Jump to content

Random Ad is playing in the background of my parents new toshiba computer.


Recommended Posts

Hi,

My parents called me the other day and said their computer was playing a random ad in the background. I didn't believe them so I waited until yesterday to go look at their computer. I turned it on and for ten minutes the computer seemed to be ok and then the ad started playing. They have Norton Internet Security on their computer and it doesn't pick up the virus. I put malwarebytes on the computer and scanned and it found a trojan so I chose to fix the problem. I restarted the computer and thought that would have done it but to my surprise its still on the computer. I saw another forum where they used RSIT which generated some logs so I decided I would try that. Here are the logs. Logfile of random's system information tool 1.09 (written by random/random)

Run by Steve Petruso at 2012-06-25 07:52:22

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 546 GB (92%) free of 594 GB

Total RAM: 6092 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:52:38 AM, on 6/25/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\trend micro\Steve Petruso.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [CarMD] C:\Program Files (x86)\CarMD\CarMD.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12056 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

winlogon.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe 27346720

C:\windows\System32\spoolsv.exe

\??\C:\windows\system32\conhost.exe "1620387087-589614863142652796174828742013758048691802004493-1513016729-578510830

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1

"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

"C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 2024

"C:\Program Files\TOSHIBA\TECO\TecoService.exe"

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

-netsvcs

\??\C:\windows\system32\conhost.exe "-740113850-1041399657113861242410953134321287194221-18998899641235486413-2094937580

"taskhost.exe"

"C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /c /a /s UserSession2

"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /c /a /s UserSession

"C:\windows\system32\Dwm.exe"

C:\windows\Explorer.EXE

C:\windows\system32\SearchIndexer.exe /Embedding

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Toshiba\Power Saver\TPwrMain.exe"

"C:\Program Files\Toshiba\FlashCards\TCrdMain.exe"

"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"

"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"C:\Program Files\Toshiba\TECO\Teco.exe" /r

"C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe"

"C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe"

"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"C:\Program Files (x86)\CarMD\CarMD.exe"

"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"

"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"

C:\windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe" /s

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"

"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"

"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"

"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"

"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"

"C:\windows\system32\wuauclt.exe"

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4576 CREDAT:203009

"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"

C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -Embedding

C:\windows\system32\wbem\wmiprvse.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4576 CREDAT:137478

taskeng.exe {429EF3F5-AE0F-4079-8C22-9DB2A6E31222}

"C:\Users\Steve Petruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IUMSYAF\RSITx64.exe"

C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job

C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000Core.job

C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000UA.job

C:\windows\tasks\GoogleUpdateTaskMachineCore.job

C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]

TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12 700800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL [2012-03-29 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]

TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12 534400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

""= []

"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-04-07 167256]

"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-04-07 391000]

"Persistence"=C:\windows\system32\igfxpers.exe [2011-04-07 418136]

"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2011-05-17 590256]

"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2010-09-25 296824]

"TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2011-04-27 972672]

"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-03-24 310912]

"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2011-06-30 562304]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-03 2679592]

"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-05-24 1544624]

"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-07-01 712096]

"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]

"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-06-10 710560]

"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-07-27 597936]

"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-06-28 38824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-09-24 39408]

"CarMD"=C:\Program Files (x86)\CarMD\CarMD.exe [2010-04-07 796672]

"Facebook Update"=C:\Users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 137536]

"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-06-05 17345712]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2010-06-04 252792]

"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-11 1298816]

"NortonOnlineBackupReminder"=C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [2011-06-22 3218864]

"ToshibaAppPlace"=C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [2010-09-23 552960]

"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\windows\system32\igfxdev.dll [2011-04-04 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-25 07:52:22 ----D---- C:\rsit

2012-06-25 07:52:22 ----D---- C:\Program Files\trend micro

2012-06-25 07:36:29 ----N---- C:\windows\svchost.exe

2012-06-24 21:48:37 ----D---- C:\Program Files\CCleaner

2012-06-24 19:21:24 ----D---- C:\Program Files (x86)\Trend Micro

2012-06-24 16:32:49 ----D---- C:\Users\Steve Petruso\AppData\Roaming\Malwarebytes

2012-06-24 16:32:42 ----D---- C:\ProgramData\Malwarebytes

2012-06-24 16:32:41 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-24 16:32:41 ----A---- C:\windows\system32\drivers\mbam.sys

2012-06-24 16:30:00 ----D---- C:\Program Files (x86)\1ClickDownload

2012-06-24 16:22:12 ----D---- C:\ProgramData\Conexant

2012-06-24 16:21:34 ----A---- C:\Program Files (x86)\64res.dll

2012-06-24 15:47:25 ----A---- C:\windows\SYSWOW64\qdvd.dll

2012-06-24 15:47:25 ----A---- C:\windows\system32\qdvd.dll

2012-06-23 06:43:49 ----D---- C:\Users\Steve Petruso\AppData\Roaming\PCCUStubInstaller

2012-06-22 06:01:10 ----A---- C:\windows\system32\wups2.dll

2012-06-22 06:01:10 ----A---- C:\windows\system32\wucltux.dll

2012-06-22 06:01:10 ----A---- C:\windows\system32\wuaueng.dll

2012-06-22 06:01:10 ----A---- C:\windows\system32\wuauclt.exe

2012-06-22 06:00:48 ----A---- C:\windows\system32\wups.dll

2012-06-22 06:00:48 ----A---- C:\windows\system32\wudriver.dll

2012-06-22 06:00:48 ----A---- C:\windows\system32\wuapi.dll

2012-06-22 06:00:40 ----A---- C:\windows\system32\wuwebv.dll

2012-06-22 06:00:40 ----A---- C:\windows\system32\wuapp.exe

2012-06-14 14:38:16 ----A---- C:\windows\SYSWOW64\mshtmled.dll

2012-06-14 14:38:16 ----A---- C:\windows\system32\mshtmled.dll

2012-06-14 14:38:15 ----A---- C:\windows\SYSWOW64\urlmon.dll

2012-06-14 14:38:15 ----A---- C:\windows\SYSWOW64\url.dll

2012-06-14 14:38:15 ----A---- C:\windows\system32\urlmon.dll

2012-06-14 14:38:15 ----A---- C:\windows\system32\url.dll

2012-06-14 14:38:15 ----A---- C:\windows\system32\iertutil.dll

2012-06-14 14:38:14 ----A---- C:\windows\SYSWOW64\ieui.dll

2012-06-14 14:38:14 ----A---- C:\windows\SYSWOW64\iertutil.dll

2012-06-14 14:38:14 ----A---- C:\windows\system32\ieui.dll

2012-06-14 14:38:13 ----A---- C:\windows\SYSWOW64\ieUnatt.exe

2012-06-14 14:38:13 ----A---- C:\windows\system32\ieUnatt.exe

2012-06-14 14:38:12 ----A---- C:\windows\SYSWOW64\wininet.dll

2012-06-14 14:38:12 ----A---- C:\windows\system32\wininet.dll

2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jsproxy.dll

2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jscript9.dll

2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jscript.dll

2012-06-14 14:38:11 ----A---- C:\windows\system32\jsproxy.dll

2012-06-14 14:38:11 ----A---- C:\windows\system32\jscript9.dll

2012-06-14 14:38:11 ----A---- C:\windows\system32\jscript.dll

2012-06-14 14:38:10 ----A---- C:\windows\SYSWOW64\mshtml.dll

2012-06-14 14:38:09 ----A---- C:\windows\system32\mshtml.dll

2012-06-14 14:38:08 ----A---- C:\windows\system32\ieframe.dll

2012-06-14 14:38:06 ----A---- C:\windows\SYSWOW64\ieframe.dll

2012-06-14 06:34:44 ----A---- C:\windows\system32\rdrmemptylst.exe

2012-06-14 06:34:44 ----A---- C:\windows\system32\rdpwsx.dll

2012-06-14 06:34:44 ----A---- C:\windows\system32\rdpcorekmts.dll

2012-06-14 06:34:32 ----A---- C:\windows\system32\profsvc.dll

2012-06-14 06:34:26 ----A---- C:\windows\system32\win32k.sys

2012-06-14 06:34:20 ----A---- C:\windows\system32\drivers\rdpwd.sys

2012-06-14 06:34:19 ----A---- C:\windows\SYSWOW64\msi.dll

2012-06-14 06:34:19 ----A---- C:\windows\system32\msi.dll

2012-06-14 06:34:07 ----A---- C:\windows\system32\crypt32.dll

2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\cryptsvc.dll

2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\cryptnet.dll

2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\crypt32.dll

2012-06-14 06:34:06 ----A---- C:\windows\system32\cryptsvc.dll

2012-06-14 06:34:06 ----A---- C:\windows\system32\cryptnet.dll

======List of files/folders modified in the last 1 month======

2012-06-25 07:52:37 ----D---- C:\windows\Temp

2012-06-25 07:52:22 ----RD---- C:\Program Files

2012-06-25 07:41:46 ----AD---- C:\windows\System32

2012-06-25 07:41:45 ----D---- C:\windows\inf

2012-06-25 07:41:45 ----A---- C:\windows\system32\PerfStringBackup.INI

2012-06-25 07:39:29 ----D---- C:\windows\system32\config

2012-06-25 07:38:47 ----D---- C:\Users\Steve Petruso\AppData\Roaming\Skype

2012-06-25 07:38:17 ----A---- C:\windows\SYSWOW64\log.txt

2012-06-25 07:37:32 ----SHD---- C:\System Volume Information

2012-06-25 07:36:29 ----AD---- C:\Windows

2012-06-25 05:30:17 ----D---- C:\windows\Panther

2012-06-25 05:30:16 ----D---- C:\windows\Minidump

2012-06-25 05:30:16 ----D---- C:\windows\Logs

2012-06-25 05:30:16 ----D---- C:\windows\debug

2012-06-24 19:21:24 ----RD---- C:\Program Files (x86)

