/2013 08:12:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: IDVaultSvc.exe, version: 1.13.111.1, time stamp: 0x50f0476f
Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206, time stamp: 0x50e65f4f
Exception code: 0xe0434f4d
Fault offset: 0x0000969b
Faulting process id: 0x%9
Faulting application start time: 0xIDVaultSvc.exe0
Faulting application path: IDVaultSvc.exe1
Faulting module path: IDVaultSvc.exe2
Report Id: IDVaultSvc.exe3
 
Error: (11/19/2013 05:25:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (11/19/2013 05:24:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (11/19/2013 05:24:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: IDVaultSvc.exe, version: 1.13.111.1, time stamp: 0x50f0476f
Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206, time stamp: 0x50e65f4f
Exception code: 0xe0434f4d
Fault offset: 0x0000969b
Faulting process id: 0x%9
Faulting application start time: 0xIDVaultSvc.exe0
Faulting application path: IDVaultSvc.exe1
Faulting module path: IDVaultSvc.exe2
Report Id: IDVaultSvc.exe3
 
Error: (11/19/2013 03:52:59 AM) (Source: TOSHIBA Service Station) (User: )
Description: TSS Load: could not communicate with TMachInfo service
 
 
System errors:
=============
Error: (11/21/2013 01:19:10 AM) (Source: Service Control Manager) (User: )
Description: The CGPS Service service failed to start due to the following error: 
%%1053
 
Error: (11/21/2013 01:19:10 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CGPS Service service to connect.
 
Error: (11/21/2013 01:18:42 AM) (Source: Service Control Manager) (User: )
Description: The Norton Security Suite service terminated with service-specific error %%-1.
 
Error: (11/21/2013 01:18:30 AM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (11/21/2013 01:18:30 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (11/20/2013 08:55:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (11/20/2013 08:12:38 PM) (Source: Service Control Manager) (User: )
Description: The CGPS Service service failed to start due to the following error: 
%%1053
 
Error: (11/20/2013 08:12:38 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CGPS Service service to connect.
 
Error: (11/20/2013 08:12:03 PM) (Source: Service Control Manager) (User: )
Description: The Norton Security Suite service terminated with service-specific error %%-1.
 
Error: (11/20/2013 08:11:51 PM) (Source: atikmdag) (User: )
Description: Display is not active
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-22 19:44:40.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-22 19:44:40.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-22 03:09:49.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-22 03:09:49.074
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-22 01:56:08.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-22 01:56:08.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-22 01:44:50.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-22 01:44:50.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-22 01:15:59.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-22 01:15:59.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
 
**** End of log ****
 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 PM

Posted 21 November 2013 - 09:27 AM

Windows 7 x86 (UAC is enabled)
Out of date service pack!!


For you added security install Windows 7 Service Pack 1 (SP1)
http://windows.microsoft.com/installwindows7sp1
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u45 was released on Oct. 15. 2013.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 6 Update 14

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Please let me know of any remaining issues with this computer.

#9 augusta23

augusta23
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 23 November 2013 - 03:00 PM

okay, so i installed new versions of java and adobe but i am having trouble updating my windows. i will retry installing it

 

edit: it wont install. this is the latest blue screen report i got

 

Problem signature:
  Problem Event Name: BlueScreen
  OS Version: 6.1.7600.2.0.0.768.3
  Locale ID: 1033
 
Additional information about the problem:
  BCCode: 1000007e
  BCP1: C0000005
  BCP2: 82AC043C
  BCP3: 8A503B4C
  BCP4: 8A503730
  OS Version: 6_1_7600
  Service Pack: 0_0
  Product: 768_1
 
 

Edited by augusta23, 24 November 2013 - 03:57 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 PM

Posted 24 November 2013 - 10:17 AM


You executed the Combofix on your own.
What was the problem(s) you were having to do that?

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.


#11 augusta23

augusta23
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 25 November 2013 - 08:57 AM

i ran combofix because i thought my computer had malware. i realize now that i should have sought advice before doing this.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 PM

Posted 25 November 2013 - 09:32 AM

You have not issues with this computer.

#13 augusta23

augusta23
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 26 November 2013 - 09:15 AM

here is the log:

07:41:37.0665 24760  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:41:39.0711 24760  ============================================================
07:41:39.0711 24760  Current date / time: 2013/11/26 07:41:39.0711
07:41:39.0711 24760  SystemInfo:
07:41:39.0711 24760  
07:41:39.0711 24760  OS Version: 6.1.7600 ServicePack: 0.0
07:41:39.0711 24760  Product type: Workstation
07:41:39.0712 24760  ComputerName: OWNER-PC
07:41:39.0712 24760  UserName: Owner
07:41:39.0712 24760  Windows directory: C:\windows
07:41:39.0712 24760  System windows directory: C:\windows
07:41:39.0712 24760  Processor architecture: Intel x86
07:41:39.0712 24760  Number of processors: 1
07:41:39.0712 24760  Page size: 0x1000
07:41:39.0712 24760  Boot type: Normal boot
07:41:39.0712 24760  ============================================================
07:41:46.0823 24760  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:41:46.0856 24760  ============================================================
07:41:46.0856 24760  \Device\Harddisk0\DR0:
07:41:46.0856 24760  MBR partitions:
07:41:46.0856 24760  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BEAA800
07:41:46.0856 24760  ============================================================
07:41:46.0955 24760  C: <-> \Device\Harddisk0\DR0\Partition1
07:41:46.0982 24760  ============================================================
07:41:46.0982 24760  Initialize success
07:41:46.0982 24760  ============================================================
07:43:36.0647 25852  ============================================================
07:43:36.0647 25852  Scan started
07:43:36.0647 25852  Mode: Manual; SigCheck; TDLFS; 
07:43:36.0647 25852  ============================================================
07:43:39.0449 25852  ================ Scan system memory ========================
07:43:39.0449 25852  System memory - ok
07:43:39.0455 25852  ================ Scan services =============================
07:43:40.0278 25852  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\windows\system32\DRIVERS\1394ohci.sys
07:43:41.0648 25852  1394ohci - ok
07:43:41.0763 25852  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\windows\system32\DRIVERS\ACPI.sys
07:43:41.0861 25852  ACPI - ok
07:43:42.0050 25852  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\windows\system32\DRIVERS\acpipmi.sys
07:43:42.0623 25852  AcpiPmi - ok
07:43:43.0093 25852  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:43:43.0313 25852  AdobeARMservice - ok
07:43:43.0995 25852  [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:43:44.0101 25852  AdobeFlashPlayerUpdateSvc - ok
07:43:44.0265 25852  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
07:43:44.0531 25852  adp94xx - ok
07:43:44.0727 25852  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
07:43:44.0892 25852  adpahci - ok
07:43:44.0963 25852  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
07:43:45.0092 25852  adpu320 - ok
07:43:45.0292 25852  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
07:43:45.0901 25852  AeLookupSvc - ok
07:43:46.0037 25852  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD             C:\windows\system32\drivers\afd.sys
07:43:46.0413 25852  AFD - ok
07:43:46.0550 25852  [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem  C:\windows\system32\DRIVERS\AGRSM.sys
07:43:46.0758 25852  AgereSoftModem - ok
07:43:46.0817 25852  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\DRIVERS\agp440.sys
07:43:46.0944 25852  agp440 - ok
07:43:47.0045 25852  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
07:43:47.0209 25852  aic78xx - ok
07:43:47.0574 25852  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
07:43:48.0096 25852  ALG - ok
07:43:48.0321 25852  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\DRIVERS\aliide.sys
07:43:48.0369 25852  aliide - ok
07:43:48.0479 25852  [ 0BC6704F6FB4C63CDCB85401E8263A1B ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
07:43:48.0947 25852  AMD External Events Utility - ok
07:43:49.0000 25852  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\DRIVERS\amdagp.sys
07:43:49.0043 25852  amdagp - ok
07:43:49.0156 25852  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\DRIVERS\amdide.sys
07:43:49.0213 25852  amdide - ok
07:43:49.0413 25852  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
07:43:49.0540 25852  AmdK8 - ok
07:43:49.0784 25852  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
07:43:50.0035 25852  AmdPPM - ok
07:43:50.0220 25852  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata         C:\windows\system32\drivers\amdsata.sys
07:43:50.0358 25852  amdsata - ok
07:43:50.0465 25852  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
07:43:50.0676 25852  amdsbs - ok
07:43:50.0707 25852  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata         C:\windows\system32\drivers\amdxata.sys
07:43:50.0878 25852  amdxata - ok
07:43:51.0211 25852  [ A595832D7708BC26372BF5FDD73963C9 ] AntiLog32       C:\windows\system32\drivers\AntiLog32.sys
07:43:51.0888 25852  AntiLog32 - ok
07:43:51.0989 25852  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\windows\system32\drivers\appid.sys
07:43:52.0563 25852  AppID - ok
07:43:52.0620 25852  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
07:43:53.0547 25852  AppIDSvc - ok
07:43:53.0764 25852  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\windows\System32\appinfo.dll
07:43:54.0084 25852  Appinfo - ok
07:43:54.0291 25852  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
07:43:54.0385 25852  arc - ok
07:43:54.0415 25852  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
07:43:54.0475 25852  arcsas - ok
07:43:54.0593 25852  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
07:43:55.0438 25852  AsyncMac - ok
07:43:55.0475 25852  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\DRIVERS\atapi.sys
07:43:55.0553 25852  atapi - ok
07:43:56.0611 25852  [ C97BE8350FBCB1960B22FAD2E6C2B514 ] atikmdag        C:\windows\system32\DRIVERS\atikmdag.sys
07:43:56.0932 25852  atikmdag - ok
07:43:57.0075 25852  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie         C:\windows\system32\DRIVERS\AtiPcie.sys
07:43:57.0151 25852  AtiPcie - ok
07:43:57.0388 25852  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
07:43:57.0527 25852  AudioEndpointBuilder - ok
07:43:57.0622 25852  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\windows\System32\Audiosrv.dll
07:43:57.0762 25852  Audiosrv - ok
07:43:58.0101 25852  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\windows\System32\AxInstSV.dll
07:43:58.0463 25852  AxInstSV - ok
07:43:58.0656 25852  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
07:43:58.0941 25852  b06bdrv - ok
07:43:59.0306 25852  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
07:43:59.0445 25852  b57nd60x - ok
07:43:59.0514 25852  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
07:43:59.0869 25852  BDESVC - ok
07:44:00.0289 25852  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
07:44:00.0489 25852  Beep - ok
07:44:00.0687 25852  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\windows\System32\bfe.dll
07:44:00.0903 25852  BFE - ok
07:44:01.0856 25852  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130715.001\BHDrvx86.sys
07:44:03.0114 25852  BHDrvx86 - ok
07:44:03.0470 25852  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\windows\system32\qmgr.dll
07:44:03.0683 25852  BITS - ok
07:44:03.0746 25852  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
07:44:03.0790 25852  blbdrive - ok
07:44:03.0852 25852  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
07:44:03.0907 25852  bowser - ok
07:44:03.0954 25852  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
07:44:04.0088 25852  BrFiltLo - ok
07:44:04.0197 25852  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
07:44:04.0416 25852  BrFiltUp - ok
07:44:04.0620 25852  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
07:44:04.0756 25852  BridgeMP - ok
07:44:04.0808 25852  [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser         C:\windows\System32\browser.dll