2012-06-24 16:32:42 ----HD---- C:\ProgramData

2012-06-24 16:32:41 ----D---- C:\windows\system32\drivers

2012-06-24 16:19:19 ----SHD---- C:\windows\Installer

2012-06-24 16:19:18 ----D---- C:\Program Files (x86)\Microsoft

2012-06-24 16:18:55 ----SD---- C:\ProgramData\Microsoft

2012-06-24 16:17:25 ----D---- C:\windows\SoftwareDistribution

2012-06-24 16:15:51 ----D---- C:\windows\SysWOW64

2012-06-24 16:15:51 ----D---- C:\windows\Downloaded Program Files

2012-06-24 15:48:01 ----D---- C:\windows\winsxs

2012-06-24 15:46:37 ----D---- C:\windows\system32\catroot

2012-06-24 15:30:30 ----D---- C:\windows\Microsoft.NET

2012-06-24 15:30:29 ----RSD---- C:\windows\assembly

2012-06-24 15:13:41 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe

2012-06-23 06:43:49 ----D---- C:\windows\system32\Tasks

2012-06-22 14:56:16 ----D---- C:\windows\system32\en-US

2012-06-22 06:01:01 ----D---- C:\windows\system32\catroot2

2012-06-14 14:46:51 ----D---- C:\windows\SYSWOW64\en-US

2012-06-14 14:46:50 ----D---- C:\windows\SYSWOW64\migration

2012-06-14 14:46:50 ----D---- C:\Program Files (x86)\Internet Explorer

2012-06-14 14:46:49 ----D---- C:\windows\system32\migration

2012-06-14 14:46:49 ----D---- C:\Program Files\Internet Explorer

2012-06-14 06:43:38 ----A---- C:\windows\system32\MRT.INI

2012-06-14 06:39:53 ----A---- C:\windows\system32\MRT.exe

2012-06-08 05:53:23 ----D---- C:\ProgramData\Skype

2012-06-04 05:48:38 ----D---- C:\windows\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-12 439320]

R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12352]

R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-05-16 451192]

R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]

R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]

R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-18 1161376]

R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-05-31 484512]

R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120622.001\IDSvia64.sys [2012-06-18 509088]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [2012-03-29 37496]

R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]

R1 SymNetS;Symantec Network Security WFP Driver; C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]

R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-12-17 2675712]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-07-07 1576576]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]

R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-04-04 12262624]

R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]

R3 MEIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120624.008\ENG64.SYS [2012-06-24 120440]

R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120624.008\EX64.SYS [2012-06-24 2068600]

R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]

R3 QIOMem;Generic IO & Memory Access; C:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]

R3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [2012-03-29 737912]

R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2009-07-13 12288]

R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2012-03-27 175736]

R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-02-03 1413680]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]

R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-18 18872]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]

S3 BtFilter;Bluetooth LowerFilter Class Filter Driver; C:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]

S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RTSUVSTOR.sys [2011-07-08 307304]

S3 SrvHsfHDA;SrvHsfHDA; C:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

S3 SrvHsfV92;SrvHsfV92; C:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 SrvHsfWinac;SrvHsfWinac; C:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

S3 Tosrfcom;Tosrfcom; C:\windows\system32\drivers\Tosrfcom.sys []

S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-01-27 67384]

S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]

S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-20 325656]

R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]

R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-02-15 135608]

R2 PCCUJobMgr;Common Client Job Manager Service; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2010-10-20 138656]

R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2011-05-17 574896]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]

R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]

R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-11 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]

S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-24 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-01 198064]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2012-06-25 07:52:41

======Uninstall list======

-->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Club Penguin\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\Uninstall.exe"

-->C:\Program Files\CONEXANT\cAudioFilterAgent\SETUP64.EXE -U -IcAudioFilterAgent -SM=cAudioFilterAgent64.exe,16

-->C:\Program Files\CONEXANT\cMA3Preset\SETUP64.EXE -U -IcMA3Preset ,16

-->C:\Program Files\Conexant\MaxxAudio\SETUP64.EXE -U -IMaxxAudio

-->C:\Program Files\Conexant\MaxxGadget\SETUP64.EXE -U -IMaxxGadget ,16

-->C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SM=SmartAudio.EXE,1801

-->C:\Program Files\TOSHIBA\TVAP\setup.exe

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}

Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain plugin

Adobe Reader X (10.1.3) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}

Atheros Bluetooth Filter Driver Package-->MsiExec.exe /X{65486209-5C54-439C-8383-8AC9BBE25932}

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly

Atheros Driver Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe" -runfromtemp -l0x0409

Bejeweled 3-->"C:\Program Files (x86)\TOSHIBA Games\Bejeweled 3\uninstall\uninstaller.exe"

Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

Canon Inkjet Printer Driver Add-On Module-->C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R

CarMD-->MsiExec.exe /I{251C65C0-15FF-4603-98BB-E4A61C7DA424}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Chuzzle Deluxe-->"C:\Program Files (x86)\TOSHIBA Games\Chuzzle Deluxe\uninstall\uninstaller.exe"

Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -ITE7Pebwa.inf

Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

DriverTuner 3.0.1.0-->"C:\Program Files\DriverTuner\unins000.exe"

Facebook Video Calling 1.2.0.159-->MsiExec.exe /X{7CAC6A44-C3DE-4153-ACA6-7524602C789E}

FATE - The Traitor Soul-->"C:\Program Files (x86)\TOSHIBA Games\FATE - The Traitor Soul\uninstall\uninstaller.exe"

Fishdom 2-->"C:\Program Files (x86)\TOSHIBA Games\Fishdom 2\uninstall\uninstaller.exe"

Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall

HP Photo Creations-->C:\Program Files (x86)\HP Photo Creations\uninst.exe

HP Photosmart Plus B210 series Basic Device Software-->MsiExec.exe /I{F4330A8B-3610-4483-975E-69789B70A764}

HP Photosmart Plus B210 series Help-->MsiExec.exe /I{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}

HP Photosmart Plus B210 series Product Improvement Study-->MsiExec.exe /I{7C1C9924-3755-483C-87B1-8371B7454B1A}

HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}

Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall

Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall

Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall

Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0}

Java 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF}

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

Label@Once 1.0-->MsiExec.exe /I{0D795777-9D60-4692-8386-F2B3F2B5E5BF}

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Netwaiting-->MsiExec.exe /I{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}

Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\19.7.1.5\InstStub.exe /X /ARP

OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}

Penguins!-->"C:\Program Files (x86)\TOSHIBA Games\Penguins!\uninstall\uninstaller.exe"

Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe"

PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}

PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}

Polar Bowler-->"C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\uninstall\uninstaller.exe"

QuickTime-->C:\windows\unvise32qt.exe C:\windows\system32\QuickTime\Uninstall.log

Realtek USB 2.0 Reader Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{62BBB2F0-E220-4821-A564-730807D2C34D}\setup.exe" -runfromtemp -removeonly

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client

Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}

Skype Launcher-->C:\Program Files (x86)\InstallShield Installation Information\{DA84ECBF-4B79-47F2-B34C-95C38484C058}\setup.exe -runfromtemp -l0x0009 -removeonly

Skype™ 5.9-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}

Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Tom Clancy's Splinter Cell-->"C:\Program Files (x86)\TOSHIBA Games\Tom Clancys Splinter Cell\uninstall\uninstaller.exe"

Toshiba App Place-->MsiExec.exe /I{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}

TOSHIBA Application Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonly

TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}\setup.exe -runfromtemp -removeonly

Toshiba Book Place-->MsiExec.exe /X{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}

TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{1C8C049A-145F-4A6E-8290-B5C245EBE39D}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Bulletin Board-->MsiExec.exe /X{1C8C049A-145F-4A6E-8290-B5C245EBE39D}

TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}

TOSHIBA eco Utility-->MsiExec.exe /X{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}

TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F}

TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} /l1033

TOSHIBA HDD/SSD Alert-->MsiExec.exe /X{D4322448-B6AF-4316-B859-D8A0E84DCB38}

Toshiba Laptop Checkup-->C:\Program Files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.13.11\InstStub.exe /X

TOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}

TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}\setup.exe -runfromtemp -removeonly

Toshiba Online Backup-->MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}

TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}

TOSHIBA Quality Application-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonly

TOSHIBA Recovery Media Creator-->C:\Program Files (x86)\InstallShield Installation Information\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}\Setup.exe -runfromtemp -removeonly

TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{24811C12-F4A9-4D0F-8494-A7B8FE46123C}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA ReelTime-->MsiExec.exe /X{24811C12-F4A9-4D0F-8494-A7B8FE46123C}

TOSHIBA Resolution+ Plug-in for Windows Media Player-->"C:\Program Files (x86)\InstallShield Installation Information\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly

TOSHIBA Sleep Utility-->C:\Program Files (x86)\InstallShield Installation Information\{654F7484-88C5-46DC-AB32-C66BCB0E2102}\Setup.exe -runfromtemp -removeonly

TOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CBD6B23D-41D5-4A46-8019-6208516C9712} /l1033

TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe

TOSHIBA Web Camera Application-->"C:\Program Files (x86)\InstallShield Installation Information\{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Web Camera Application-->MsiExec.exe /I{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}

TOSHIBA Wireless LAN Indicator-->MsiExec.exe /X{5B01BCB7-A5D3-476F-AF11-E515BA206591}

TOSHIBARegistration-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonly

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"

Virtual Villagers 5 - New Believers-->"C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers 5 - New Believers\uninstall\uninstaller.exe"

WildTangent Games App (Toshiba Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\toshiba\Uninstall.exe"

WildTangent Games-->"C:\Program Files (x86)\TOSHIBA Games\Uninstall.exe"

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}

Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}

Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}

Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}

Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}

Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}

Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}

Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

Zuma's Revenge-->"C:\Program Files (x86)\TOSHIBA Games\Zumas Revenge\uninstall\uninstaller.exe"

======System event log======

Computer Name: StevePetruso-PC

Event Code: 10002

Message: WLAN Extensibility Module has stopped.

Module Path: C:\windows\system32\athihvs.dll

Record Number: 91597

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20120310183531.403135-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: StevePetruso-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 91417

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20120310174423.044669-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: StevePetruso-PC

Event Code: 10002

Message: WLAN Extensibility Module has stopped.

Module Path: C:\windows\system32\athihvs.dll

Record Number: 91416

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20120310174423.042669-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: StevePetruso-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 91238

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20120310164516.796027-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: StevePetruso-PC

Event Code: 10002

Message: WLAN Extensibility Module has stopped.

Module Path: C:\windows\system32\athihvs.dll

Record Number: 91237

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20120310164516.786027-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: StevePetruso-PC

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1323

Source Name: Microsoft-Windows-CAPI2

Time Written: 20111105124526.884006-000

Event Type: Error

User:

Computer Name: StevePetruso-PC

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1322

Source Name: Microsoft-Windows-CAPI2

Time Written: 20111105124526.868406-000

Event Type: Error

User:

Computer Name: StevePetruso-PC

Event Code: 11

Message: Possible Memory Leak. Application (C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 448) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.

Record Number: 1318

Source Name: Microsoft-Windows-RPC-Events

Time Written: 20111105124522.250798-000

Event Type: Warning

User: NT AUTHORITY\LOCAL SERVICE

Computer Name: StevePetruso-PC

Event Code: 1008

Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 1305

Source Name: Microsoft-Windows-Search

Time Written: 20111105124435.000000-000

Event Type: Warning

User:

Computer Name: StevePetruso-PC

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 1300

Source Name: Microsoft-Windows-WMI

Time Written: 20111105114043.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: StevePetruso-PC

Event Code: 4608

Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.

Record Number: 3478

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111126150204.059620-000

Event Type: Audit Success

User:

Computer Name: StevePetruso-PC

Event Code: 1100

Message: The event logging service has shut down.

Record Number: 3477

Source Name: Microsoft-Windows-Eventlog

Time Written: 20111126005701.128832-000

Event Type: Audit Success

User:

Computer Name: StevePetruso-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 3476

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111126005659.693629-000

Event Type: Audit Success

User:

Computer Name: StevePetruso-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: STEVEPETRUSO-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x244

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 3475

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111126005659.693629-000

Event Type: Audit Success

User:

Computer Name: StevePetruso-PC

Event Code: 4647

Message: User initiated logoff:

Subject:

Security ID: S-1-5-21-2726610858-437048973-2726063162-1000

Account Name: Steve Petruso

Account Domain: StevePetruso-PC

Logon ID: 0x43ed5

This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.

Record Number: 3474

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111126005659.366029-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=2a07

"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log

"windows_tracing_flags"=3

-----------------EOF-----------------

I work second shift so I won't respond right away until tomorrow morning but I would appreciate the help Ive tried eveything I could think of to get it off.

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Here is the Rogue killer log.

RogueKiller V7.6.1 [06/28/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Steve Petruso [Admin rights]

Mode: Scan -- Date: 06/28/2012 09:32:17

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[sUSP PATH] Norton PC Checkup Setup.job @ : C:\Users\Steve Petruso\AppData\Roaming\PCCUStubInstaller\SymcPCCUInstaller.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6465GSXN +++++

--- User ---

[MBR] e53f066e582225cab607d72a71b8bbc9

[bSP] a8936ce11f18d4f178bb4c27e2c2e297 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594104 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1219799040 | Size: 14875 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 172862e594acae003ef4e7a109dd00b0

[bSP] 38d84099ea592b3e2c7581475b3353e7 : PiHar MBR Code!

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594104 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1219799040 | Size: 14875 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 172862e594acae003ef4e7a109dd00b0

[bSP] 38d84099ea592b3e2c7581475b3353e7 : PiHar MBR Code!

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594104 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1219799040 | Size: 14875 Mo

+++++ PhysicalDrive1: OPTI3 Flash Disk USB Device +++++

--- User ---

[MBR] 984127579d7e23a360be5c90cafe2965

[bSP] 7208b105e661849d4a48c279d3177d8d : Standard MBR Code

Partition table:

0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 124 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please run RogueKiller again and click Scan > when it completes it should automatically kill this one:

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

Now........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Here is the TDSS Killer log

07:49:28.0659 4788 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44

07:49:29.0283 4788 ============================================================

07:49:29.0283 4788 Current date / time: 2012/06/29 07:49:29.0283

07:49:29.0283 4788 SystemInfo:

07:49:29.0283 4788

07:49:29.0283 4788 OS Version: 6.1.7601 ServicePack: 1.0

07:49:29.0283 4788 Product type: Workstation

07:49:29.0283 4788 ComputerName: STEVEPETRUSO-PC

07:49:29.0283 4788 UserName: Steve Petruso

07:49:29.0283 4788 Windows directory: C:\windows

07:49:29.0283 4788 System windows directory: C:\windows

07:49:29.0283 4788 Running under WOW64

07:49:29.0283 4788 Processor architecture: Intel x64

07:49:29.0283 4788 Number of processors: 4

07:49:29.0283 4788 Page size: 0x1000

07:49:29.0283 4788 Boot type: Normal boot

07:49:29.0283 4788 ============================================================

07:49:29.0605 4788 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:49:29.0615 4788 Drive \Device\Harddisk1\DR2 - Size: 0x7C80000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

07:49:29.0615 4788 ============================================================

07:49:29.0615 4788 \Device\Harddisk0\DR0:

07:49:29.0615 4788 MBR partitions:

07:49:29.0615 4788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x4885C000

07:49:29.0615 4788 \Device\Harddisk1\DR2:

07:49:29.0615 4788 MBR partitions:

07:49:29.0615 4788 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x3E3E0

07:49:29.0615 4788 ============================================================

07:49:29.0645 4788 C: <-> \Device\Harddisk0\DR0\Partition0

07:49:29.0645 4788 ============================================================

07:49:29.0645 4788 Initialize success

07:49:29.0645 4788 ============================================================

07:50:28.0390 4220 ============================================================

07:50:28.0390 4220 Scan started

07:50:28.0390 4220 Mode: Manual; SigCheck; TDLFS;