07:44:05.0019 25852  Browser - ok
07:44:05.0142 25852  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
07:44:05.0275 25852  Brserid - ok
07:44:05.0330 25852  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
07:44:05.0536 25852  BrSerWdm - ok
07:44:05.0597 25852  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
07:44:05.0713 25852  BrUsbMdm - ok
07:44:05.0753 25852  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
07:44:05.0859 25852  BrUsbSer - ok
07:44:05.0921 25852  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
07:44:06.0009 25852  BTHMODEM - ok
07:44:06.0183 25852  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
07:44:06.0364 25852  bthserv - ok
07:44:07.0301 25852  catchme - ok
07:44:07.0600 25852  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
07:44:08.0030 25852  cdfs - ok
07:44:08.0326 25852  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
07:44:08.0545 25852  cdrom - ok
07:44:08.0921 25852  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\windows\System32\certprop.dll
07:44:09.0329 25852  CertPropSvc - ok
07:44:09.0562 25852  [ 1F8A319D29394F9CE1B7AE020DF2EBBF ] cfWiMAXService  C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
07:44:09.0604 25852  cfWiMAXService - ok
07:44:09.0737 25852  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
07:44:09.0802 25852  circlass - ok
07:44:09.0859 25852  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
07:44:09.0923 25852  CLFS - ok
07:44:10.0352 25852  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:44:10.0903 25852  clr_optimization_v2.0.50727_32 - ok
07:44:11.0223 25852  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:44:11.0324 25852  clr_optimization_v4.0.30319_32 - ok
07:44:11.0372 25852  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
07:44:11.0462 25852  CmBatt - ok
07:44:11.0495 25852  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\DRIVERS\cmdide.sys
07:44:11.0516 25852  cmdide - ok
07:44:11.0629 25852  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG             C:\windows\system32\Drivers\cng.sys
07:44:11.0754 25852  CNG - ok
07:44:11.0838 25852  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
07:44:11.0890 25852  Compbatt - ok
07:44:12.0050 25852  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
07:44:12.0138 25852  CompositeBus - ok
07:44:12.0188 25852  COMSysApp - ok
07:44:12.0252 25852  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
07:44:12.0349 25852  ConfigFree Service - ok
07:44:12.0384 25852  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
07:44:12.0454 25852  crcdisk - ok
07:44:12.0577 25852  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc        C:\windows\system32\cryptsvc.dll
07:44:12.0875 25852  CryptSvc - ok
07:44:12.0954 25852  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\windows\system32\rpcss.dll
07:44:13.0070 25852  DcomLaunch - ok
07:44:13.0148 25852  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
07:44:13.0539 25852  defragsvc - ok
07:44:13.0632 25852  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
07:44:13.0826 25852  DfsC - ok
07:44:13.0944 25852  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\windows\system32\dhcpcore.dll
07:44:14.0125 25852  Dhcp - ok
07:44:14.0173 25852  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
07:44:14.0385 25852  discache - ok
07:44:14.0463 25852  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
07:44:14.0519 25852  Disk - ok
07:44:14.0586 25852  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\windows\System32\dnsrslvr.dll
07:44:14.0681 25852  Dnscache - ok
07:44:14.0744 25852  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\windows\System32\dot3svc.dll
07:44:14.0940 25852  dot3svc - ok
07:44:15.0055 25852  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\windows\system32\dps.dll
07:44:15.0114 25852  DPS - ok
07:44:15.0194 25852  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
07:44:15.0319 25852  drmkaud - ok
07:44:15.0504 25852  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
07:44:15.0556 25852  DXGKrnl - ok
07:44:15.0723 25852  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
07:44:15.0904 25852  EapHost - ok
07:44:16.0444 25852  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
07:44:16.0823 25852  ebdrv - ok
07:44:17.0018 25852  [ 579A6B6135D32B857FAF0E3A974535D8 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:44:17.0126 25852  eeCtrl - ok
07:44:17.0170 25852  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS             C:\windows\System32\lsass.exe
07:44:17.0358 25852  EFS - ok
07:44:17.0445 25852  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr         C:\windows\ehome\ehRecvr.exe
07:44:17.0650 25852  ehRecvr - ok
07:44:17.0695 25852  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
07:44:17.0983 25852  ehSched - ok
07:44:18.0168 25852  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
07:44:18.0228 25852  elxstor - ok
07:44:18.0244 25852  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\DRIVERS\errdev.sys
07:44:18.0374 25852  ErrDev - ok
07:44:18.0640 25852  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
07:44:18.0724 25852  EventSystem - ok
07:44:18.0765 25852  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
07:44:18.0851 25852  exfat - ok
07:44:18.0891 25852  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
07:44:18.0948 25852  fastfat - ok
07:44:19.0076 25852  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\windows\system32\fxssvc.exe
07:44:19.0226 25852  Fax - ok
07:44:19.0293 25852  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
07:44:19.0348 25852  fdc - ok
07:44:19.0394 25852  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
07:44:19.0573 25852  fdPHost - ok
07:44:19.0599 25852  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
07:44:19.0731 25852  FDResPub - ok
07:44:19.0766 25852  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
07:44:19.0834 25852  FileInfo - ok
07:44:19.0880 25852  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
07:44:19.0963 25852  Filetrace - ok
07:44:20.0017 25852  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
07:44:20.0120 25852  flpydisk - ok
07:44:20.0214 25852  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
07:44:20.0300 25852  FltMgr - ok
07:44:20.0367 25852  [ 7FE4995528A7529A761875151EE3D512 ] FontCache       C:\windows\system32\FntCache.dll
07:44:20.0599 25852  FontCache - ok
07:44:20.0686 25852  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:44:20.0759 25852  FontCache3.0.0.0 - ok
07:44:20.0819 25852  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
07:44:20.0922 25852  FsDepends - ok
07:44:20.0959 25852  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
07:44:21.0055 25852  Fs_Rec - ok
07:44:21.0211 25852  [ 4732E596BB1C50D9F9188C5074EE7782 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
07:44:21.0387 25852  fvevol - ok
07:44:21.0445 25852  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
07:44:21.0554 25852  gagp30kx - ok
07:44:21.0671 25852  [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
07:44:21.0890 25852  GameConsoleService - ok
07:44:21.0958 25852  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
07:44:22.0035 25852  GEARAspiWDM - ok
07:44:22.0175 25852  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\windows\System32\gpsvc.dll
07:44:22.0243 25852  gpsvc - ok
07:44:22.0377 25852  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
07:44:22.0428 25852  gupdate - ok
07:44:22.0498 25852  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
07:44:22.0518 25852  gupdatem - ok
07:44:22.0555 25852  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
07:44:22.0883 25852  hcw85cir - ok
07:44:22.0979 25852  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
07:44:23.0104 25852  HdAudAddService - ok
07:44:23.0164 25852  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
07:44:23.0282 25852  HDAudBus - ok
07:44:23.0311 25852  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
07:44:23.0547 25852  HidBatt - ok
07:44:23.0635 25852  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
07:44:23.0735 25852  HidBth - ok
07:44:23.0837 25852  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
07:44:23.0924 25852  HidIr - ok
07:44:24.0032 25852  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\System32\hidserv.dll
07:44:24.0215 25852  hidserv - ok
07:44:24.0338 25852  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
07:44:24.0578 25852  HidUsb - ok
07:44:24.0663 25852  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\windows\system32\kmsvc.dll
07:44:25.0089 25852  hkmsvc - ok
07:44:25.0215 25852  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll
07:44:25.0658 25852  HomeGroupListener - ok
07:44:25.0752 25852  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll
07:44:25.0838 25852  HomeGroupProvider - ok
07:44:25.0895 25852  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\DRIVERS\HpSAMD.sys
07:44:26.0002 25852  HpSAMD - ok
07:44:26.0094 25852  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\windows\system32\drivers\HTTP.sys
07:44:26.0382 25852  HTTP - ok
07:44:26.0441 25852  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
07:44:26.0516 25852  hwpolicy - ok
07:44:26.0709 25852  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
07:44:26.0813 25852  i8042prt - ok
07:44:26.0892 25852  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
07:44:27.0031 25852  iaStorV - ok
07:44:27.0175 25852  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:44:27.0416 25852  idsvc - ok
07:44:27.0827 25852  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130809.001\IDSvix86.sys
07:44:28.0381 25852  IDSVix86 - ok
07:44:28.0581 25852  [ 5949989FFE62C5EC8B91B9A37D658B90 ] IDVaultSvc      C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
07:44:28.0814 25852  IDVaultSvc - ok
07:44:28.0938 25852  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
07:44:28.0959 25852  iirsp - ok
07:44:29.0057 25852  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\windows\System32\ikeext.dll
07:44:29.0159 25852  IKEEXT - ok
07:44:29.0495 25852  [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
07:44:29.0908 25852  IntcAzAudAddService - ok
07:44:29.0972 25852  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\DRIVERS\intelide.sys
07:44:30.0030 25852  intelide - ok
07:44:30.0087 25852  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
07:44:30.0162 25852  intelppm - ok
07:44:30.0203 25852  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
07:44:30.0439 25852  IPBusEnum - ok
07:44:30.0507 25852  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
07:44:30.0598 25852  IpFilterDriver - ok
07:44:30.0709 25852  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
07:44:30.0817 25852  iphlpsvc - ok
07:44:30.0864 25852  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\windows\system32\DRIVERS\IPMIDrv.sys
07:44:30.0977 25852  IPMIDRV - ok
07:44:31.0022 25852  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
07:44:31.0142 25852  IPNAT - ok
07:44:31.0201 25852  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
07:44:31.0266 25852  IRENUM - ok
07:44:31.0346 25852  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\DRIVERS\isapnp.sys
07:44:31.0538 25852  isapnp - ok
07:44:31.0855 25852  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\windows\system32\DRIVERS\msiscsi.sys
07:44:31.0928 25852  iScsiPrt - ok
07:44:32.0077 25852  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
07:44:32.0115 25852  kbdclass - ok
07:44:32.0194 25852  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
07:44:32.0273 25852  kbdhid - ok
07:44:32.0386 25852  [ 073F64AE093C96CA7ED4BC4F80996261 ] keycrypt        C:\windows\system32\DRIVERS\KeyCrypt32.sys
07:44:32.0553 25852  keycrypt - ok
07:44:32.0583 25852  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\windows\system32\lsass.exe
07:44:32.0637 25852  KeyIso - ok
07:44:32.0720 25852  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
07:44:32.0805 25852  KSecDD - ok
07:44:32.0887 25852  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
07:44:32.0940 25852  KSecPkg - ok
07:44:33.0028 25852  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
07:44:33.0229 25852  KtmRm - ok
07:44:33.0336 25852  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\windows\System32\srvsvc.dll
07:44:33.0405 25852  LanmanServer - ok
07:44:33.0533 25852  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
07:44:33.0597 25852  LanmanWorkstation - ok
07:44:33.0756 25852  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
07:44:33.0819 25852  lltdio - ok
07:44:33.0873 25852  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
07:44:34.0063 25852  lltdsvc - ok
07:44:34.0087 25852  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
07:44:34.0281 25852  lmhosts - ok
07:44:34.0433 25852  [ 6E3D3816749E107883EEC5734CE44493 ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
07:44:34.0494 25852  LPCFilter - ok
07:44:34.0563 25852  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
07:44:34.0615 25852  LSI_FC - ok
07:44:34.0666 25852  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
07:44:34.0689 25852  LSI_SAS - ok
07:44:34.0726 25852  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
07:44:34.0805 25852  LSI_SAS2 - ok
07:44:34.0868 25852  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
07:44:34.0932 25852  LSI_SCSI - ok
07:44:34.0968 25852  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
07:44:35.0123 25852  luafv - ok
07:44:35.0176 25852  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
07:44:35.0310 25852  Mcx2Svc - ok
07:44:35.0371 25852  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
07:44:35.0408 25852  megasas - ok
07:44:35.0505 25852  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
07:44:35.0582 25852  MegaSR - ok
07:44:35.0657 25852  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
07:44:35.0761 25852  MMCSS - ok
07:44:35.0826 25852  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
07:44:35.0953 25852  Modem - ok
07:44:36.0005 25852  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
07:44:36.0096 25852  monitor - ok
07:44:36.0202 25852  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
07:44:36.0277 25852  mouclass - ok
07:44:36.0373 25852  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
07:44:36.0528 25852  mouhid - ok
07:44:36.0575 25852  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
07:44:36.0801 25852  mountmgr - ok
07:44:36.0833 25852  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\windows\system32\DRIVERS\mpio.sys
07:44:36.0959 25852  mpio - ok
07:44:37.0092 25852  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
07:44:37.0491 25852  mpsdrv - ok
07:44:37.0612 25852  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\windows\system32\mpssvc.dll
07:44:37.0893 25852  MpsSvc - ok
07:44:37.0927 25852  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
07:44:38.0077 25852  MRxDAV - ok
07:44:38.0125 25852  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
07:44:38.0372 25852  mrxsmb - ok
07:44:38.0467 25852  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
07:44:38.0709 25852  mrxsmb10 - ok
07:44:38.0746 25852  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
07:44:38.0877 25852  mrxsmb20 - ok
07:44:38.0942 25852  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
07:44:39.0001 25852  msahci - ok
07:44:39.0038 25852  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\windows\system32\DRIVERS\msdsm.sys
07:44:39.0214 25852  msdsm - ok
07:44:39.0272 25852  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
07:44:39.0468 25852  MSDTC - ok
07:44:39.0553 25852  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
07:44:39.0648 25852  Msfs - ok
07:44:39.0725 25852  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
07:44:39.0830 25852  mshidkmdf - ok
07:44:39.0859 25852  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\DRIVERS\msisadrv.sys
07:44:39.0952 25852  msisadrv - ok