07:50:28.0390 4220 ============================================================

07:50:32.0322 4220 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

07:50:32.0782 4220 1394ohci - ok

07:50:32.0912 4220 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

07:50:32.0962 4220 ACPI - ok

07:50:33.0012 4220 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

07:50:33.0152 4220 AcpiPmi - ok

07:50:33.0362 4220 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

07:50:33.0434 4220 AdobeARMservice - ok

07:50:33.0764 4220 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

07:50:33.0864 4220 AdobeFlashPlayerUpdateSvc - ok

07:50:34.0014 4220 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

07:50:34.0054 4220 adp94xx - ok

07:50:34.0154 4220 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

07:50:34.0184 4220 adpahci - ok

07:50:34.0254 4220 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

07:50:34.0284 4220 adpu320 - ok

07:50:34.0314 4220 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

07:50:34.0644 4220 AeLookupSvc - ok

07:50:34.0724 4220 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

07:50:34.0904 4220 AFD - ok

07:50:34.0974 4220 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

07:50:35.0004 4220 agp440 - ok

07:50:35.0044 4220 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

07:50:35.0124 4220 ALG - ok

07:50:35.0194 4220 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

07:50:35.0214 4220 aliide - ok

07:50:35.0264 4220 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

07:50:35.0294 4220 amdide - ok

07:50:35.0364 4220 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

07:50:35.0414 4220 AmdK8 - ok

07:50:35.0434 4220 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

07:50:35.0464 4220 AmdPPM - ok

07:50:35.0524 4220 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

07:50:35.0554 4220 amdsata - ok

07:50:35.0584 4220 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

07:50:35.0620 4220 amdsbs - ok

07:50:35.0656 4220 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

07:50:35.0686 4220 amdxata - ok

07:50:35.0746 4220 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

07:50:36.0176 4220 AppID - ok

07:50:36.0216 4220 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

07:50:36.0306 4220 AppIDSvc - ok

07:50:36.0376 4220 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

07:50:36.0486 4220 Appinfo - ok

07:50:36.0556 4220 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

07:50:36.0576 4220 arc - ok

07:50:36.0626 4220 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

07:50:36.0646 4220 arcsas - ok

07:50:36.0716 4220 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

07:50:36.0816 4220 AsyncMac - ok

07:50:36.0856 4220 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

07:50:36.0876 4220 atapi - ok

07:50:37.0456 4220 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys

07:50:37.0546 4220 athr - ok

07:50:37.0766 4220 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

07:50:37.0846 4220 AudioEndpointBuilder - ok

07:50:37.0856 4220 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

07:50:37.0958 4220 AudioSrv - ok

07:50:38.0010 4220 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

07:50:38.0130 4220 AxInstSV - ok

07:50:38.0340 4220 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

07:50:38.0410 4220 b06bdrv - ok

07:50:38.0480 4220 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

07:50:38.0550 4220 b57nd60a - ok

07:50:38.0610 4220 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

07:50:38.0670 4220 BDESVC - ok

07:50:38.0710 4220 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

07:50:38.0790 4220 Beep - ok

07:50:39.0040 4220 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

07:50:39.0150 4220 BFE - ok

07:50:39.0560 4220 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001\BHDrvx64.sys

07:50:39.0640 4220 BHDrvx64 - ok

07:50:39.0810 4220 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

07:50:39.0920 4220 BITS - ok

07:50:39.0970 4220 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

07:50:40.0030 4220 blbdrive - ok

07:50:40.0070 4220 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

07:50:40.0140 4220 bowser - ok

07:50:40.0180 4220 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

07:50:40.0230 4220 BrFiltLo - ok

07:50:40.0260 4220 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

07:50:40.0290 4220 BrFiltUp - ok

07:50:40.0350 4220 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

07:50:40.0450 4220 Browser - ok

07:50:40.0510 4220 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

07:50:40.0570 4220 Brserid - ok

07:50:40.0590 4220 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

07:50:40.0620 4220 BrSerWdm - ok

07:50:40.0780 4220 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

07:50:40.0810 4220 BrUsbMdm - ok

07:50:40.0880 4220 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

07:50:40.0910 4220 BrUsbSer - ok

07:50:41.0030 4220 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys

07:50:41.0050 4220 BtFilter - ok

07:50:41.0100 4220 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

07:50:41.0180 4220 BTHMODEM - ok

07:50:41.0230 4220 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

07:50:41.0330 4220 bthserv - ok

07:50:41.0440 4220 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys

07:50:41.0470 4220 ccSet_NIS - ok

07:50:41.0530 4220 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

07:50:41.0610 4220 cdfs - ok

07:50:41.0680 4220 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

07:50:41.0740 4220 cdrom - ok

07:50:41.0810 4220 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

07:50:41.0900 4220 CertPropSvc - ok

07:50:41.0980 4220 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

07:50:42.0020 4220 circlass - ok

07:50:42.0070 4220 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

07:50:42.0110 4220 CLFS - ok

07:50:42.0200 4220 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:50:42.0250 4220 clr_optimization_v2.0.50727_32 - ok

07:50:42.0320 4220 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

07:50:42.0350 4220 clr_optimization_v2.0.50727_64 - ok

07:50:42.0550 4220 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:50:42.0590 4220 clr_optimization_v4.0.30319_32 - ok

07:50:42.0700 4220 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

07:50:42.0720 4220 clr_optimization_v4.0.30319_64 - ok

07:50:42.0790 4220 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

07:50:42.0880 4220 CmBatt - ok

07:50:42.0910 4220 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

07:50:42.0940 4220 cmdide - ok

07:50:43.0030 4220 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

07:50:43.0160 4220 CNG - ok

07:50:43.0390 4220 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys

07:50:43.0440 4220 CnxtHdAudService - ok

07:50:43.0740 4220 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

07:50:43.0760 4220 Compbatt - ok

07:50:43.0800 4220 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

07:50:43.0830 4220 CompositeBus - ok

07:50:43.0850 4220 COMSysApp - ok

07:50:43.0910 4220 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

07:50:43.0930 4220 crcdisk - ok

07:50:44.0070 4220 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll

07:50:44.0140 4220 CryptSvc - ok

07:50:44.0250 4220 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

07:50:44.0430 4220 DcomLaunch - ok

07:50:44.0490 4220 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

07:50:44.0550 4220 defragsvc - ok

07:50:44.0710 4220 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

07:50:44.0780 4220 DfsC - ok

07:50:44.0940 4220 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

07:50:45.0020 4220 Dhcp - ok

07:50:45.0080 4220 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

07:50:45.0140 4220 discache - ok

07:50:45.0300 4220 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

07:50:45.0320 4220 Disk - ok

07:50:45.0430 4220 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

07:50:45.0520 4220 Dnscache - ok

07:50:45.0560 4220 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

07:50:45.0650 4220 dot3svc - ok

07:50:45.0810 4220 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

07:50:45.0870 4220 DPS - ok

07:50:45.0980 4220 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

07:50:46.0030 4220 drmkaud - ok

07:50:46.0210 4220 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

07:50:46.0260 4220 DXGKrnl - ok

07:50:46.0440 4220 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

07:50:46.0520 4220 EapHost - ok

07:50:47.0580 4220 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

07:50:47.0700 4220 ebdrv - ok

07:50:47.0910 4220 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

07:50:47.0960 4220 eeCtrl - ok

07:50:48.0110 4220 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

07:50:48.0180 4220 EFS - ok

07:50:48.0350 4220 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

07:50:48.0550 4220 ehRecvr - ok

07:50:48.0600 4220 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

07:50:48.0660 4220 ehSched - ok

07:50:48.0850 4220 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

07:50:48.0890 4220 elxstor - ok

07:50:49.0182 4220 EraserUtilDrv11210 (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys

07:50:49.0229 4220 EraserUtilDrv11210 - ok

07:50:49.0284 4220 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

07:50:49.0319 4220 EraserUtilRebootDrv - ok

07:50:49.0333 4220 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

07:50:49.0396 4220 ErrDev - ok

07:50:49.0506 4220 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

07:50:49.0616 4220 EventSystem - ok

07:50:49.0662 4220 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

07:50:49.0726 4220 exfat - ok

07:50:49.0858 4220 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

07:50:49.0958 4220 fastfat - ok

07:50:50.0048 4220 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

07:50:50.0178 4220 Fax - ok

07:50:50.0218 4220 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

07:50:50.0238 4220 fdc - ok

07:50:50.0278 4220 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

07:50:50.0348 4220 fdPHost - ok

07:50:50.0398 4220 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

07:50:50.0498 4220 FDResPub - ok

07:50:50.0528 4220 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

07:50:50.0568 4220 FileInfo - ok

07:50:50.0598 4220 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

07:50:50.0668 4220 Filetrace - ok

07:50:50.0728 4220 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

07:50:50.0798 4220 flpydisk - ok

07:50:50.0858 4220 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

07:50:50.0918 4220 FltMgr - ok

07:50:51.0048 4220 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

07:50:51.0168 4220 FontCache - ok

07:50:51.0310 4220 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

07:50:51.0349 4220 FontCache3.0.0.0 - ok

07:50:51.0392 4220 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

07:50:51.0422 4220 FsDepends - ok

07:50:51.0452 4220 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

07:50:51.0472 4220 Fs_Rec - ok

07:50:51.0562 4220 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

07:50:51.0602 4220 fvevol - ok

07:50:51.0652 4220 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

07:50:51.0682 4220 gagp30kx - ok

07:50:51.0802 4220 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

07:50:51.0925 4220 GamesAppService - ok

07:50:52.0006 4220 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

07:50:52.0106 4220 gpsvc - ok

07:50:52.0228 4220 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

07:50:52.0298 4220 gupdate - ok

07:50:52.0308 4220 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

07:50:52.0378 4220 gupdatem - ok

07:50:52.0418 4220 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

07:50:52.0488 4220 gusvc - ok

07:50:52.0590 4220 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

07:50:52.0670 4220 hcw85cir - ok

07:50:52.0760 4220 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

07:50:52.0814 4220 HdAudAddService - ok

07:50:52.0872 4220 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

07:50:52.0930 4220 HDAudBus - ok

07:50:52.0944 4220 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

07:50:52.0964 4220 HidBatt - ok

07:50:53.0004 4220 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

07:50:53.0064 4220 HidBth - ok

07:50:53.0094 4220 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

07:50:53.0134 4220 HidIr - ok

07:50:53.0164 4220 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

07:50:53.0224 4220 hidserv - ok

07:50:53.0384 4220 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

07:50:53.0404 4220 HidUsb - ok

07:50:53.0434 4220 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

07:50:53.0524 4220 hkmsvc - ok

07:50:53.0584 4220 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

07:50:53.0666 4220 HomeGroupListener - ok

07:50:53.0726 4220 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

07:50:53.0836 4220 HomeGroupProvider - ok

07:50:53.0858 4220 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

07:50:53.0888 4220 HpSAMD - ok

07:50:54.0050 4220 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

07:50:54.0174 4220 HTTP - ok

07:50:54.0204 4220 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

07:50:54.0234 4220 hwpolicy - ok

07:50:54.0262 4220 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

07:50:54.0296 4220 i8042prt - ok

07:50:54.0463 4220 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys

07:50:54.0544 4220 iaStor - ok

07:50:54.0640 4220 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

07:50:54.0710 4220 iaStorV - ok

07:50:54.0872 4220 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

07:50:54.0978 4220 IDriverT ( UnsignedFile.Multi.Generic ) - warning

07:50:54.0978 4220 IDriverT - detected UnsignedFile.Multi.Generic (1)