07:44:40.0094 25852  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
07:44:40.0283 25852  MSiSCSI - ok
07:44:40.0301 25852  msiserver - ok
07:44:40.0354 25852  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
07:44:40.0475 25852  MSKSSRV - ok
07:44:40.0587 25852  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
07:44:40.0777 25852  MSPCLOCK - ok
07:44:40.0876 25852  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
07:44:40.0955 25852  MSPQM - ok
07:44:41.0028 25852  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
07:44:41.0133 25852  MsRPC - ok
07:44:41.0238 25852  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
07:44:41.0259 25852  mssmbios - ok
07:44:41.0314 25852  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
07:44:41.0383 25852  MSTEE - ok
07:44:41.0425 25852  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
07:44:41.0508 25852  MTConfig - ok
07:44:41.0539 25852  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
07:44:41.0621 25852  Mup - ok
07:44:41.0993 25852  [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360            C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
07:44:42.0538 25852  N360 - ok
07:44:42.0607 25852  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\windows\system32\qagentRT.dll
07:44:42.0756 25852  napagent - ok
07:44:42.0851 25852  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
07:44:42.0999 25852  NativeWifiP - ok
07:44:43.0414 25852  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130809.016\NAVENG.SYS
07:44:43.0689 25852  NAVENG - ok
07:44:44.0052 25852  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130809.016\NAVEX15.SYS
07:44:44.0516 25852  NAVEX15 - ok
07:44:44.0625 25852  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\windows\system32\drivers\ndis.sys
07:44:44.0677 25852  NDIS - ok
07:44:44.0779 25852  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
07:44:44.0878 25852  NdisCap - ok
07:44:44.0951 25852  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
07:44:45.0091 25852  NdisTapi - ok
07:44:45.0152 25852  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
07:44:45.0246 25852  Ndisuio - ok
07:44:45.0288 25852  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
07:44:45.0382 25852  NdisWan - ok
07:44:45.0422 25852  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
07:44:45.0482 25852  NDProxy - ok
07:44:45.0567 25852  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
07:44:45.0656 25852  NetBIOS - ok
07:44:45.0674 25852  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
07:44:45.0935 25852  NetBT - ok
07:44:45.0961 25852  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\windows\system32\lsass.exe
07:44:45.0986 25852  Netlogon - ok
07:44:46.0075 25852  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
07:44:46.0222 25852  Netman - ok
07:44:46.0278 25852  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
07:44:46.0336 25852  netprofm - ok
07:44:46.0388 25852  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:44:46.0444 25852  NetTcpPortSharing - ok
07:44:46.0530 25852  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
07:44:46.0585 25852  nfrd960 - ok
07:44:46.0691 25852  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\windows\System32\nlasvc.dll
07:44:46.0842 25852  NlaSvc - ok
07:44:47.0120 25852  [ 86392B21E90C3CB2C3436AB73B135701 ] Norton PC Checkup Application Launcher C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
07:44:47.0266 25852  Norton PC Checkup Application Launcher - ok
07:44:47.0392 25852  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
07:44:47.0532 25852  Npfs - ok
07:44:47.0602 25852  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
07:44:47.0660 25852  nsi - ok
07:44:47.0692 25852  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
07:44:47.0827 25852  nsiproxy - ok
07:44:48.0015 25852  [ A8F59428E9F361C7AC42A94AC1560BC9 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
07:44:48.0349 25852  Ntfs - ok
07:44:48.0396 25852  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
07:44:48.0555 25852  Null - ok
07:44:48.0611 25852  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\windows\system32\drivers\nvraid.sys
07:44:48.0635 25852  nvraid - ok
07:44:48.0670 25852  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\windows\system32\drivers\nvstor.sys
07:44:48.0697 25852  nvstor - ok
07:44:48.0772 25852  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\DRIVERS\nv_agp.sys
07:44:48.0837 25852  nv_agp - ok
07:44:49.0143 25852  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:44:49.0784 25852  odserv - ok
07:44:50.0379 25852  [ D9FFBA7C2AEA8854C2BA64F077D50FEA ] Office Depot PC Support Agent C:\Program Files\Office Depot PC Support Agent\esService.exe
07:44:50.0808 25852  Office Depot PC Support Agent - ok
07:44:50.0878 25852  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\DRIVERS\ohci1394.sys
07:44:50.0932 25852  ohci1394 - ok
07:44:51.0013 25852  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:44:51.0116 25852  ose - ok
07:44:51.0185 25852  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
07:44:51.0517 25852  p2pimsvc - ok
07:44:51.0631 25852  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
07:44:51.0736 25852  p2psvc - ok
07:44:51.0798 25852  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
07:44:51.0926 25852  Parport - ok
07:44:51.0968 25852  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr         C:\windows\system32\drivers\partmgr.sys
07:44:52.0035 25852  partmgr - ok
07:44:52.0105 25852  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
07:44:52.0200 25852  Parvdm - ok
07:44:52.0284 25852  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
07:44:52.0315 25852  PcaSvc - ok
07:44:52.0490 25852  [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr      C:\Program Files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
07:44:52.0514 25852  PCCUJobMgr - ok
07:44:52.0562 25852  [ C858CB77C577780ECC456A892E7E7D0F ] pci             C:\windows\system32\DRIVERS\pci.sys
07:44:52.0586 25852  pci - ok
07:44:52.0650 25852  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\DRIVERS\pciide.sys
07:44:52.0683 25852  pciide - ok
07:44:52.0751 25852  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
07:44:52.0836 25852  pcmcia - ok
07:44:52.0955 25852  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
07:44:53.0011 25852  pcw - ok
07:44:53.0200 25852  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
07:44:53.0403 25852  PEAUTH - ok
07:44:53.0697 25852  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\windows\system32\pla.dll
07:44:53.0960 25852  pla - ok
07:44:54.0068 25852  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
07:44:54.0273 25852  PlugPlay - ok
07:44:54.0342 25852  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
07:44:54.0472 25852  PNRPAutoReg - ok
07:44:54.0510 25852  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
07:44:54.0565 25852  PNRPsvc - ok
07:44:54.0675 25852  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
07:44:54.0819 25852  PolicyAgent - ok
07:44:54.0878 25852  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\windows\system32\umpo.dll
07:44:54.0954 25852  Power - ok
07:44:55.0030 25852  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
07:44:55.0296 25852  PptpMiniport - ok
07:44:55.0364 25852  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
07:44:55.0474 25852  Processor - ok
07:44:55.0634 25852  [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc         C:\windows\system32\profsvc.dll
07:44:55.0896 25852  ProfSvc - ok
07:44:55.0951 25852  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\windows\system32\lsass.exe
07:44:55.0995 25852  ProtectedStorage - ok
07:44:56.0028 25852  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
07:44:56.0124 25852  Psched - ok
07:44:56.0308 25852  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
07:44:56.0432 25852  ql2300 - ok
07:44:56.0490 25852  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
07:44:56.0580 25852  ql40xx - ok
07:44:56.0640 25852  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
07:44:56.0793 25852  QWAVE - ok
07:44:56.0867 25852  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
07:44:57.0073 25852  QWAVEdrv - ok
07:44:57.0101 25852  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
07:44:57.0243 25852  RasAcd - ok
07:44:57.0423 25852  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
07:44:57.0709 25852  RasAgileVpn - ok
07:44:57.0810 25852  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
07:44:57.0884 25852  RasAuto - ok
07:44:57.0962 25852  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
07:44:58.0149 25852  Rasl2tp - ok
07:44:58.0243 25852  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\windows\System32\rasmans.dll
07:44:58.0461 25852  RasMan - ok
07:44:58.0518 25852  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
07:44:58.0710 25852  RasPppoe - ok
07:44:58.0853 25852  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
07:44:58.0917 25852  RasSstp - ok
07:44:58.0960 25852  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
07:44:59.0046 25852  rdbss - ok
07:44:59.0093 25852  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
07:44:59.0271 25852  rdpbus - ok
07:44:59.0311 25852  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
07:44:59.0418 25852  RDPCDD - ok
07:44:59.0513 25852  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
07:44:59.0668 25852  RDPENCDD - ok
07:44:59.0725 25852  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
07:44:59.0878 25852  RDPREFMP - ok
07:44:59.0930 25852  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
07:45:00.0489 25852  RDPWD - ok
07:45:00.0572 25852  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
07:45:00.0942 25852  rdyboost - ok
07:45:00.0985 25852  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
07:45:01.0225 25852  RemoteAccess - ok
07:45:01.0285 25852  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
07:45:01.0671 25852  RemoteRegistry - ok
07:45:01.0744 25852  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
07:45:01.0899 25852  RpcEptMapper - ok
07:45:01.0957 25852  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
07:45:02.0168 25852  RpcLocator - ok
07:45:02.0204 25852  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\windows\system32\rpcss.dll
07:45:02.0267 25852  RpcSs - ok
07:45:02.0361 25852  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
07:45:02.0497 25852  rspndr - ok
07:45:02.0641 25852  [ EF8B2AFC3C0751C5E5A59983C8893260 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
07:45:03.0025 25852  RSUSBSTOR - ok
07:45:03.0097 25852  [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
07:45:03.0457 25852  RTL8167 - ok
07:45:03.0605 25852  [ 5BD298BDF62E6A8A0FC69F73A82A52BB ] RTL8187Se       C:\windows\system32\DRIVERS\RTL8187Se.sys
07:45:04.0170 25852  RTL8187Se - ok
07:45:04.0186 25852  RtsUIR - ok
07:45:04.0219 25852  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs           C:\windows\system32\lsass.exe
07:45:04.0261 25852  SamSs - ok
07:45:04.0365 25852  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\windows\system32\DRIVERS\sbp2port.sys
07:45:04.0447 25852  sbp2port - ok
07:45:04.0565 25852  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
07:45:04.0831 25852  SCardSvr - ok
07:45:04.0873 25852  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
07:45:05.0061 25852  scfilter - ok
07:45:05.0175 25852  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\windows\system32\schedsvc.dll
07:45:05.0342 25852  Schedule - ok
07:45:05.0367 25852  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\windows\System32\certprop.dll
07:45:05.0436 25852  SCPolicySvc - ok
07:45:05.0462 25852  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\windows\System32\SDRSVC.dll
07:45:05.0896 25852  SDRSVC - ok
07:45:05.0991 25852  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
07:45:06.0126 25852  secdrv - ok
07:45:06.0238 25852  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
07:45:06.0377 25852  seclogon - ok
07:45:06.0497 25852  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\system32\sens.dll
07:45:06.0619 25852  SENS - ok
07:45:06.0674 25852  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
07:45:06.0845 25852  SensrSvc - ok
07:45:06.0949 25852  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
07:45:07.0027 25852  Serenum - ok
07:45:07.0051 25852  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
07:45:07.0132 25852  Serial - ok
07:45:07.0196 25852  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
07:45:07.0267 25852  sermouse - ok
07:45:07.0398 25852  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\windows\system32\sessenv.dll
07:45:07.0475 25852  SessionEnv - ok
07:45:07.0529 25852  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\DRIVERS\sffdisk.sys
07:45:07.0662 25852  sffdisk - ok
07:45:07.0752 25852  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\DRIVERS\sffp_mmc.sys
07:45:08.0051 25852  sffp_mmc - ok
07:45:08.0086 25852  [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd         C:\windows\system32\DRIVERS\sffp_sd.sys
07:45:08.0152 25852  sffp_sd - ok
07:45:08.0181 25852  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
07:45:08.0427 25852  sfloppy - ok
07:45:08.0504 25852  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
07:45:08.0646 25852  SharedAccess - ok
07:45:08.0705 25852  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll
07:45:08.0741 25852  ShellHWDetection - ok
07:45:08.0776 25852  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\DRIVERS\sisagp.sys
07:45:08.0813 25852  sisagp - ok
07:45:08.0910 25852  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
07:45:08.0952 25852  SiSRaid2 - ok
07:45:08.0991 25852  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
07:45:09.0033 25852  SiSRaid4 - ok
07:45:09.0113 25852  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
07:45:09.0217 25852  Smb - ok
07:45:09.0337 25852  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
07:45:09.0492 25852  SNMPTRAP - ok
07:45:09.0537 25852  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
07:45:09.0601 25852  spldr - ok
07:45:09.0680 25852  [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler         C:\windows\System32\spoolsv.exe
07:45:09.0965 25852  Spooler - ok
07:45:10.0309 25852  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\windows\system32\sppsvc.exe
07:45:10.0532 25852  sppsvc - ok
07:45:10.0561 25852  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\windows\system32\sppuinotify.dll
07:45:10.0667 25852  sppuinotify - ok
07:45:10.0922 25852  [ 83726CF02ECED69138948083E06B6EAC ] SRTSP           C:\windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS
07:45:11.0215 25852  SRTSP - ok
07:45:11.0424 25852  [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX          C:\windows\system32\drivers\N360\0502010.003\SRTSPX.SYS
07:45:11.0467 25852  SRTSPX - ok
07:45:11.0521 25852  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv             C:\windows\system32\DRIVERS\srv.sys
07:45:11.0640 25852  srv - ok
07:45:11.0730 25852  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
07:45:11.0780 25852  srv2 - ok
07:45:11.0857 25852  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
07:45:11.0943 25852  srvnet - ok
07:45:12.0004 25852  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
07:45:12.0061 25852  SSDPSRV - ok
07:45:12.0193 25852  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
07:45:12.0272 25852  SstpSvc - ok
07:45:12.0469 25852  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
07:45:12.0631 25852  stexstor - ok
07:45:13.0001 25852  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\windows\System32\wiaservc.dll
07:45:13.0042 25852  StiSvc - ok
07:45:13.0084 25852  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
07:45:13.0105 25852  swenum - ok
07:45:13.0204 25852  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
07:45:13.0331 25852  swprv - ok