07:50:55.0138 4220 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

07:50:55.0208 4220 idsvc - ok

07:50:55.0508 4220 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120628.001\IDSvia64.sys

07:50:55.0588 4220 IDSVia64 - ok

07:50:57.0566 4220 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys

07:50:58.0102 4220 igfx - ok

07:50:58.0384 4220 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

07:50:58.0414 4220 iirsp - ok

07:50:58.0494 4220 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

07:50:58.0647 4220 IKEEXT - ok

07:50:58.0716 4220 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys

07:50:58.0848 4220 IntcDAud - ok

07:50:58.0908 4220 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

07:50:58.0938 4220 intelide - ok

07:50:59.0029 4220 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

07:50:59.0090 4220 intelppm - ok

07:50:59.0129 4220 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

07:50:59.0212 4220 IPBusEnum - ok

07:50:59.0264 4220 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

07:50:59.0345 4220 IpFilterDriver - ok

07:50:59.0637 4220 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

07:50:59.0918 4220 iphlpsvc - ok

07:50:59.0948 4220 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

07:51:00.0060 4220 IPMIDRV - ok

07:51:00.0086 4220 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

07:51:00.0198 4220 IPNAT - ok

07:51:00.0258 4220 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

07:51:00.0301 4220 IRENUM - ok

07:51:00.0330 4220 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

07:51:00.0377 4220 isapnp - ok

07:51:00.0421 4220 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

07:51:00.0465 4220 iScsiPrt - ok

07:51:00.0484 4220 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

07:51:00.0524 4220 kbdclass - ok

07:51:00.0564 4220 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys

07:51:00.0614 4220 kbdhid - ok

07:51:00.0664 4220 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

07:51:00.0768 4220 KeyIso - ok

07:51:00.0786 4220 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

07:51:00.0826 4220 KSecDD - ok

07:51:00.0851 4220 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

07:51:00.0888 4220 KSecPkg - ok

07:51:00.0938 4220 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

07:51:01.0082 4220 ksthunk - ok

07:51:01.0140 4220 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

07:51:01.0230 4220 KtmRm - ok

07:51:01.0322 4220 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys

07:51:01.0358 4220 L1C - ok

07:51:01.0426 4220 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

07:51:01.0573 4220 LanmanServer - ok

07:51:01.0649 4220 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

07:51:01.0793 4220 LanmanWorkstation - ok

07:51:01.0824 4220 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

07:51:01.0938 4220 lltdio - ok

07:51:01.0983 4220 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

07:51:02.0136 4220 lltdsvc - ok

07:51:02.0159 4220 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

07:51:02.0238 4220 lmhosts - ok

07:51:02.0412 4220 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

07:51:02.0573 4220 LMS - ok

07:51:02.0617 4220 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

07:51:02.0645 4220 LSI_FC - ok

07:51:02.0692 4220 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

07:51:02.0714 4220 LSI_SAS - ok

07:51:02.0734 4220 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

07:51:02.0776 4220 LSI_SAS2 - ok

07:51:02.0836 4220 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

07:51:02.0871 4220 LSI_SCSI - ok

07:51:02.0908 4220 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

07:51:03.0010 4220 luafv - ok

07:51:03.0050 4220 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

07:51:03.0113 4220 Mcx2Svc - ok

07:51:03.0142 4220 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

07:51:03.0173 4220 megasas - ok

07:51:03.0203 4220 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

07:51:03.0252 4220 MegaSR - ok

07:51:03.0284 4220 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys

07:51:03.0336 4220 MEIx64 - ok

07:51:03.0386 4220 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

07:51:03.0476 4220 MMCSS - ok

07:51:03.0516 4220 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

07:51:03.0596 4220 Modem - ok

07:51:03.0622 4220 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

07:51:03.0668 4220 monitor - ok

07:51:03.0723 4220 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

07:51:03.0756 4220 mouclass - ok

07:51:03.0810 4220 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

07:51:03.0862 4220 mouhid - ok

07:51:03.0922 4220 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

07:51:03.0962 4220 mountmgr - ok

07:51:04.0032 4220 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys

07:51:04.0112 4220 MpFilter - ok

07:51:04.0142 4220 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

07:51:04.0172 4220 mpio - ok

07:51:04.0432 4220 MpKslbc85e27d (0ebb390b7aeec45ec061d9870a34fd42) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B0D5081-52FF-4F17-A8A8-B7729E50DF5C}\MpKslbc85e27d.sys

07:51:04.0472 4220 MpKslbc85e27d - ok

07:51:04.0506 4220 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

07:51:04.0586 4220 mpsdrv - ok

07:51:04.0696 4220 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

07:51:04.0828 4220 MpsSvc - ok

07:51:04.0858 4220 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

07:51:04.0918 4220 MRxDAV - ok

07:51:04.0938 4220 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

07:51:05.0077 4220 mrxsmb - ok

07:51:05.0119 4220 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

07:51:05.0180 4220 mrxsmb10 - ok

07:51:05.0281 4220 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

07:51:05.0344 4220 mrxsmb20 - ok

07:51:05.0384 4220 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys

07:51:05.0414 4220 msahci - ok

07:51:05.0434 4220 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

07:51:05.0474 4220 msdsm - ok

07:51:05.0546 4220 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

07:51:05.0626 4220 MSDTC - ok

07:51:05.0688 4220 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

07:51:05.0768 4220 Msfs - ok

07:51:05.0778 4220 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

07:51:05.0850 4220 mshidkmdf - ok

07:51:05.0890 4220 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

07:51:05.0910 4220 msisadrv - ok

07:51:05.0980 4220 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

07:51:06.0072 4220 MSiSCSI - ok

07:51:06.0072 4220 msiserver - ok

07:51:06.0122 4220 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

07:51:06.0220 4220 MSKSSRV - ok

07:51:06.0366 4220 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

07:51:06.0406 4220 MsMpSvc - ok

07:51:06.0436 4220 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

07:51:06.0538 4220 MSPCLOCK - ok

07:51:06.0578 4220 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

07:51:06.0668 4220 MSPQM - ok

07:51:06.0705 4220 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

07:51:06.0775 4220 MsRPC - ok

07:51:06.0930 4220 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

07:51:06.0987 4220 mssmbios - ok

07:51:07.0012 4220 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

07:51:07.0095 4220 MSTEE - ok

07:51:07.0124 4220 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

07:51:07.0154 4220 MTConfig - ok

07:51:07.0174 4220 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

07:51:07.0214 4220 Mup - ok

07:51:07.0276 4220 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

07:51:07.0375 4220 napagent - ok

07:51:07.0458 4220 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

07:51:07.0538 4220 NativeWifiP - ok

07:51:07.0808 4220 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120628.024\ENG64.SYS

07:51:07.0874 4220 NAVENG - ok

07:51:08.0070 4220 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120628.024\EX64.SYS