07:45:13.0684 25852  [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS           C:\windows\system32\drivers\N360\0502010.003\SYMDS.SYS
07:45:13.0738 25852  SymDS - ok
07:45:13.0914 25852  [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA          C:\windows\system32\drivers\N360\0502010.003\SYMEFA.SYS
07:45:14.0025 25852  SymEFA - ok
07:45:14.0151 25852  [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent        C:\windows\system32\Drivers\SYMEVENT.SYS
07:45:14.0192 25852  SymEvent - ok
07:45:14.0295 25852  [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON         C:\windows\system32\drivers\N360\0502010.003\Ironx86.SYS
07:45:14.0401 25852  SymIRON - ok
07:45:14.0552 25852  [ 2C688094650D23B62B0A809DECD0B12F ] SymNetS         C:\windows\System32\Drivers\N360\0502000.00D\SYMNETS.SYS
07:45:14.0606 25852  SymNetS - ok
07:45:14.0687 25852  [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
07:45:14.0723 25852  SynTP - ok
07:45:14.0972 25852  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\windows\system32\sysmain.dll
07:45:15.0153 25852  SysMain - ok
07:45:15.0240 25852  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll
07:45:15.0314 25852  TabletInputService - ok
07:45:15.0393 25852  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\windows\System32\tapisrv.dll
07:45:15.0714 25852  TapiSrv - ok
07:45:15.0817 25852  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
07:45:16.0030 25852  TBS - ok
07:45:16.0235 25852  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip           C:\windows\system32\drivers\tcpip.sys
07:45:16.0361 25852  Tcpip - ok
07:45:16.0557 25852  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
07:45:16.0651 25852  TCPIP6 - ok
07:45:16.0767 25852  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
07:45:16.0872 25852  tcpipreg - ok
07:45:16.0939 25852  [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
07:45:16.0995 25852  tdcmdpst - ok
07:45:17.0073 25852  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
07:45:17.0421 25852  TDPIPE - ok
07:45:17.0517 25852  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
07:45:17.0574 25852  TDTCP - ok
07:45:17.0669 25852  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
07:45:17.0711 25852  tdx - ok
07:45:17.0727 25852  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
07:45:17.0752 25852  TermDD - ok
07:45:18.0119 25852  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\windows\System32\termsrv.dll
07:45:18.0219 25852  TermService - ok
07:45:18.0300 25852  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
07:45:18.0399 25852  Themes - ok
07:45:18.0449 25852  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
07:45:18.0547 25852  THREADORDER - ok
07:45:18.0954 25852  [ F120967184A27E927052E8DDBB727851 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
07:45:18.0973 25852  TMachInfo - ok
07:45:19.0073 25852  [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
07:45:19.0106 25852  TODDSrv - ok
07:45:19.0299 25852  [ 451B09BA1A0D019BA0B5A27229559D55 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
07:45:19.0362 25852  TosCoSrv - ok
07:45:19.0624 25852  [ 94ECABE1BA3559214FE6C3CE6C9677EB ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
07:45:19.0712 25852  TOSHIBA HDD SSD Alert Service - ok
07:45:19.0781 25852  [ 969377943FE7284609BABBAB4E06B93C ] tos_sps32       C:\windows\system32\DRIVERS\tos_sps32.sys
07:45:19.0808 25852  tos_sps32 - ok
07:45:19.0895 25852  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
07:45:20.0023 25852  TrkWks - ok
07:45:20.0180 25852  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
07:45:20.0315 25852  TrustedInstaller - ok
07:45:20.0370 25852  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
07:45:20.0506 25852  tssecsrv - ok
07:45:20.0574 25852  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
07:45:20.0671 25852  tunnel - ok
07:45:20.0797 25852  [ FC24015B4052600C324C43E3A79C0664 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
07:45:20.0823 25852  TVALZ - ok
07:45:20.0895 25852  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
07:45:20.0919 25852  uagp35 - ok
07:45:21.0026 25852  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\windows\system32\DRIVERS\udfs.sys
07:45:21.0164 25852  udfs - ok
07:45:21.0215 25852  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
07:45:21.0315 25852  UI0Detect - ok
07:45:21.0422 25852  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\DRIVERS\uliagpkx.sys
07:45:21.0444 25852  uliagpkx - ok
07:45:21.0531 25852  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus           C:\windows\system32\DRIVERS\umbus.sys
07:45:21.0595 25852  umbus - ok
07:45:21.0656 25852  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
07:45:21.0697 25852  UmPass - ok
07:45:21.0766 25852  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
07:45:22.0018 25852  upnphost - ok
07:45:22.0066 25852  [ C31AE588E403042632DC796CF09E30B0 ] usbccgp         C:\windows\system32\drivers\usbccgp.sys
07:45:22.0213 25852  usbccgp - ok
07:45:22.0231 25852  USBCCID - ok
07:45:22.0307 25852  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\DRIVERS\usbcir.sys
07:45:22.0381 25852  usbcir - ok
07:45:22.0499 25852  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
07:45:22.0545 25852  usbehci - ok
07:45:22.0613 25852  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
07:45:22.0673 25852  usbhub - ok
07:45:22.0714 25852  [ EB2D819A639015253C871CDA09D91D58 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
07:45:22.0755 25852  usbohci - ok
07:45:22.0822 25852  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
07:45:22.0892 25852  usbprint - ok
07:45:22.0936 25852  [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
07:45:23.0057 25852  USBSTOR - ok
07:45:23.0083 25852  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
07:45:23.0187 25852  usbuhci - ok
07:45:23.0308 25852  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
07:45:23.0355 25852  UxSms - ok
07:45:23.0386 25852  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\windows\system32\lsass.exe
07:45:23.0411 25852  VaultSvc - ok
07:45:23.0492 25852  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\DRIVERS\vdrvroot.sys
07:45:23.0513 25852  vdrvroot - ok
07:45:23.0566 25852  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds             C:\windows\System32\vds.exe
07:45:23.0692 25852  vds - ok
07:45:23.0771 25852  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
07:45:23.0825 25852  vga - ok
07:45:23.0889 25852  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
07:45:23.0975 25852  VgaSave - ok
07:45:24.0078 25852  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\windows\system32\DRIVERS\vhdmp.sys
07:45:24.0104 25852  vhdmp - ok
07:45:24.0123 25852  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\DRIVERS\viaagp.sys
07:45:24.0145 25852  viaagp - ok
07:45:24.0191 25852  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
07:45:24.0282 25852  ViaC7 - ok
07:45:24.0301 25852  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\DRIVERS\viaide.sys
07:45:24.0330 25852  viaide - ok
07:45:24.0414 25852  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\windows\system32\DRIVERS\volmgr.sys
07:45:24.0455 25852  volmgr - ok
07:45:24.0499 25852  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
07:45:24.0595 25852  volmgrx - ok
07:45:24.0671 25852  [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap         C:\windows\system32\drivers\volsnap.sys
07:45:24.0697 25852  volsnap - ok
07:45:24.0790 25852  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
07:45:24.0814 25852  vsmraid - ok
07:45:24.0942 25852  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS             C:\windows\system32\vssvc.exe
07:45:25.0039 25852  VSS - ok
07:45:25.0077 25852  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
07:45:25.0130 25852  vwifibus - ok
07:45:25.0160 25852  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
07:45:25.0228 25852  vwififlt - ok