07:51:08.0184 4220 NAVEX15 - ok

07:51:08.0406 4220 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

07:51:08.0476 4220 NDIS - ok

07:51:08.0526 4220 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

07:51:08.0618 4220 NdisCap - ok

07:51:08.0638 4220 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

07:51:08.0720 4220 NdisTapi - ok

07:51:08.0782 4220 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

07:51:08.0882 4220 Ndisuio - ok

07:51:08.0934 4220 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

07:51:09.0016 4220 NdisWan - ok

07:51:09.0046 4220 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

07:51:09.0138 4220 NDProxy - ok

07:51:09.0178 4220 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

07:51:09.0308 4220 NetBIOS - ok

07:51:09.0376 4220 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

07:51:09.0485 4220 NetBT - ok

07:51:09.0514 4220 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

07:51:09.0558 4220 Netlogon - ok

07:51:09.0630 4220 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

07:51:09.0764 4220 Netman - ok

07:51:09.0842 4220 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

07:51:09.0957 4220 netprofm - ok

07:51:10.0058 4220 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

07:51:10.0098 4220 NetTcpPortSharing - ok

07:51:10.0139 4220 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

07:51:10.0167 4220 nfrd960 - ok

07:51:10.0290 4220 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

07:51:10.0436 4220 NIS - ok

07:51:10.0492 4220 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys

07:51:10.0522 4220 NisDrv - ok

07:51:10.0642 4220 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

07:51:10.0710 4220 NisSrv - ok

07:51:10.0764 4220 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

07:51:10.0876 4220 NlaSvc - ok

07:51:10.0919 4220 Norton PC Checkup Application Launcher - ok

07:51:10.0965 4220 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

07:51:11.0028 4220 Npfs - ok

07:51:11.0073 4220 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

07:51:11.0188 4220 nsi - ok

07:51:11.0242 4220 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

07:51:11.0352 4220 nsiproxy - ok

07:51:11.0543 4220 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

07:51:11.0680 4220 Ntfs - ok

07:51:11.0898 4220 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

07:51:12.0030 4220 Null - ok

07:51:12.0062 4220 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

07:51:12.0106 4220 nvraid - ok

07:51:12.0144 4220 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

07:51:12.0174 4220 nvstor - ok

07:51:12.0217 4220 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

07:51:12.0267 4220 nv_agp - ok

07:51:12.0315 4220 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

07:51:12.0367 4220 ohci1394 - ok

07:51:12.0416 4220 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

07:51:12.0488 4220 p2pimsvc - ok

07:51:12.0548 4220 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

07:51:12.0631 4220 p2psvc - ok

07:51:12.0708 4220 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

07:51:12.0768 4220 Parport - ok

07:51:12.0809 4220 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

07:51:12.0854 4220 partmgr - ok

07:51:12.0898 4220 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

07:51:12.0982 4220 PcaSvc - ok

07:51:13.0082 4220 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

07:51:13.0198 4220 PCCUJobMgr - ok

07:51:13.0244 4220 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

07:51:13.0284 4220 pci - ok

07:51:13.0284 4220 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

07:51:13.0314 4220 pciide - ok

07:51:13.0356 4220 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

07:51:13.0396 4220 pcmcia - ok

07:51:13.0426 4220 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

07:51:13.0448 4220 pcw - ok

07:51:13.0518 4220 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

07:51:13.0638 4220 PEAUTH - ok

07:51:13.0720 4220 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

07:51:13.0760 4220 PerfHost - ok

07:51:13.0833 4220 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys

07:51:13.0899 4220 PGEffect - ok

07:51:14.0092 4220 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

07:51:14.0259 4220 pla - ok

07:51:14.0314 4220 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

07:51:14.0416 4220 PlugPlay - ok

07:51:14.0446 4220 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

07:51:14.0506 4220 PNRPAutoReg - ok

07:51:14.0557 4220 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

07:51:14.0618 4220 PNRPsvc - ok

07:51:14.0700 4220 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

07:51:14.0892 4220 PolicyAgent - ok

07:51:15.0114 4220 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

07:51:15.0236 4220 Power - ok

07:51:15.0348 4220 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

07:51:15.0470 4220 PptpMiniport - ok

07:51:15.0520 4220 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

07:51:15.0560 4220 Processor - ok

07:51:15.0640 4220 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll

07:51:15.0722 4220 ProfSvc - ok

07:51:15.0742 4220 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

07:51:15.0784 4220 ProtectedStorage - ok

07:51:15.0854 4220 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

07:51:15.0934 4220 Psched - ok

07:51:15.0994 4220 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys

07:51:16.0064 4220 QIOMem - ok

07:51:16.0184 4220 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

07:51:16.0274 4220 ql2300 - ok

07:51:16.0444 4220 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

07:51:16.0464 4220 ql40xx - ok

07:51:16.0524 4220 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

07:51:16.0584 4220 QWAVE - ok

07:51:16.0594 4220 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

07:51:16.0654 4220 QWAVEdrv - ok

07:51:16.0694 4220 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

07:51:16.0754 4220 RasAcd - ok

07:51:16.0824 4220 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

07:51:16.0894 4220 RasAgileVpn - ok

07:51:16.0964 4220 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

07:51:17.0064 4220 RasAuto - ok

07:51:17.0194 4220 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

07:51:17.0284 4220 Rasl2tp - ok

07:51:17.0364 4220 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

07:51:17.0464 4220 RasMan - ok

07:51:17.0566 4220 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

07:51:17.0668 4220 RasPppoe - ok

07:51:17.0698 4220 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

07:51:17.0795 4220 RasSstp - ok

07:51:17.0820 4220 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

07:51:17.0900 4220 rdbss - ok

07:51:17.0920 4220 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

07:51:17.0980 4220 rdpbus - ok

07:51:18.0000 4220 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

07:51:18.0090 4220 RDPCDD - ok

07:51:18.0120 4220 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

07:51:18.0190 4220 RDPENCDD - ok

07:51:18.0220 4220 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

07:51:18.0280 4220 RDPREFMP - ok

07:51:18.0310 4220 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys

07:51:18.0370 4220 RDPWD - ok

07:51:18.0422 4220 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

07:51:18.0462 4220 rdyboost - ok

07:51:18.0552 4220 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

07:51:18.0642 4220 RemoteAccess - ok

07:51:18.0722 4220 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

07:51:18.0822 4220 RemoteRegistry - ok

07:51:18.0962 4220 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

07:51:19.0072 4220 RpcEptMapper - ok

07:51:19.0102 4220 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

07:51:19.0142 4220 RpcLocator - ok

07:51:19.0252 4220 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

07:51:19.0322 4220 RpcSs - ok

07:51:19.0382 4220 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

07:51:19.0472 4220 rspndr - ok

07:51:19.0562 4220 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys

07:51:19.0622 4220 RSUSBSTOR - ok

07:51:19.0662 4220 RSUSBVSTOR (e5dc911d0feb72caff2bbdd6e7c3672f) C:\windows\system32\Drivers\RTSUVSTOR.sys

07:51:19.0692 4220 RSUSBVSTOR - ok

07:51:19.0722 4220 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

07:51:19.0762 4220 SamSs - ok

07:51:19.0802 4220 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

07:51:19.0832 4220 sbp2port - ok

07:51:19.0882 4220 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

07:51:19.0982 4220 SCardSvr - ok

07:51:20.0052 4220 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

07:51:20.0122 4220 scfilter - ok

07:51:20.0204 4220 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

07:51:20.0324 4220 Schedule - ok

07:51:20.0354 4220 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

07:51:20.0434 4220 SCPolicySvc - ok

07:51:20.0474 4220 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

07:51:20.0554 4220 SDRSVC - ok

07:51:20.0624 4220 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

07:51:20.0714 4220 secdrv - ok

07:51:20.0734 4220 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

07:51:20.0834 4220 seclogon - ok

07:51:20.0874 4220 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

07:51:20.0974 4220 SENS - ok

07:51:21.0024 4220 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

07:51:21.0104 4220 SensrSvc - ok

07:51:21.0134 4220 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

07:51:21.0174 4220 Serenum - ok

07:51:21.0276 4220 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

07:51:21.0316 4220 Serial - ok

07:51:21.0376 4220 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

07:51:21.0416 4220 sermouse - ok

07:51:21.0456 4220 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

07:51:21.0566 4220 SessionEnv - ok

07:51:21.0586 4220 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

07:51:21.0627 4220 sffdisk - ok

07:51:21.0678 4220 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

07:51:21.0718 4220 sffp_mmc - ok

07:51:21.0738 4220 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

07:51:21.0768 4220 sffp_sd - ok

07:51:21.0788 4220 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

07:51:21.0818 4220 sfloppy - ok

07:51:21.0888 4220 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

07:51:21.0968 4220 SharedAccess - ok

07:51:22.0028 4220 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

07:51:22.0156 4220 ShellHWDetection - ok

07:51:22.0180 4220 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

07:51:22.0213 4220 SiSRaid2 - ok

07:51:22.0250 4220 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

07:51:22.0305 4220 SiSRaid4 - ok

07:51:22.0484 4220 SkypeUpdate (b78408ba56fa554e96128d4934ab7561) C:\Program Files (x86)\Skype\Updater\Updater.exe

07:51:22.0765 4220 SkypeUpdate - ok

07:51:22.0802 4220 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

07:51:22.0882 4220 Smb - ok

07:51:22.0952 4220 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

07:51:22.0992 4220 SNMPTRAP - ok

07:51:23.0052 4220 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

07:51:23.0072 4220 spldr - ok

07:51:23.0172 4220 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

07:51:23.0272 4220 Spooler - ok

07:51:23.0682 4220 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

07:51:23.0922 4220 sppsvc - ok

07:51:24.0062 4220 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

07:51:24.0154 4220 sppuinotify - ok

07:51:24.0344 4220 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS

07:51:24.0424 4220 SRTSP - ok

07:51:24.0454 4220 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS

07:51:24.0484 4220 SRTSPX - ok

07:51:24.0574 4220 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

07:51:24.0654 4220 srv - ok

07:51:24.0716 4220 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

07:51:24.0756 4220 srv2 - ok

07:51:24.0836 4220 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS

07:51:24.0886 4220 SrvHsfHDA - ok

07:51:25.0046 4220 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS

07:51:25.0168 4220 SrvHsfV92 - ok

07:51:25.0428 4220 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS

07:51:25.0528 4220 SrvHsfWinac - ok

07:51:25.0579 4220 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

07:51:25.0630 4220 srvnet - ok

07:51:25.0720 4220 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

07:51:25.0820 4220 SSDPSRV - ok

07:51:25.0870 4220 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

07:51:25.0950 4220 SstpSvc - ok

07:51:25.0990 4220 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

07:51:26.0010 4220 stexstor - ok

07:51:26.0050 4220 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys

07:51:26.0100 4220 StillCam - ok

07:51:26.0220 4220 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

07:51:26.0300 4220 stisvc - ok

07:51:26.0320 4220 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

07:51:26.0357 4220 swenum - ok

07:51:26.0402 4220 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

07:51:26.0536 4220 swprv - ok

07:51:26.0686 4220 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS

07:51:26.0790 4220 SymDS - ok

07:51:27.0188 4220 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS

07:51:27.0298 4220 SymEFA - ok

07:51:27.0390 4220 SymEvent (894579207e39c465737e850a252ce4f2) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

07:51:27.0450 4220 SymEvent - ok

07:51:27.0490 4220 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS

07:51:27.0532 4220 SymIRON - ok

07:51:27.0642 4220 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS

07:51:27.0682 4220 SymNetS - ok

07:51:27.0862 4220 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys

07:51:27.0996 4220 SynTP - ok

07:51:28.0264 4220 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

07:51:28.0386 4220 SysMain - ok

07:51:28.0578 4220 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

07:51:28.0694 4220 TabletInputService - ok

07:51:28.0730 4220 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

07:51:29.0122 4220 TapiSrv - ok

07:51:29.0384 4220 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

07:51:29.0454 4220 TBS - ok

07:51:29.0784 4220 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

07:51:29.0924 4220 Tcpip - ok

07:51:30.0266 4220 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

07:51:30.0366 4220 TCPIP6 - ok

07:51:30.0506 4220 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

07:51:30.0566 4220 tcpipreg - ok

07:51:30.0606 4220 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

07:51:30.0626 4220 tdcmdpst - ok

07:51:30.0666 4220 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

07:51:30.0696 4220 TDPIPE - ok

07:51:30.0716 4220 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

07:51:30.0756 4220 TDTCP - ok

07:51:30.0836 4220 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

07:51:30.0906 4220 tdx - ok

07:51:30.0966 4220 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

07:51:30.0996 4220 TermDD - ok

07:51:31.0086 4220 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

07:51:31.0203 4220 TermService - ok

07:51:31.0258 4220 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

07:51:31.0320 4220 Themes - ok

07:51:31.0350 4220 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

07:51:31.0420 4220 THREADORDER - ok

07:51:31.0590 4220 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

07:51:31.0630 4220 TMachInfo - ok

07:51:31.0660 4220 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe

07:51:32.0162 4220 TODDSrv - ok

07:51:32.0332 4220 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

07:51:32.0424 4220 TosCoSrv - ok

07:51:32.0496 4220 TOSHIBA Bluetooth Service (a22deb5ec05febfdca1d3ff70fa1ff46) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