07:45:25.0280 25852  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
07:45:25.0311 25852  vwifimp - ok
07:45:25.0385 25852  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
07:45:25.0469 25852  W32Time - ok
07:45:25.0559 25852  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
07:45:25.0589 25852  WacomPen - ok
07:45:25.0625 25852  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
07:45:25.0683 25852  WANARP - ok
07:45:25.0698 25852  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
07:45:25.0743 25852  Wanarpv6 - ok
07:45:25.0886 25852  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
07:45:26.0042 25852  WatAdminSvc - ok
07:45:26.0311 25852  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\windows\system32\wbengine.exe
07:45:26.0572 25852  wbengine - ok
07:45:26.0617 25852  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
07:45:26.0843 25852  WbioSrvc - ok
07:45:26.0912 25852  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc         C:\windows\System32\wcncsvc.dll
07:45:27.0047 25852  wcncsvc - ok
07:45:27.0139 25852  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
07:45:27.0298 25852  WcsPlugInService - ok
07:45:27.0362 25852  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
07:45:27.0399 25852  Wd - ok
07:45:27.0483 25852  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
07:45:27.0697 25852  Wdf01000 - ok
07:45:27.0767 25852  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
07:45:27.0816 25852  WdiServiceHost - ok
07:45:27.0831 25852  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
07:45:27.0863 25852  WdiSystemHost - ok
07:45:27.0923 25852  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient       C:\windows\System32\webclnt.dll
07:45:28.0121 25852  WebClient - ok
07:45:28.0174 25852  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
07:45:28.0255 25852  Wecsvc - ok
07:45:28.0304 25852  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
07:45:28.0379 25852  wercplsupport - ok
07:45:28.0433 25852  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
07:45:28.0544 25852  WerSvc - ok
07:45:28.0604 25852  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
07:45:28.0650 25852  WfpLwf - ok
07:45:28.0756 25852  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
07:45:28.0794 25852  WIMMount - ok
07:45:28.0921 25852  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
07:45:29.0003 25852  WinDefend - ok
07:45:29.0044 25852  WinHttpAutoProxySvc - ok
07:45:29.0152 25852  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
07:45:29.0246 25852  Winmgmt - ok
07:45:29.0372 25852  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\windows\system32\WsmSvc.dll
07:45:29.0538 25852  WinRM - ok
07:45:29.0730 25852  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
07:45:29.0863 25852  Wlansvc - ok
07:45:30.0243 25852  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:45:30.0343 25852  wlidsvc - ok
07:45:30.0379 25852  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
07:45:30.0466 25852  WmiAcpi - ok
07:45:30.0518 25852  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
07:45:30.0743 25852  wmiApSrv - ok
07:45:30.0918 25852  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
07:45:31.0208 25852  WMPNetworkSvc - ok
07:45:31.0248 25852  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
07:45:31.0593 25852  WPCSvc - ok
07:45:31.0668 25852  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
07:45:31.0750 25852  WPDBusEnum - ok
07:45:31.0864 25852  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
07:45:31.0954 25852  ws2ifsl - ok
07:45:32.0030 25852  [ A661A76333057B383A06E65F0073222F ] wscsvc          C:\windows\system32\wscsvc.dll
07:45:32.0148 25852  wscsvc - ok
07:45:32.0168 25852  WSearch - ok
07:45:32.0743 25852  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
07:45:32.0908 25852  wuauserv - ok
07:45:32.0958 25852  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
07:45:33.0200 25852  WudfPf - ok
07:45:33.0313 25852  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
07:45:33.0372 25852  WUDFRd - ok
07:45:33.0431 25852  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
07:45:33.0506 25852  wudfsvc - ok
07:45:33.0612 25852  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
07:45:33.0698 25852  WwanSvc - ok
07:45:33.0800 25852  ================ Scan global ===============================
07:45:33.0932 25852  [ 9A595DF601070DA78C40481120DD2C06 ] C:\windows\system32\basesrv.dll
07:45:33.0989 25852  [ 8531AAF69394EFB93BC653916C46D245 ] C:\windows\system32\winsrv.dll
07:45:34.0013 25852  [ 8531AAF69394EFB93BC653916C46D245 ] C:\windows\system32\winsrv.dll
07:45:34.0120 25852  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
07:45:34.0173 25852  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
07:45:34.0180 25852  [Global] - ok
07:45:34.0185 25852  ================ Scan MBR ==================================
07:45:34.0209 25852  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
07:45:34.0210 25852  Suspicious mbr (Forged): \Device\Harddisk0\DR0
07:45:34.0267 25852  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
07:45:34.0267 25852  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
07:45:35.0243 25852  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:45:35.0244 25852  \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:45:35.0250 25852  ================ Scan VBR ==================================
07:45:35.0274 25852  [ 4E75BB4A1C90D73A70F4D604FA1944DD ] \Device\Harddisk0\DR0\Partition1
07:45:35.0276 25852  \Device\Harddisk0\DR0\Partition1 - ok
07:45:35.0282 25852  ============================================================
07:45:35.0282 25852  Scan finished
07:45:35.0282 25852  ============================================================
07:45:35.0306 25844  Detected object count: 2
07:45:35.0306 25844  Actual detected object count: 2
07:48:57.0360 25844  \Device\Harddisk0\DR0\# - copied to quarantine
07:48:57.0365 25844  \Device\Harddisk0\DR0 - copied to quarantine
07:48:57.0607 25844  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
07:48:57.0627 25844  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
07:48:57.0687 25844  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
07:48:57.0831 25844  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
07:48:57.0906 25844  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
07:48:57.0974 25844  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
07:48:57.0979 25844  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
07:48:57.0983 25844  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
07:48:57.0989 25844  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
07:48:58.0013 25844  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
07:48:58.0059 25844  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
07:48:58.0093 25844  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
07:48:58.0109 25844  \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
07:48:58.0117 25844  \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
07:48:58.0146 25844  \Device\Harddisk0\DR0\TDLFS\ua - copied to quarantine
07:48:58.0239 25844  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
07:48:58.0241 25844  \Device\Harddisk0\DR0 - ok
07:48:59.0259 25844  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 
07:48:59.0264 25844  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:48:59.0264 25844  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
07:49:23.0568 24636  Deinitialize success


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 PM

Posted 26 November 2013 - 11:17 AM

How is the computer now?

#15 augusta23

augusta23
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 27 November 2013 - 04:09 AM

it's a little better-it's not as slow and i haven't has a bsod episode yet, i'm leaving my fingers crossed.

 

i was never able to upgrade windows

 

is there another way to go about this?


Edited by augusta23, 27 November 2013 - 04:12 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users