07:51:32.0576 4220 TOSHIBA Bluetooth Service - ok

07:51:32.0636 4220 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe

07:51:32.0736 4220 TOSHIBA eco Utility Service - ok

07:51:33.0036 4220 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

07:51:33.0126 4220 TOSHIBA HDD SSD Alert Service - ok

07:51:33.0266 4220 Tosrfcom - ok

07:51:33.0326 4220 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys

07:51:33.0356 4220 tosrfec - ok

07:51:33.0386 4220 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys

07:51:33.0426 4220 Tosrfusb - ok

07:51:33.0598 4220 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

07:51:33.0658 4220 tos_sps64 - ok

07:51:33.0738 4220 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

07:51:33.0848 4220 TPCHSrv - ok

07:51:33.0988 4220 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

07:51:34.0111 4220 TrkWks - ok

07:51:34.0170 4220 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

07:51:34.0260 4220 TrustedInstaller - ok

07:51:34.0308 4220 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

07:51:34.0382 4220 tssecsrv - ok

07:51:34.0422 4220 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

07:51:34.0472 4220 TsUsbFlt - ok

07:51:34.0492 4220 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

07:51:34.0542 4220 TsUsbGD - ok

07:51:34.0612 4220 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

07:51:34.0682 4220 tunnel - ok

07:51:34.0742 4220 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

07:51:34.0772 4220 TVALZ - ok

07:51:34.0832 4220 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

07:51:34.0862 4220 TVALZFL - ok

07:51:34.0882 4220 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

07:51:34.0912 4220 uagp35 - ok

07:51:35.0292 4220 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

07:51:35.0372 4220 udfs - ok

07:51:35.0412 4220 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

07:51:35.0452 4220 UI0Detect - ok

07:51:35.0472 4220 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

07:51:35.0502 4220 uliagpkx - ok

07:51:35.0562 4220 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

07:51:35.0612 4220 umbus - ok

07:51:35.0632 4220 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

07:51:35.0672 4220 UmPass - ok

07:51:36.0236 4220 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

07:51:36.0616 4220 UNS - ok

07:51:36.0786 4220 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

07:51:36.0876 4220 upnphost - ok

07:51:36.0936 4220 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

07:51:36.0986 4220 usbccgp - ok

07:51:37.0036 4220 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

07:51:37.0076 4220 usbcir - ok

07:51:37.0116 4220 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

07:51:37.0166 4220 usbehci - ok

07:51:37.0216 4220 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

07:51:37.0296 4220 usbhub - ok

07:51:37.0332 4220 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

07:51:37.0398 4220 usbohci - ok

07:51:37.0448 4220 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

07:51:37.0571 4220 usbprint - ok

07:51:37.0662 4220 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

07:51:37.0702 4220 usbscan - ok

07:51:37.0739 4220 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

07:51:37.0814 4220 USBSTOR - ok

07:51:37.0844 4220 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

07:51:37.0894 4220 usbuhci - ok

07:51:37.0996 4220 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

07:51:38.0048 4220 usbvideo - ok

07:51:38.0098 4220 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

07:51:38.0208 4220 UxSms - ok

07:51:38.0260 4220 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

07:51:38.0300 4220 VaultSvc - ok

07:51:38.0330 4220 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

07:51:38.0365 4220 vdrvroot - ok

07:51:38.0452 4220 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

07:51:38.0562 4220 vds - ok

07:51:38.0642 4220 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

07:51:38.0692 4220 vga - ok

07:51:38.0722 4220 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

07:51:38.0782 4220 VgaSave - ok

07:51:38.0844 4220 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

07:51:38.0884 4220 vhdmp - ok

07:51:38.0904 4220 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

07:51:38.0934 4220 viaide - ok

07:51:38.0994 4220 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

07:51:39.0044 4220 volmgr - ok

07:51:39.0134 4220 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

07:51:39.0174 4220 volmgrx - ok

07:51:39.0214 4220 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys

07:51:39.0254 4220 volsnap - ok

07:51:39.0304 4220 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

07:51:39.0334 4220 vsmraid - ok

07:51:39.0486 4220 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

07:51:39.0690 4220 VSS - ok

07:51:39.0854 4220 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

07:51:39.0884 4220 vwifibus - ok

07:51:39.0966 4220 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

07:51:40.0016 4220 vwififlt - ok

07:51:40.0068 4220 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

07:51:40.0140 4220 vwifimp - ok

07:51:40.0180 4220 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

07:51:40.0290 4220 W32Time - ok

07:51:40.0340 4220 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

07:51:40.0380 4220 WacomPen - ok

07:51:40.0420 4220 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

07:51:40.0528 4220 WANARP - ok

07:51:40.0562 4220 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

07:51:40.0674 4220 Wanarpv6 - ok

07:51:40.0993 4220 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

07:51:41.0502 4220 WatAdminSvc - ok

07:51:41.0624 4220 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

07:51:41.0839 4220 wbengine - ok

07:51:41.0979 4220 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

07:51:42.0058 4220 WbioSrvc - ok

07:51:42.0102 4220 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

07:51:42.0205 4220 wcncsvc - ok

07:51:42.0246 4220 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

07:51:42.0369 4220 WcsPlugInService - ok

07:51:42.0428 4220 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

07:51:42.0465 4220 Wd - ok

07:51:42.0499 4220 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

07:51:42.0551 4220 Wdf01000 - ok

07:51:42.0578 4220 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

07:51:42.0822 4220 WdiServiceHost - ok

07:51:42.0827 4220 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

07:51:42.0891 4220 WdiSystemHost - ok

07:51:42.0942 4220 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

07:51:43.0018 4220 WebClient - ok

07:51:43.0078 4220 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

07:51:43.0197 4220 Wecsvc - ok

07:51:43.0254 4220 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

07:51:43.0371 4220 wercplsupport - ok

07:51:43.0409 4220 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

07:51:43.0552 4220 WerSvc - ok

07:51:43.0646 4220 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

07:51:43.0734 4220 WfpLwf - ok

07:51:43.0763 4220 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

07:51:43.0796 4220 WIMMount - ok

07:51:43.0832 4220 WinDefend - ok

07:51:43.0843 4220 WinHttpAutoProxySvc - ok

07:51:43.0922 4220 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

07:51:44.0020 4220 Winmgmt - ok

07:51:44.0172 4220 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

07:51:44.0337 4220 WinRM - ok

07:51:44.0516 4220 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

07:51:44.0576 4220 WinUsb - ok

07:51:44.0646 4220 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

07:51:44.0764 4220 Wlansvc - ok

07:51:45.0061 4220 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

07:51:45.0142 4220 wlcrasvc - ok

07:51:45.0514 4220 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

07:51:45.0827 4220 wlidsvc - ok

07:51:46.0011 4220 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

07:51:46.0061 4220 WmiAcpi - ok

07:51:46.0209 4220 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

07:51:46.0293 4220 wmiApSrv - ok

07:51:46.0373 4220 WMPNetworkSvc - ok

07:51:46.0403 4220 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

07:51:46.0505 4220 WPCSvc - ok

07:51:46.0535 4220 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

07:51:46.0601 4220 WPDBusEnum - ok

07:51:46.0656 4220 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

07:51:46.0749 4220 ws2ifsl - ok

07:51:46.0831 4220 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll

07:51:46.0937 4220 wscsvc - ok

07:51:46.0956 4220 WSearch - ok

07:51:47.0632 4220 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll

07:51:47.0907 4220 wuauserv - ok

07:51:48.0121 4220 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

07:51:48.0262 4220 WudfPf - ok

07:51:48.0332 4220 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

07:51:48.0402 4220 WUDFRd - ok

07:51:48.0462 4220 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

07:51:48.0532 4220 wudfsvc - ok

07:51:48.0592 4220 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

07:51:48.0652 4220 WwanSvc - ok

07:51:48.0692 4220 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0

07:51:48.0852 4220 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

07:51:48.0852 4220 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

07:51:48.0952 4220 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

07:51:48.0952 4220 \Device\Harddisk0\DR0 - detected TDSS File System (1)

07:51:48.0952 4220 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR2

07:51:49.0102 4220 \Device\Harddisk1\DR2 - ok

07:51:49.0132 4220 Boot (0x1200) (05311a8a1d22d04f7e35a969646876c4) \Device\Harddisk0\DR0\Partition0

07:51:49.0132 4220 \Device\Harddisk0\DR0\Partition0 - ok

07:51:49.0132 4220 Boot (0x1200) (04b4ded3a84e7a136c9d1550213f7f64) \Device\Harddisk1\DR2\Partition0

07:51:49.0132 4220 \Device\Harddisk1\DR2\Partition0 - ok

07:51:49.0132 4220 ============================================================

07:51:49.0132 4220 Scan finished

07:51:49.0132 4220 ============================================================

07:51:49.0152 5996 Detected object count: 3

07:51:49.0152 5996 Actual detected object count: 3

07:52:52.0695 5996 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

07:52:52.0695 5996 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:52:54.0264 5996 \Device\Harddisk0\DR0\# - copied to quarantine

07:52:54.0296 5996 \Device\Harddisk0\DR0 - copied to quarantine

07:52:54.0422 5996 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

07:52:54.0468 5996 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

07:52:54.0508 5996 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

07:52:57.0383 5996 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

07:52:57.0474 5996 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

07:52:57.0480 5996 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

07:52:57.0488 5996 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

07:52:58.0183 5996 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

07:52:58.0266 5996 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

07:52:58.0339 5996 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

07:52:58.0454 5996 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine

07:52:59.0169 5996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

07:52:59.0171 5996 \Device\Harddisk0\DR0 - ok

07:52:59.0339 5996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

07:52:59.0340 5996 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

07:52:59.0340 5996 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

07:53:06.0480 6160 Deinitialize success

Link to post
Share on other sites

Run TDSSKiller again and delete these two:

07:52:59.0340 5996 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

07:52:59.0340 5996 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

--------------------------------

Then.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Here is the Combofix Log.

ComboFix 12-06-28.03 - Steve Petruso 06/29/2012 8:26.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4560 [GMT -4:00]

Running from: c:\users\Steve Petruso\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\HeadlineAlley_29EI

c:\program files (x86)\HeadlineAlley_29EI\Installr\1.bin\29EIPlug.dll

c:\program files (x86)\HeadlineAlley_29EI\Installr\1.bin\29EZSETP.dll

c:\program files (x86)\HeadlineAlley_29EI\Installr\1.bin\NP29EISb.dll

c:\program files (x86)\TelevisionFanaticEI

c:\users\Steve Petruso\AppData\Local\Temp\{08EADE67-90D8-43CB-9AB1-8FFCFB2D5D8D}\fpb.tmp

c:\users\STEVEP~1\AppData\Local\Temp\{08EADE67-90D8-43CB-9AB1-8FFCFB2D5D8D}\fpb.tmp

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))

.

.

2012-06-29 12:33 . 2012-06-29 12:33 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B0D5081-52FF-4F17-A8A8-B7729E50DF5C}\offreg.dll

2012-06-29 12:32 . 2012-06-29 12:32 -------- d-----w- c:\users\Lisa Petruso\AppData\Local\temp

2012-06-29 11:48 . 2012-06-29 12:07 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-29 11:29 . 2012-06-29 11:29 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF53563A-6A52-4093-B400-DBBCB93BCD1F}\gapaengine.dll

2012-06-29 11:29 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B0D5081-52FF-4F17-A8A8-B7729E50DF5C}\mpengine.dll

2012-06-28 16:24 . 2012-06-28 16:24 -------- d-----w- C:\325e4e255b7acab05e1d64

2012-06-28 15:22 . 2012-06-29 11:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-06-28 15:21 . 2012-06-29 11:29 -------- d-----w- c:\program files\Microsoft Security Client

2012-06-25 11:52 . 2012-06-25 11:52 -------- d-----w- C:\rsit

2012-06-25 11:52 . 2012-06-25 11:52 -------- d-----w- c:\program files\trend micro

2012-06-25 01:48 . 2012-06-25 01:48 -------- d-----w- c:\program files\CCleaner

2012-06-24 23:21 . 2012-06-24 23:21 -------- d-----w- c:\program files (x86)\Trend Micro

2012-06-24 20:32 . 2012-06-24 20:32 -------- d-----w- c:\users\Steve Petruso\AppData\Roaming\Malwarebytes

2012-06-24 20:32 . 2012-06-24 20:32 -------- d-----w- c:\programdata\Malwarebytes

2012-06-24 20:32 . 2012-06-24 20:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-24 20:32 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-24 20:30 . 2012-06-25 01:53 -------- d-----w- c:\program files (x86)\1ClickDownload

2012-06-24 20:22 . 2012-06-24 20:22 -------- d-----w- c:\programdata\Conexant

2012-06-24 20:22 . 2012-06-24 20:22 -------- d-----w- c:\users\Steve Petruso\AppData\Local\Conexant

2012-06-24 20:21 . 2011-12-06 23:54 161736 ----a-w- c:\program files (x86)\64res.dll

2012-06-24 19:47 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-24 19:47 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-23 10:43 . 2012-06-23 10:43 -------- d-----w- c:\users\Steve Petruso\AppData\Roaming\PCCUStubInstaller

2012-06-22 10:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 10:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 10:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 10:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 10:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-22 10:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 10:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 10:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 10:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-14 10:34 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-24 19:13 . 2012-04-12 20:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-24 19:13 . 2011-08-01 07:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-24 39408]

"CarMD"="c:\program files (x86)\CarMD\CarMD.exe" [2010-04-07 796672]

"Facebook Update"="c:\users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-28 137536]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17345712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]

R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-05-16 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120628.001\IDSvia64.sys [2012-06-18 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-02-15 135608]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:13]

.

2012-06-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000Core.job

- c:\users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 22:52]

.

2012-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000UA.job

- c:\users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 22:52]

.

2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 06:05]

.

2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 06:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-30 562304]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://mail.google.com/mail/?shva=1#inbox

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;localhost

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

SafeBoot-48583638.sys

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-06-29 08:39:25 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-29 12:39

.

Pre-Run: 573,881,212,928 bytes free

Post-Run: 573,931,208,704 bytes free

.

- - End Of File - - 6F340CEB07906E954FEDE69CCAD703C3

Link to post
Share on other sites

I ran MBAM quick scan and it didn't find anything and the random ad isn't playing as of now. Here is the log from MBAM.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.29.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Steve Petruso :: STEVEPETRUSO-PC [administrator]

6/29/2012 8:52:00 AM

mbam-log-2012-06-29 (08-52-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 253641

Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

If this works thanks so much for your help I definitely couldn't have figured all this out without you.

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.